原文地址:[url]http://blog.gdssecurity.com/labs/2015/1/26/badsamba-exploiting-windows-startup-scripts-using-a-maliciou.html[/url]
本文中心思想是:
前提条件:
1. window启动时以Local System account权限运行启动脚本
[quote]
“Startup scripts are run under the Local System account, and they have the full rights that are associated with being able to run under the Local System account.”
[/quote]
2. 启动脚本存放在远端samba服务器上
[img]http://dl2.iteye.com/upload/attachment/0106/8202/201a3998-c60e-367b-bf97-52788c4933c1.jpg[/img]
3. 我们可以伪装成samba服务器,无论client请求什么文件,我们都可以把恶意启动脚本发送给client
本文中心思想是:
前提条件:
1. window启动时以Local System account权限运行启动脚本
[quote]
“Startup scripts are run under the Local System account, and they have the full rights that are associated with being able to run under the Local System account.”
[/quote]
2. 启动脚本存放在远端samba服务器上
[img]http://dl2.iteye.com/upload/attachment/0106/8202/201a3998-c60e-367b-bf97-52788c4933c1.jpg[/img]
3. 我们可以伪装成samba服务器,无论client请求什么文件,我们都可以把恶意启动脚本发送给client