信息枚举

查看arp缓存

arp -a

查看路由表

route print

powershell:查看Windows Defender 状态

Get-MpComputerStatus

ps:列出应用锁程序规则

Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections

测试AppLocker策略

PS C:\htb> Get-AppLockerPolicy -Local | Test-AppLockerPolicy -path C:\Windows\System32\cmd.exe -User Everyone

FilePath                    PolicyDecision MatchingRule
--------                    -------------- ------------
C:\Windows\System32\cmd.exe         Denied c:\windows\system32\cmd.exe

Taninluv's blog

Windows_Privilege_Escalation
Click back to the top

Home

Archives

Windows_Privilege_Escalation

信息枚举

查看arp缓存

查看路由表

powershell:查看Windows Defender 状态

ps:列出应用锁程序规则

测试AppLocker策略