【笔记】权限提升
前言
基于WebShell的权限提升(提权)学习笔记
提权的类型
- 水平权限提升
同级用户身份切换
- 垂直权限提升
普通用户提升为管理员权限
Windows提权
WebShell
- 找补丁
WindowsServer2003
1 | systeminfo > C:\Windows\Temp\info.txt & (for %i in (KB3057191 KB2840221 KB3000061 KB2850851 KB2711167 KB2360937 KB2478960 KB2507938 KB2566454 KB2646524 KB2645640 KB2641653 KB944653 KB952004 KB971657 KB2620712 KB2393802 KB942831 KB2503665 KB2592799 KB956572 KB977165 KB2621440) do @type C:\Windows\Temp\info.txt | @find /i "%i" || @echo %i Not Installed!) & del /f /q /a C:\Windows\Temp\info.txt |
WindowsServer2003以上
1 | systeminto > C:\Windows\lemp\info.txt & (for %i in (KB3124280 KB3143141 KB3134228 KB3079904 KB3077657 KB3124280 KB3045171 KB2829361 KB3000061 KB2850851 KB2707511 KB970483 KB2124261 KB2271195 KB3031432) do @type C:\Windows\Temp\info.txt | @find /i "%i" || @echo %i Not Installed!) &del /f /q /a C:\Windows\Temp\info.txt |
- 找漏洞
| 补丁名称 | 漏洞名称 | 备注 |
|---|---|---|
| KB2360937 | MS10-084 | |
| KB2478960 | MS11-014 | |
| KB2507938 | MS11-056 | |
| KB2566454 | MS11-062 | |
| KB2646524 | MS12-003 | |
| KB2645640 | MS12-009 | |
| KB2641653 | MS12-018 | |
| KB944653 | MS07-067 | |
| KB952004 | MS09-012 | PR |
| KB971657 | MS09-041 | |
| KB2620712 | MS11-097 | |
| KB2393802 | MS11-011 | |
| KB942831 | MS08-005 | |
| KB2503665 | MS11-046 | |
| KB2592799 | MS11-080 | |
| KB956572 | MS09-012 | 巴西烤肉 |
| KB2621440 | MS12-020 | |
| KB977165 | MS10-015 | Ms Viru |
| KB4013081 | MS17-017 | |
| KB3139914 | MS16-032 | |
| KB3124280 | MS16-016 | |
| KB3134228 | MS16-014 | |
| KB3079904 | MS15-097 | |
| KB3077657 | MS15-077 | |
| KB3045171 | MS15-051 | |
| KB3000061 | MS14-058 | |
| KB2829361 | MS13-046 | |
| KB2850851 | MS13-053 | EPATHOBJ 0day 限32位 |
| KB2707511 | MS12-042 | sysret -pid |
| KB2124261 KB2271195 | MS10-065 | IIS7 |
| KB3198234 | MS16-135 | |
| KB970483 | MS09-020 | IIS6 |
| KB3031432 | MS15-015 |
- 找漏洞利用程序(EXP)