windows提权

systeminfo>windowsvul.txt&(for %i in (KB977165 KB2160329 KB2503665 KB2592799 KB2707511 KB2829361 KB2850851 KB3000061 KB3045171 KB3077657 KB3079904 KB3134228 KB3143141 KB3141780)do @type windowsvul.txt|@find /i "%i"||@echo %i you can fuck)

开启远程桌面

REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD
/d 00000000 /f

sql server 命令

1.是否开启远程桌面，1表示关闭，0表示开启

EXEC master..xp_regread 'HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Terminal Server','fDenyTSConnections'

2.读取远程桌面端口

EXEC master..xp_regread 'HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp','PortNumber'

3.开启远程桌面

EXEC master.dbo.xp_regwrite'HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Terminal Server','fDenyTSConnections','REG_DWORD',0;

reg文件开启远程桌面：

Windows Registry Editor Version 5.00HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer]"fDenyTSConnections"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp]"PortNumber"=dword:00000d3d

保存micropoor.reg，并执行regedit /s micropoor.reg
注：如果第一次开启远程桌面，部分需要配置防火墙规则允许远程端口。

netsh advfirewall firewall add rule name="Remote Desktop" protocol=TCP dir=in localport=3389 action=allow

4.关闭远程桌面

EXEC master.dbo.xp_regwrite'HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Terminal
Server','fDenyTSConnections','REG_DWORD',1;