[try to hack] at, SC, PS command authorization

Blog home page ： Happy star The blog home page of
Series column ：Try to Hack
Welcome to focus on the likes collection ️ Leaving a message.
Starting time ：2022 year 7 month 10 Japan
The author's level is very limited , If an error is found , Please let me know , thank ！

@toc

AT Raise the right

Applicable system ：Windows2000、Windows 2003、Windows XP
Premise ： Get server admin jurisdiction , have access to at command , Therefore, the right is system jurisdiction

at Is a command-line tool for issuing scheduled tasks , The grammar is relatively simple . adopt at Command issued
Scheduled tasks , Windows Default to SYSTEM Permission to run . Scheduled task scheduling can be batch processing 、 It can be a binary file

at 13:38 /interactive cmd.exe # stay 13:38 With system Permission open cmd

Now we just got one system Of shell, We should raise the power of the system to system Only with authority
In getting a system Of cmd after , Use taskmgr The command calls the task manager , At this time
Task manager is system jurisdiction , then kill fall explore process , Then use the task manager
newly build explore process , Will get a system Desktop environment for

SC Raise the right

Applicable system ：Windows7、Windows8、Windows2008、Windows2012、Windows2016

#  Create a name syscmd The new interactive cmd service C:>sc Create syscmd binPath= “cmd /K start” type= own type= interact # Start the service to get system The powers of the cmdC:>sc start syscmd 

among syscmd It's the service name , You can fill in at will ,binpath Is the command to start ,type=own Service refers to who the service belongs to ,type=interact Refers to interactive shell

PS Raise the right

PStool Download address
Applicable system ：Windows2003 、 Windows2008
psexec.exe -accepteula -s -i -d cmd.exe