[TOC] ## 手工查找补丁情况 ``` 查找漏洞补丁 • systeminfo • wmic qfe get Caption,Description,HotFixID,InstalledOn 查询到缺失补丁后，对照相应的操作系统，查找对应的exp • https://github.com/SecWiki/windows-kernel-exploits • https://bugs.hacking8.com/tiquan/ • https://github.com/Heptagrams/Heptagram/tree/master/Windows/Elevation • https://www.exploit-db.com/ • https://i.hacking8.com/tiquan/ :在线搜索 ``` ## windows exploit suggester ~~~ https://github.com/AonCyberLabs/Windows-Exploit-Suggester ~~~ ## PowerShell中的SherLock脚本 ``` 以管理员身份运行cmd： • Set-ExecutionPolicy RemoteSigned : 允许系统执行ps脚本 • Import-Module .\\Sherlock.ps1 ：导入ps脚本 ``` ## MSF后渗透扫描 ``` 补丁查询模块 • post/windows/gather/enum_patches 漏洞利用模块 • post/multi/recon/local_exploit_suggester ```