当前位置:网站首页>Intranet information collection of Intranet penetration (5)
Intranet information collection of Intranet penetration (5)
2022-07-06 14:07:00 【Unknown white hat】
Voucher information collection
01 Voucher acquisition tool
Often used to get windows Password tools
- mimikatz
- wce
- pwddump7
- ophcrack
- procdump+mimikatz
- lazagne
02 password hash
LM Hash &NTLM Type hash
winodws hash:
2000 | xp | 2003 | Vista | win7 | 2008 | 2012 | |
LM | √ | √ | √ | ||||
NTLM | √ | √ | √ | √ | √ | √ | √ |
windows Local hash:
http://www.secpulse.com/archives/65256.html
windows Under the system hash Password format :
User name :RID:LM-HASH value :NT-HASH value
03mimikatz
mimikatz download :
link :https://pan.baidu.com/s/1ZbQM5YrgNyqmHFWBySSJjg
Extraction code :jryu
Non local interactive credential acquisition
mimikatz.exe "log res.txt" "privilege::debug" "token::elevate" "lsadump::sam" "exit"
mimikatz.exe "log logon.txt" "privilege::debug" "sekurlsa::logonpasswords" "exit"
Generally, the target plane is landed remotely , Download in the target mimikatz
log result.txt( Send the results to txt in )
privilege::debug( Raise the right )
token::elevate( Impersonate token : Used to promote permissions to SYSTEM ( Default ) Or find the domain administrator token in the box )
Get system User token
lsadump::sam( Get user hash )
sekurlsa::logonpasswords( Get clear text password )
mimikatz1.x edition :
privilege::debug // Increase authority
inject::process lsass.exe sekurlsa.dll // Inject sekurlsa.dll To lsass.exe In progress
@getLogonPasswords // Get password
mimikatz No killing :
https://www.freebuf.com/articles/system/234365.html
04get-hashs
边栏推荐
- 【黑马早报】上海市监局回应钟薛高烧不化;麦趣尔承认两批次纯牛奶不合格;微信内测一个手机可注册俩号;度小满回应存款变理财产品...
- Strengthen basic learning records
- Detailed explanation of three ways of HTTP caching
- 7-8 7104 约瑟夫问题(PTA程序设计)
- Renforcer les dossiers de base de l'apprentissage
- Wechat applet
- 网络基础详解
- UGUI—Text
- Build domain environment (win)
- 7-4 hash table search (PTA program design)
猜你喜欢
. Net6: develop modern 3D industrial software based on WPF (2)
WEB漏洞-文件操作之文件包含漏洞
1143_ SiCp learning notes_ Tree recursion
"Gold, silver and four" job hopping needs to be cautious. Can an article solve the interview?
Tencent map circle
Applet Web Capture -fiddler
. How to upload XMIND files to Jinshan document sharing online editing?
Package bedding of components
1. Preliminary exercises of C language (1)
HackMyvm靶机系列(1)-webmaster
随机推荐
7-5 staircase upgrade (PTA program design)
强化学习基础记录
Attach the simplified sample database to the SQLSERVER database instance
Experiment 6 inheritance and polymorphism
外网打点(信息收集)
记一次api接口SQL注入实战
How to understand the difference between technical thinking and business thinking in Bi?
实验七 常用类的使用
7-1 output all primes between 2 and n (PTA programming)
Reinforcement learning series (I): basic principles and concepts
7-4 hash table search (PTA program design)
Experiment five categories and objects
1143_ SiCp learning notes_ Tree recursion
【MySQL数据库的学习】
[three paradigms of database] you can understand it at a glance
Record once, modify password logic vulnerability actual combat
强化学习基础记录
Only 40% of the articles are original? Here comes the modification method
Experiment 4 array
Xray and burp linkage mining