windwos提权-CVE-2019-1388
guest→system(UAC手动提权)
利用高权限建立一个低权限账户orange
查看权限 win-vomjm1p7c71\orange
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209112927779-471975439.png)
下载HHUPD.exe文件,以管理员身份运行。
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209113237296-1452504912.png)
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209113308849-1699669199.png)
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209113404826-1524706940.png)
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209113509049-1197777130.png)
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209113605318-681125635.png)
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209113654241-302818423.png)
另存为路径 C:\Windows\System32\cmd.exe
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209113754028-263652757.png)
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209113910628-1427713810.png)
最高权限nt authority\system
斯文师傅的gif图片更为清晰明了
![](https://www.icode9.com/i/l/?n=18&i=blog/1062851/201912/1062851-20191209114450826-2084641108.gif)
待续
标签:CVE,orange,system,提权,2019,windwos,权限
来源: https://www.cnblogs.com/Oran9e/p/12010215.html