j4s0nh4ck
- 浏览: 278669 次
-
文章分类
- 全部博客 (276)
- burp+hydra暴力破解 (1)
- kali linux工具集 (6)
- kali (59)
- linux (54)
- password (14)
- web (63)
- 渗透测试 (50)
- windows (40)
- metasploit (9)
- 信息收集 (32)
- burp suit (4)
- 安全审计 (9)
- https://github.com/secretsquirrel/the-backdoor-factory (0)
- nmap (4)
- arachni (2)
- 工具 (5)
- sql (3)
- 网络 (2)
- 后渗透测试 (10)
- 内网 (5)
- 无线 (2)
- C (3)
- bios (1)
- RoR (12)
- mongodb (1)
- linxu (1)
- gdb (1)
- linux,虚拟化 (1)
- python (4)
最新评论
原文地址:
http://www.fuzzysecurity.com/tutorials/16.html
1. 信息收集
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
hostname
echo %username%
net users
net user username
ipconfig /all
route print
arp -A
netstat -ano
netsh firewall show state
netsh firewall show config
# This will display verbose output for all scheduled tasks, below you can see sample output for a single task.
schtasks /query /fo LIST /v
# The following command links running processes to started services.
C:\Windows\system32> tasklist /SVC
net start
# This can be useful sometimes as some 3rd party drivers, even by reputable companies, contain more holes than Swiss cheese. This is only possible because ring0 exploitation lies outside most peoples expertise.
C:\Windows\system32> DRIVERQUERY
2. WMIC
3. configuration file
4. GPP
https://www.rapid7.com/db/modules/post/windows/gather/credentials/gpp
https://github.com/mattifestation/PowerSploit
5. strange registry setting
The next thing we will look for is a strange registry setting "AlwaysInstallElevated", if this setting is enabled it allows users of any privilege level to install *.msi files as NT AUTHORITY\SYSTEM. It seems like a strange idea to me that you would create low privilege users (to restrict their use of the OS) but give them the ability to install programs as SYSTEM. For more background reading on this issue you can have a look here at an article by Parvez from GreyHatHacker who originally reported this as a security concern.
6. service and accesschk.exe
7. files/folder permission
http://www.fuzzysecurity.com/tutorials/16.html
1. 信息收集
引用
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
hostname
echo %username%
net users
net user username
ipconfig /all
route print
arp -A
netstat -ano
netsh firewall show state
netsh firewall show config
# This will display verbose output for all scheduled tasks, below you can see sample output for a single task.
schtasks /query /fo LIST /v
# The following command links running processes to started services.
C:\Windows\system32> tasklist /SVC
net start
# This can be useful sometimes as some 3rd party drivers, even by reputable companies, contain more holes than Swiss cheese. This is only possible because ring0 exploitation lies outside most peoples expertise.
C:\Windows\system32> DRIVERQUERY
2. WMIC
引用
The first and most obvious thing we need to look at is the patchlevel. There is no need to worry ourself further if we see that the host is badly patched. My WMIC script will already list all the installed patches but you can see the sample command line output below.
C:\Windows\system32> wmic qfe get Caption,Description,HotFixID,InstalledOn
C:\Windows\system32> wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB.." /C:"KB.."
C:\Windows\system32> wmic qfe get Caption,Description,HotFixID,InstalledOn
C:\Windows\system32> wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB.." /C:"KB.."
3. configuration file
引用
c:\sysprep.inf
c:\sysprep\sysprep.xml
%WINDIR%\Panther\Unattend\Unattended.xml
%WINDIR%\Panther\Unattended.xml
c:\sysprep\sysprep.xml
%WINDIR%\Panther\Unattend\Unattended.xml
%WINDIR%\Panther\Unattended.xml
4. GPP
https://www.rapid7.com/db/modules/post/windows/gather/credentials/gpp
https://github.com/mattifestation/PowerSploit
5. strange registry setting
The next thing we will look for is a strange registry setting "AlwaysInstallElevated", if this setting is enabled it allows users of any privilege level to install *.msi files as NT AUTHORITY\SYSTEM. It seems like a strange idea to me that you would create low privilege users (to restrict their use of the OS) but give them the ability to install programs as SYSTEM. For more background reading on this issue you can have a look here at an article by Parvez from GreyHatHacker who originally reported this as a security concern.
6. service and accesschk.exe
7. files/folder permission
分享到:
发表评论
-
[图] windows 10
2015-08-18 20:37 284网上下载的图片,忘了来源 -
windows提权集合
2015-06-30 00:23 541https://blog.netspi.com/5-ways- ... -
[转]Access to every PC and become local Admin
2015-06-29 21:50 509原文地址:http://www.gosecure.it/blo ... -
[转]Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network
2015-06-29 21:46 1476原文地址:https://www.trustwave.com/ ... -
[转]如何获得window管理员权限
2015-06-29 21:21 448引用A tutorial on how to get into ... -
[转]malware persistence
2015-05-06 23:46 384原文地址:http://jumpespjump.blogspo ... -
[转]backdoor a windows domain
2015-05-06 22:56 473原文地址:http://jumpespjump.blogspo ... -
[译]解密MSSQL密码
2015-03-26 00:43 2821原文地址: https://blog.ne ... -
[转]badsamba
2015-03-20 00:55 301原文地址:http://blog.gdssecurity.co ... -
window增加硬盘性能方法
2015-02-05 01:03 337参考地址:http://way2h.blogspot.com/ ... -
[译]Skeleton Key Malware & Mimikatz
2015-01-28 20:29 771原文地址: http://adsecurity.org/?p= ... -
绕过PowerShell执行策略的15种方法
2015-01-28 02:27 847https://blog.netspi.com/15-ways ... -
[译]Veil-Pillage
2015-01-23 03:09 800原文地址:http://resources.infosecin ... -
[翻译]oledump: Extracting Embedded EXE From DOC
2015-01-04 22:40 915原文地址:http://blog.didierstevens. ... -
[工具]volatility----Windows内存取证
2015-01-04 22:01 1518下载地址:https://github.com/volatil ... -
[译]Windows提权:ahcache.sys/NtApphelpCacheControl
2015-01-03 21:12 1005原文地址:https://code.google.com/p/ ... -
[译]使用Volatility从memory dump获得密码
2014-12-30 12:27 3740原文地址:https://cyberarms.wordpres ... -
vmss2core将VMware镜像转换成memory dump
2014-12-26 23:59 0参考:http://kb.vmware.com/selfser ... -
Windows工具集
2014-12-25 00:54 502参考:https://community.rapid7.com ... -
Kerberos攻击
2014-12-18 01:39 595参考: 1. http://securityweekly.co ...
相关推荐
window提权介绍文档
mysql在window环境下安装步骤
以下为安装步骤: 离线安装说明 1,把下载的windowbuilder.zip,解压出repository.zip,放在任意文件夹,如:F:/temp/repository.zip 2,打开eclipse》》 Install New Software >> Add 》》 3,在Add Repository 中...
实际操练,一步一步记录,绝对仔细,绝对傻瓜式的,只要按照步骤来即可
window解压mysql免安装版配置步骤,简单易学,适合初学mysql。
window下mysql在qt下的安装步骤
Excel窗口_Window对象_基本操作应用示例.pdf
可以给window 软件 以System 权限运行 例如ce 等
window2000添加网上邻居步骤.docx
mysql5.7及window下安装步骤
tuxedo2010在window下安装步骤
window.showModalDialog的基本用法
详细的步骤,一看就懂。从菜鸟变高手的步骤、、
window下部署yapi详细步骤.zip
详细讲述了window下架设svn的步骤.我就是按照这个步骤来做的.
在window必须要安装的软件,具体安装步骤请查看pdf文档,里面详细的讲解了安装的整个步骤和分析
X Window 系統的基本概念
window server安装步骤,傻瓜式安装教程,图片加解释
X Window 程式设计入门--第一章 什么是 X Window X Window 程式设计入门--第二章 X Programming 的第一步 X Window 程式设计入门--第三章 绘图(Graphic) X Window 程式设计入门--第三章 绘图(Graphic) X Window 程...
窗口(Window对象)基本操作应用示例.docx