前期渗透:
打点:(任意文件上传)
直接发现头像处任意文件上传,这里直接上传冰蝎即可。
tasklist查看杀软
System Idle Process 0 N/A
System 4 N/A
smss.exe 240 N/A
csrss.exe 376 N/A
wininit.exe 436 N/A
services.exe 524 N/A
lsass.exe 532 Kdc, KeyIso, Netlogon, NTDS, SamSs
svchost.exe 672 BrokerInfrastructure, DcomLaunch, LSM,
PlugPlay, Power, SystemEventsBroker
svchost.exe 716 RpcEptMapper, RpcSs
WRSA.exe 820 WRSVC
svchost.exe 276 Dhcp, EventLog, lmhosts, Wcmsvc
svchost.exe 320 Appinfo, BITS, CertPropSvc, gpsvc, IAS,
IKEEXT, iphlpsvc, LanmanServer, ProfSvc,
Schedule, seclogon, SENS, SessionEnv,
ShellHWDetection, Themes, Winmgmt
svchost.exe 516 EventSystem, FontCache, netprofm, nsi,
W32Time, WinHttpAutoProxySvc
svchost.exe 932 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, WinRM
svchost.exe 1100 BFE, DPS, MpsSvc
spoolsv.exe 1508 Spooler
Microsoft.ActiveDirectory 1540 ADWS
OfficeClickToRun.exe 1792 ClickToRunSvc
svchost.exe 1844 ddpvssvc
dfsrs.exe 1892 DFSR
svchost.exe 1908 DHCPServer
svchost.exe 1936 DiagTrack
dns.exe 1980 DNS
fmaonsite.exe 2024 FMAuditOnsite
ismserv.exe 1340 IsmServ
Microsoft.BDD.MonitorServ 1432 MDT_Monitor
MSOIDSVC.EXE 2660 msoidsvc
svchost.exe 2328 Net Driver HPZ12
OpenDNSAuditService.exe 2220 OpenDNS Active Directory Service
MSOIDSVCM.EXE 1256 N/A
svchost.exe 2172 Pml Driver HPZ12
ScreenConnect.ClientServi 556 ScreenConnect Client (62c0d7e1d3b94bc5)
svchost.exe 1472 TermService
OpenDNSAuditClient.exe 2924 N/A
conhost.exe 1380 N/A
VGAuthService.exe 2096 VGAuthService
vmtoolsd.exe 612 VMTools
WRCoreService.x64.exe 2136 WRCoreService
WRSkyClient.x64.exe 3180 WRSkyClient
dfssvc.exe 3316 Dfs
WmiPrvSE.exe 3484 N/A
svchost.exe 3568 UALSVC, UmRdpService
VeeamDeploymentSvc.exe 3612 VeeamDeploySvc
WRSvcMetrics.x64.exe 3580 N/A
svchost.exe 4216 PolicyAgent
msdtc.exe 4160 MSDTC
DCA.Edge.Console.exe 3676 DCAPulse
iashost.exe 4548 N/A
wsmprovhost.exe 9104 N/A
powershell.exe 7828 N/A
conhost.exe 6688 N/A
powershell.exe 360 N/A
conhost.exe 5152 N/A
notepad.exe 1760 N/A
LTSvcMon.exe 5424 LTSvcMon
LTSVC.exe 7272 LTService
labvnc.exe 5412 tvnserver
Veeam.EndPoint.Service.ex 8316 VeeamEndpointBackupSvc
wsmprovhost.exe 7108 N/A
ScreenConnect.WindowsBack 4384 N/A
csrss.exe 7564 N/A
winlogon.exe 5520 N/A
dwm.exe 6572 N/A
labvnc.exe 5916 N/A
taskhostex.exe 8540 N/A
WRSA.exe 2308 N/A
ScreenConnect.WindowsClie 3732 N/A
explorer.exe 3964 N/A
MRT.exe 4852 N/A
vm3dservice.exe 2656 N/A
MRT.exe 5196 N/A
vmtoolsd.exe 5340 N/A
DCA.Edge.TrayIcon.exe 6432 N/A
LTTray.exe 4564 N/A
WmiPrvSE.exe 6336 N/A
Taskmgr.exe 6684 N/A
LogonUI.exe 380 N/A
cmd.exe 2400 N/A
conhost.exe 6216 N/A
net.exe 8100 N/A
net1.exe 8908 N/A
cmd.exe 2956 N/A
conhost.exe 8300 N/A
net.exe 7344 N/A
net1.exe 5248 N/A
cmd.exe 432 N/A
conhost.exe 9052 N/A
net.exe 7356 N/A
net1.exe 3156 N/A
cmd.exe 8232 N/A
conhost.exe 4600 N/A
net.exe 5528 N/A
net1.exe 7352 N/A
cmd.exe 4304 N/A
conhost.exe 7148 N/A
vds.exe 3872 vds
cmd.exe 7716 N/A
conhost.exe 8564 N/A
tasklist.exe 9212 N/A
