PowerShell小技巧之获取TCP响应(类Telnet)
通常情况下,为了检测指定的TCP端口是否存活,我们都是通过telnet指定的端口看是否有响应来确定,然而默认情况下win8以后的系统默认是不安装telnet的。设想一下如果你黑进了一个服务器,上面没装telnet,但是为了进一步渗透进内网,需要探测内部服务器特定端口是否打开,同时你还不愿意安装telnet,担心引起管理员注意。那么好吧,在这个情况下你需要我的这个脚本。由于它是原生态的PowerShell语句完成,木有telnet你也照样能检测TCP端口的情况了。
下面首先上代码,后面进行讲解:
=====文件名:Get-TCPResponse.ps1=====
FunctionGet-TCPResponse{
<#Author:fuhj(powershell#live.cn,http://fuhaijun.com)
.SYNOPSIS
TestsTCPportofremoteorlocalsystemandreturnsaresponseheader
ifapplicable
.DESCRIPTION
TestsTCPportofremoteorlocalsystemandreturnsaresponseheader
ifapplicable
Ifserverhasnodefaultresponse,thenResponsepropertywillbeNULL
.PARAMETERComputername
Localorremotesystemtotestconnection
.PARAMETERPort
TCPPorttoconnectto
.PARAMETERTCPTimeout
Timeuntilconnectionshouldabort
.EXAMPLE
Get-TCPResponse-Computernamepop.126.com-Port110
Computername:pop.126.com Port :110 IsOpen :True Response :+OKWelcometocoremailMailPop3Server(126coms[75c606d72bf436dfbce6.....])
Description ----------- Checksport110ofanmailserveranddisplaysheaderresponse. #> [OutputType('Net.TCPResponse')] [cmdletbinding()] Param( [parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)] [Alias('__Server','IPAddress','IP','domain')] [string[]]$Computername=$env:Computername, [int[]]$Port=25, [int]$TCPTimeout=1000 ) Process{ ForEach($Computerin$Computername){ ForEach($_portin$Port){ $stringBuilder=New-ObjectText.StringBuilder $tcpClient=New-ObjectSystem.Net.Sockets.TCPClient $connect=$tcpClient.BeginConnect($Computer,$_port,$null,$null) $wait=$connect.AsyncWaitHandle.WaitOne($TCPtimeout,$false) If(-NOT$wait){ $object=[pscustomobject]@{ Computername=$Computer Port=$_Port IsOpen=$False Response=$Null } }Else{ While($True){ #Letbuffer Start-Sleep-Milliseconds1000 Write-Verbose"Bytesavailable:$($tcpClient.Available)" If([int64]$tcpClient.Available-gt0){ $stream=$TcpClient.GetStream() $bindResponseBuffer=New-ObjectByte[]-ArgumentList$tcpClient.Available [Int]$response=$stream.Read($bindResponseBuffer,0,$bindResponseBuffer.count) $Null=$stringBuilder.Append(($bindResponseBuffer|ForEach{[char][int]$_})-join'') }Else{ Break } } $object=[pscustomobject]@{ Computername=$Computer Port=$_Port IsOpen=$True Response=$stringBuilder.Tostring() } } $object.pstypenames.insert(0,'Net.TCPResponse') Write-Output$object If($Stream){ $stream.Close() $stream.Dispose() } $tcpClient.Close() $tcpClient.Dispose() } } } }