Windows 提权工具推荐

Windows提权工具求推荐,有什么好用的吗?


发现错别字 2个月前 提问
回答
1
浏览
27
请勿发布不友善或者负能量的内容。与人为善,比聪明更重要!
回答数量: 1
CISP-PTE CWASPCSSD CISA CWASPCSSP

工具:

  • Watson - Watson is a (.NET 2.0 compliant) C# implementation of Sherlock
  • (Deprecated) Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities
  • BeRoot - Privilege Escalation Project - Windows / Linux / Mac
  • Windows-Exploit-Suggester
  • windows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
  • Powerless - Windows privilege escalation (enumeration) script designed with OSCP labs (legacy Windows) in mind

Windows版本及配置:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
wmic qfe

Architecture

wmic os get osarchitecture || echo %PROCESSOR_ARCHITECTURE%

List all env variables

set
Get-ChildItem Env: | ft Key,Value

List all drives

wmic logicaldisk get caption || fsutil fsinfo drives
wmic logicaldisk get caption,description,providername
Get-PSDrive | where {$_.Provider -like "Microsoft.PowerShell.Core\FileSystem"}| ft Name,Root

用户枚举

Get current username

echo %USERNAME% || whoami
$env:username

List user privilege

whoami /priv

List all users

net user
net users
whoami /all
Get-LocalUser | ft Name,Enabled,LastLogon
Get-ChildItem C:\Users -Force | select Name

List logon requirements; useable for bruteforcing

net accounts

Get details about a user (i.e. administrator, admin, current user)

net user administrator
net user admin
net user %USERNAME%

List all local groups

net localgroup
Get-LocalGroup | ft Name

Get details about a group (i.e. administrators)

net localgroup administrators
Get-LocalGroupMember Administrators | ft Name, PrincipalSource
Get-LocalGroupMember Administrateurs | ft Name, PrincipalSource

网络枚举

List all network interfaces, IP, and DNS.

ipconfig /all
Get-NetIPConfiguration | ft InterfaceAlias,InterfaceDescription,IPv4Address
Get-DnsClientServerAddress -AddressFamily IPv4 | ft

List current routing table

route print
Get-NetRoute -AddressFamily IPv4 | ft DestinationPrefix,NextHop,RouteMetric,ifIndex

List the ARP table

arp -A
Get-NetNeighbor -AddressFamily IPv4 | ft ifIndex,IPAddress,LinkLayerAddress,State

List all current connections

netstat -ano

List firware state and current configuration

netsh advfirewall firewall dump

List all network shares

net share

SNMP Configuration

reg query HKLM\SYSTEM\CurrentControlSet\Services\SNMP /s
Get-ChildItem -path HKLM:\SYSTEM\CurrentControlSet\Services\SNMP -Recurse
2个月前 / 评论