让你的权限提升!
查看( 133 ) /
评论( 4 )
现一网友让我帮他杀毒……
病毒修改了大量注册表权限,在对注册表搜索时有关病毒的什么也找不到(权限设为EveryOne拒绝读取,只有SYSTEM具有)
只有几处明显的如注册表里“映像劫持”和“服务”的权限我手动改后可以访问。
但还有几处我死活找不到……
如同大海捞针……
病毒已杀掉,只剩注册表残留信息,病毒系统服务,病毒驱动……就是不断报错,弹出找不到文件的对话框,但注册表里我啥也找不到。
如何可以突破注册表权限,让我搜索、访问被设为拒绝读取注册表项
我好记得有一个run in system的软件,可以让程序在SYSTEM权限下运行。
能否让注册表编辑器在SYSTEM权限下运行
网上有很多执行代码……要知道,我还不会编程……不懂
还有什么RunAsSys简直就是骗人,骗流量的垃圾,完全不管用……
运行runassys
QQ截图未命名.jpg
通过RunAsSys运行注册表编辑器
QQ截图未命名2.jpg
明明还是管理员权限吗!
后来我发现了这个
PsExec 可以让你在不同权限下运行各种程序
你可以在启动项里适当修改,让杀毒,360以SYSTEM权限运行
也可以运行注册表编辑器突破注册表权限设置
只要在CMD中 输入
PsExec.exe /i /d /s "程序路径"(如果有空格包括引号)
或建立 PsExec的快捷方式,后缀为-i -d -s(注意空格) “程序路径”
就可以让程序以SYSTEM权限运行
通过PsExec运行注册表编辑器
QQ截图未命名3.jpg
regedit.exe已经提升到SYSTEM权限了
以下是PsExec的相关说明
PsExec 可在 Windows Vista、NT 4.0、Win2K、Windows XP 和 Server 2003(包括 64 位版本的 Windows)上运行。
PsExec v1.94 - Execute processes remotely
Copyright (C) 2001-2008 Mark Russinovich
Sysinternals - www.sysinternals.com
PsExec executes a program on a remote system, where remotely executed console
applications execute interactively.
Usage: psexec [\\computer[,computer2[,...] | @file][-u user [-p psswd]][-n s][-l
][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,...
] cmd [arguments]
-a Separate processors on which the application can run with
commas where 1 is the lowest numbered CPU. For example,
to run the application on CPU 2 and CPU 4, enter:
"-a 2,4"
-c Copy the specified program to the remote system for
execution. If you omit this option the application
must be in the system path on the remote system.
-d Don't wait for process to terminate (non-interactive).
-e Does not load the specified account's profile.
-f Copy the specified program even if the file already
exists on the remote system.
-i Run the program so that it interacts with the desktop of the
specified session on the remote system. If no session is
specified the process runs in the console session.
-l Run process as limited user (strips the Administrators group
and allows only privileges assigned to the Users group).
On Windows Vista the process runs with Low Integrity.
-n Specifies timeout in seconds connecting to remote computers.
-p Specifies optional password for user name. If you omit this
you will be prompted to enter a hidden password.
-s Run the remote process in the System account.
-u Specifies optional user name for login to remote
computer.
-v Copy the specified file only if it has a higher version number
or is newer on than the one on the remote system.
-w Set the working directory of the process (relative to
remote computer).
-x Display the UI on the Winlogon secure desktop (local system
only).
-priority Specifies -low, -belownormal, -abovenormal, -high or
-realtime to run the process at a different priority. Use
-background to run at low memory and I/O priority on Vista.
computer Direct PsExec to run the application on the remote
computer or computers specified. If you omit the computer
name PsExec runs the application on the local system,
and if you specify a wildcard (\\*), PsExec runs the
command on all computers in the current domain.
@file PsExec will execute the command on each of the computers listed
in the file.
program Name of application to execute.
arguments Arguments to pass (note that file paths must be
absolute paths on the target system).
You can enclose applications that have spaces in their name with
quotation marks e.g. psexec \\marklap "c:\long name app.exe".
Input is only passed to the remote system when you press the enter
key, and typing Ctrl-C terminates the remote process.
If you omit a user name the process will run in the context of your
account on the remote system, but will not have access to network
resources (because it is impersonating). Specify a valid user name
in the Domain\User syntax if the remote process requires access
to network resources or to run in a different account. Note that
the password is transmitted in clear text to the remote system.
Error codes returned by PsExec are specific to the applications you
execute, not PsExec.
[ 本帖最后由 Hitman-47 于 2008-7-23 23:10 编辑 ]
病毒修改了大量注册表权限,在对注册表搜索时有关病毒的什么也找不到(权限设为EveryOne拒绝读取,只有SYSTEM具有)
只有几处明显的如注册表里“映像劫持”和“服务”的权限我手动改后可以访问。
但还有几处我死活找不到……
如同大海捞针……
病毒已杀掉,只剩注册表残留信息,病毒系统服务,病毒驱动……就是不断报错,弹出找不到文件的对话框,但注册表里我啥也找不到。
如何可以突破注册表权限,让我搜索、访问被设为拒绝读取注册表项
我好记得有一个run in system的软件,可以让程序在SYSTEM权限下运行。
能否让注册表编辑器在SYSTEM权限下运行
网上有很多执行代码……要知道,我还不会编程……不懂
还有什么RunAsSys简直就是骗人,骗流量的垃圾,完全不管用……
RunAsSys0_0_0_1.rar
(2008-07-23 23:04:19, Size: 2.52 KB, Downloads: 0)
运行runassys
QQ截图未命名.jpg
通过RunAsSys运行注册表编辑器
QQ截图未命名2.jpg
明明还是管理员权限吗!
后来我发现了这个
psexec.rar
(2008-07-23 22:36:14, Size: 73.4 KB, Downloads: 0)
PsExec 可以让你在不同权限下运行各种程序
你可以在启动项里适当修改,让杀毒,360以SYSTEM权限运行
也可以运行注册表编辑器突破注册表权限设置
只要在CMD中 输入
PsExec.exe /i /d /s "程序路径"(如果有空格包括引号)
或建立 PsExec的快捷方式,后缀为-i -d -s(注意空格) “程序路径”
就可以让程序以SYSTEM权限运行
通过PsExec运行注册表编辑器
QQ截图未命名3.jpg
regedit.exe已经提升到SYSTEM权限了
以下是PsExec的相关说明
PsExec 可在 Windows Vista、NT 4.0、Win2K、Windows XP 和 Server 2003(包括 64 位版本的 Windows)上运行。
PsExec v1.94 - Execute processes remotely
Copyright (C) 2001-2008 Mark Russinovich
Sysinternals - www.sysinternals.com
PsExec executes a program on a remote system, where remotely executed console
applications execute interactively.
Usage: psexec [\\computer[,computer2[,...] | @file][-u user [-p psswd]][-n s][-l
][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,...
] cmd [arguments]
-a Separate processors on which the application can run with
commas where 1 is the lowest numbered CPU. For example,
to run the application on CPU 2 and CPU 4, enter:
"-a 2,4"
-c Copy the specified program to the remote system for
execution. If you omit this option the application
must be in the system path on the remote system.
-d Don't wait for process to terminate (non-interactive).
-e Does not load the specified account's profile.
-f Copy the specified program even if the file already
exists on the remote system.
-i Run the program so that it interacts with the desktop of the
specified session on the remote system. If no session is
specified the process runs in the console session.
-l Run process as limited user (strips the Administrators group
and allows only privileges assigned to the Users group).
On Windows Vista the process runs with Low Integrity.
-n Specifies timeout in seconds connecting to remote computers.
-p Specifies optional password for user name. If you omit this
you will be prompted to enter a hidden password.
-s Run the remote process in the System account.
-u Specifies optional user name for login to remote
computer.
-v Copy the specified file only if it has a higher version number
or is newer on than the one on the remote system.
-w Set the working directory of the process (relative to
remote computer).
-x Display the UI on the Winlogon secure desktop (local system
only).
-priority Specifies -low, -belownormal, -abovenormal, -high or
-realtime to run the process at a different priority. Use
-background to run at low memory and I/O priority on Vista.
computer Direct PsExec to run the application on the remote
computer or computers specified. If you omit the computer
name PsExec runs the application on the local system,
and if you specify a wildcard (\\*), PsExec runs the
command on all computers in the current domain.
@file PsExec will execute the command on each of the computers listed
in the file.
program Name of application to execute.
arguments Arguments to pass (note that file paths must be
absolute paths on the target system).
You can enclose applications that have spaces in their name with
quotation marks e.g. psexec \\marklap "c:\long name app.exe".
Input is only passed to the remote system when you press the enter
key, and typing Ctrl-C terminates the remote process.
If you omit a user name the process will run in the context of your
account on the remote system, but will not have access to network
resources (because it is impersonating). Specify a valid user name
in the Domain\User syntax if the remote process requires access
to network resources or to run in a different account. Note that
the password is transmitted in clear text to the remote system.
Error codes returned by PsExec are specific to the applications you
execute, not PsExec.
[ 本帖最后由 Hitman-47 于 2008-7-23 23:10 编辑 ]
TAG:
-
葡萄树
发布于2008-07-23 22:53:56
-
技术含量好高。绝度顶起。。。
-
Hitman-47
发布于2008-07-23 23:11:25
-
回复 2楼 的帖子
刺激我?
-
Hitman-47
发布于2008-07-23 23:19:04
-
中文释义
computer:指示 PsExec 在指定的一台或多台计算机上运行应用程序。如果省略计算机名称,则 PsExec 将在本地系统上运行应用程序;如果输入计算机名称“\\*”,则 PsExec 将在当前域中的所有计算机上运行应用程序。
@file:指示 PsExec 在指定的文本文件中列出的每台计算机上运行命令。
-a:用逗号分隔可以运行应用程序的处理器,CPU 编号最小为 1。例如,要在 CPU 2 和 CPU 4 上运行应用程序,请输入:“-a 2,4”
-c:将指定的程序复制到远程系统以便执行。如果省略此选项,则应用程序必须位于远程系统上的系统路径中。
-d:不等待应用程序终止。请只对非交互式应用程序使用此选项。
-e:不加载指定帐户的配置文件。
-f:将指定的程序复制到远程系统,即使远程系统中已存在该文件。
-i:运行程序,以便它与远程系统中指定会话的桌面进行交互。如果未指定会话,则进程将在控制台会话中运行。
-l:以受限用户身份(去除 Administrators 组的权限,并且只允许使用分配给 Users 组的权限)运行进程。在 Windows Vista 上,此进程将以“低完整性”运行。
-n:指定与远程计算机连接的超时(秒)。
-p:指定用户名的密码(可选)。如果省略此选项,系统将提示您输入隐藏密码。
-s:在系统帐户中运行远程进程。
-u:指定用于登录远程计算机的可选用户名。
-v:仅在指定文件具有更高版本号或该文件比远程系统上的文件新时复制该文件。
-w:设置进程的工作目录(相对于远程计算机)。
-x:在 Winlogon 桌面上显示 UI(仅限于本地系统)。
-priority:指定 –low、-belownormal、-abovenormal、-high 或 -realtime 按不同优先级运行进程。
program:要执行的程序的名称。
arguments:要传递的参数(请注意,文件路径必须是目标系统中的绝对路径)
-
llm1912发布于2008-07-23 23:19:59
-
很复杂的文章~
