Comments (6)
Use-COM-objects-to-bypass-UAC这个方法
from feedback.
https://3gstudent.github.io/3gstudent.github.io/Use-CLR-to-bypass-UAC/
这个?
from feedback.
我测试的是https://3gstudent.github.io/3gstudent.github.io/%E9%80%9A%E8%BF%87COM%E7%BB%84%E4%BB%B6IARPUninstallStringLauncher%E7%BB%95%E8%BF%87UAC/
这个文章里提到的带参数的方法
最后查看了UACME,https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1
这个方法测试还可以用
https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1
from feedback.
文章中0x02介绍的方法(https://github.com/3gstudent/Use-COM-objects-to-bypass-UAC/blob/master/IARPUninstallStringLauncher.cpp),你测试有问题吗?
from feedback.
嗯,在我这个版本的系统上测试,目前的问题主要是Invoke-ReflectivePEInjection.ps1报错,红红的几屏就没去管,然后explife的方法我没去测试,他的github貌似打不开了,有没有新地址?
Invoke-ReflectivePEInjection.ps1的部分报错如下:
使用“1”个参数调用“GetMethod”时发生异常:“发现不明确的匹配。”
所在位置 C:\Users\XXX\Desktop\Invoke-ReflectivePEInjection.ps1:1003 字符: 6
-
$GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddr ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : AmbiguousMatchException
不能对 Null 值表达式调用方法。
所在位置 C:\Users\XXX\Desktop\Invoke-ReflectivePEInjection.ps1:1010 字符: 6
-
Write-Output $GetProcAddress.Invoke($null, @([System.Runtime. ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [],RuntimeException
- FullyQualifiedErrorId : InvokeMethodOnNull
from feedback.
先测试这个:
https://github.com/3gstudent/Use-COM-objects-to-bypass-UAC/blob/master/IARPUninstallStringLauncher.cpp
能不能绕过UAC?
Invoke-ReflectivePEInjection.ps1报错,是脚本的问题,不是说这个方法不能用
这个脚本需要修改一些地方,等有空的时候详细说一下
from feedback.
Related Issues (20)
- 根据利用Masterkey离线导出Chrome浏览器中保存的密码出现问题 HOT 8
- 有用,感谢!!!!!!!!
- winrm复用https(443)端口,怎么操作? HOT 1
- 大佬,xpn的addsecuritypackage_rawrpc那一个头文件,两个c文件是怎么编译的 HOT 3
- 命令行下安装Microsoft .NET Framework
- https://3gstudent.github.io/Pupy%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90-Windows%E5%B9%B3%E5%8F%B0%E4%B8%8B%E7%9A%84%E5%8A%9F%E8%83%BD/ HOT 1
- question HOT 2
- Windows Token九种权限的利用 HOT 1
- 关于 [2018-3-15-渗透技巧——获得Windows系统的远程桌面连接历史记录] 的一点细节问题 HOT 1
- 3gstudent yyds HOT 2
- 请教一下师傅关于vSphere开发指南5——LDAP的问题 HOT 2
- proxyshell调用本地powershell的问题 HOT 1
- 关于《渗透技巧——利用netsh抓取连接文件服务器的NTLMv2 Hash》的一个小问题 HOT 1
- uac bypass方式好像已经失效 HOT 4
- question HOT 4
- question
- 腾讯云开发者社区入驻邀请
- 在PE文件的数字证书中隐藏Payload 求助
- 关于volatility2没有成功转存ntds.dit文件 HOT 2
- canyou cantact me
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from feedback.