$Server = "192.168.100.200" $UserName = "DatabaseUserName" $Password = "SecretPassword" $SqlQuery = "Select * FROM TestTable" # Accessing Data Base $SqlConnection = New-Object -TypeName System.Data.SqlClient.Sql
可以生成PowerShell One-Liner,并能够创建Meterpreter Shell,而且还可以绕过AMSI、防火墙、UAC和任意反病毒...
$SqlConnection = New-Object -TypeName System.Data.SqlClient.SqlConnection $SqlConnection.ConnectionString = "Data Source=$Server;Initial Catalog=$Database;user id=$UserName;pwd=$Password" $SqlCmd = New-Object System.Data.SqlClient.SqlCommand $SqlCmd.CommandText = $SqlQuery $SqlCmd.Connection = ...