实现:探测可提权目录脚本

示例代码如下

/*
逻辑顺序:
1、循环遍历数组中的内容
2、对每个数组中的内容先进行是否存在的操作
3、存在的话那么久进行CreateFile函数操作,如果能写入则代表当前用户在该目录具有写入的权限
*/
#include<Windows.h>
#include<stdio.h>


DWORD ToCreateFile(const char * FilePath) {
	HANDLE hFile; //用来接收CreateFile返回来的句柄,用这个句柄来进行写入的操作
	DWORD  dwWritten;
	char szFullPath[MAX_PATH];
	int len = strlen(FilePath);
	if (FilePath[len - 1] == '\\') {
		wsprintf(szFullPath, "%s\%s", FilePath, "AbleWrite.txt"); //拼接字符串,成为一个完整的路径
		hFile = CreateFile(szFullPath,
			GENERIC_WRITE,
			0,
			NULL,
			CREATE_ALWAYS,
			FILE_ATTRIBUTE_NORMAL,
			NULL);//创建文件AbleWrite.txt
		

		if (hFile != INVALID_HANDLE_VALUE)
		{
			if (!WriteFile(hFile, NULL, NULL, &dwWritten, NULL))//将系统目录,系统信息写入文件中
			{
				return GetLastError(); //如果写入失败 返回错误信息
			}

			//打印当前能写入文件的路径
			printf("可写入路径有:%s \n", FilePath);
		}
		CloseHandle(hFile);//关闭文件句柄

		//如果能写入的话 然后进行删除文件的操作
		DeleteFile(szFullPath);  //接收类型的数据为LPCSTR
	}
	else {
		//首先判断当前路径是否存在
		WIN32_FIND_DATA FindFileData;
		HANDLE hListFile;
		hListFile = FindFirstFile(FilePath, &FindFileData);
		if (hListFile == INVALID_HANDLE_VALUE) {
			return 1;
		}
		else {
			printf("当前路径文件能进行提权操作:%s \n", FilePath);
		}
	}

	return 0;
}

int main(){
	const char *FileDictory[] = {
		"C:\\RECYCLER\\",
		"c:\\programdata\\",
		"C:\\windows\\temp\\",
		"e:\\recycler\\",
		"f:\\recycler\\",
		"C:\\php\\PEAR\\",
		"C:\\WINDOWS\\7i24.com\\FreeHost\\",
		"C:\\php\\dev\\",
		"C:\\System Volume Information\\",
		"C:\\7i24.com\\serverdoctor\\log\\",
		"c:\\windows\\hchiblis.ibl",
		"C:\\7i24.com\\iissafe\\log\\",
		"C:\\7i24.com\\LinkGate\\log\\",
		"C:\\Program Files\\Thunder Network\\Thunder7\\",
		"C:\\Program Files\\Thunder Network\\Thunder\\",
		"C:\\Program Files\\Symantec AntiVirus\\SAVRT\\",
		"C:\\windows\\DriverPacks\\C\\AM2\\",
		"C:\\Program Files\\FlashFXP\\",
		"C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\ErrorDumps\\",
		"C:\\Program Files\\Zend\\ZendOptimizer-3.3.0\\",
		"C:\\Program Files\\Common Files\\",
		"C:\\Documents and Settings\\All Users\\Application Data\\Hagel Technologies\\DU Meter\\log.csv",
		"C:\\Program Files\\360\\360Safe\\deepscan\\Section\\mutex.db",
		"C:\\Program Files\\Helicon\\ISAPI_Rewrite3\\error.log",
		"C:\\Program Files\\Helicon\\ISAPI_Rewrite3\\Rewrite.log",
		"C:\\Program Files\\Helicon\\ISAPI_Rewrite3\\httpd.conf",
		"C:\\Program Files\\Common Files\\Symantec Shared\\Persist.bak",
		"C:\\Program Files\\Common Files\\Symantec Shared\\Validate.dat",
		"C:\\Program Files\\Common Files\\Symantec Shared\\Validate.dat",
		"C:\\Program Files\\Zend\\ZendOptimizer-3.3.0\\docs\\",
		"C:\\Documents and Settings\\All Users\\DRM\\",
		"C:\\Documents and Settings\\All Users\\Application Data\\McAfee\\DesktopProtection\\",
		"C:\\Documents and Settings\\All Users\\Application Data\\360safe\\softmgr\\",
		"C:\\Program Files\\Zend\\ZendOptimizer-3.3.0\\lib\\Optimizer-3.3.0\\php-5.2.x\\ZendOptimizer.dll",
		"C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Media Index\\",
	};

	int len = sizeof(FileDictory) / sizeof(FileDictory[0]);
	printf("#author:zpchcbd\n");
	printf("#result:寻找常见的可读写目录\n");
	for (int i = 0; i < len; i++) {
		ToCreateFile(FileDictory[i]);
	}
	system("pause");
	return 0;
}
posted @ 2019-12-04 16:39  zpchcbd  阅读(293)  评论(0编辑  收藏  举报