本文中心思想是:
前提条件:
1. window启动时以Local System account权限运行启动脚本
引用
“Startup scripts are run under the Local System account, and they have the full rights that are associated with being able to run under the Local System account.”
2. 启动脚本存放在远端samba服务器上
3. 我们可以伪装成samba服务器,无论client请求什么文件,我们都可以把恶意启动脚本发送给client