当前位置：网站首页>Att & CK actual combat series - red team actual combat - V

Att & CK actual combat series - red team actual combat - V

2022-07-04 00:20:00 【F。 N hey hey】

ATT&CK Practical series — The red team is fighting -5

nmap sweep , See the open port , notice thinkphp Search directly after the version of payload
Insert picture description here

Write payload when , because <> Will be in windows Report errors , This want to use `` hold < Cover up , But it's still wrong , will payload Encrypted into base64 Then write to the file , Then decrypt the file into plaintext file

Intranet channel 192.168.138.137
Insert picture description here
There is no password caught here （ The reason will be explained later ）

Try to go online cs Grab the code

Turn off firewall

Turn on 3389

Insert picture description here
View host information , Prepare for remote login

stay win7 On the use of fscan Scan host , obtain win2008

hashdump, obtain sid Wait for the information , adopt cs Upper psexec Sign in win2008

Insert picture description here

There was no migration process before , Lead to msf Of hashdump Failure
Insert picture description here
Use wmiexec Sign in win2008, Failed to connect , Then try to connect win7, I found that I could connect , Explain that the agent has problems

Find out msf There is no route added in ,, As a result, it cannot be connected 2008, Now add the route

Login successful
Insert picture description here
Subsequent operations are similar to win7 be similar , Finally, clean up the traces