渗透测试某大型集团企业内网
<p align="left" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0cm 0cm 18pt;text-align:left;"><br />
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">1</span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">、弱口令扫描提权进服务器</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">首先</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ipconfig</span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">自己的</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ip</span></b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">为</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.12.*<b>*</b></span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,得知要扫描的网段为</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.0.1-10.10.19.555</span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,楼层总共为</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">19</span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">层,所以为</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">19</span></b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,扫描结果如下</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">:</span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-f6533a9793090fad.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="340" src="https://www.2k8.org/content/uploadfile/202203/17/2e21ea01.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-14c65e4ba25cc00f.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="365" src="https://www.2k8.org/content/uploadfile/202203/17/d8ca0f50.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ipc </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">弱口令的就不截登录图了,我们看</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">mssql </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">弱口令,先看</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.9.1 </span></b><b><i><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,</span></i></b><b><i><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">sa</span></i></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">密码为空我们执行</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">执行一下命令看看</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-32ed95aa5b6eb289.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="401" src="https://www.2k8.org/content/uploadfile/202203/17/3f393469.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">开了</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">3389 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,直接加账号进去</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-311bd044fcd5a5be.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="412" src="https://www.2k8.org/content/uploadfile/202203/17/6b5f7520.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">一看就知道是财务系统的服务器,我们千万不能搞破坏呀,看看另一台如图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-7aed916499824b65.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="398" src="https://www.2k8.org/content/uploadfile/202203/17/8f053025.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">直接加个后门,</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-67056c01ac161596.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="414" src="https://www.2k8.org/content/uploadfile/202203/17/c5f2f6e3.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">有管理员进去了,我就不登录了,以此类推拿下好几台服务器。</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">2 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">、域环境下渗透搞定域内全部机器</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">经测试</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.1.1-10.10.1.255 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">网段有域,根据扫描到的服务器账号密码登录一下,执行</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ipconfig /all </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">得知</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-492de6cb9d9e605a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="375" src="https://www.2k8.org/content/uploadfile/202203/17/f72ec043.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">当前域为</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">fsll.com </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ping </span></b><b><i><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">一下</span></i></b><b><i><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">fsll.com</span></i></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">得知域服务器</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">iP </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">为</span><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.1.36</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,执行命令</span><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">net user /domain </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">如图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-8cf73d3606cb104a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="409" src="https://www.2k8.org/content/uploadfile/202203/17/b5a91f51.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">我们需要拿下域服务器,我们的思路是抓</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">hash </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,因为嗅探的话管理员很少登陆所以时间上来不及,那好吧,执行</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">PsExec.exe -s -u administrator -p administrator \10.10.1.36 -c c:\s.exe</span></b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,这句命令的意思是利用当前控制的服务器抓取域服务器</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ip</span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">的</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">hash,10.10.1.36</span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">为域服务器,如图:</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-0907df74edd5618d.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="389" src="https://www.2k8.org/content/uploadfile/202203/17/90dd1f7f.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">利用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">cluster </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">这个用户我们远程登录一下域服务器如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-cfa150df28ef4536.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="412" src="https://www.2k8.org/content/uploadfile/202203/17/95bc027c.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">尽管我们抓的不是</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">administrator </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">的密码,但是仍然可以远程登录,通过本地抓取域服务器我们得到了</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">administrator </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">的密码如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-a13fbfb754ae4fcb.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="407" src="https://www.2k8.org/content/uploadfile/202203/17/6b939580.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">得知域服务器管</span></b><b><span style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">理员密码和用户名同名,早知道就不用这么麻烦抓</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">hash </span></b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">了,那么我们获得域服务器,那又该如何获得域下的服务器呢,大家看我的思路如图:</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-68cef545fa0e6243.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="394" src="https://www.2k8.org/content/uploadfile/202203/17/e83011a5.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">域下有好几台服务器,我们可以</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ping </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">一下</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ip </span></b><b><i><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,这里只</span></i></b><b><i><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ping</span></i></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">一台,</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ping</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">blade9</span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">得知</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">iP </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">为</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.1.22 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,然后我们右键管理添加账户密码这样就可以远程登录了,以此类推,就可以拿下域下的所有机器。。如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-15fc9957c8e5daab.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="407" src="https://www.2k8.org/content/uploadfile/202203/17/ad2855d0.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">经过的提前扫描,服务器主要集中到</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.1.1-10.10.1.254 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">这个段,加上前面弱口令的一些服务器这个段算是搞完了。我在打开域服务器的远程连接中查看到还有</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.13.50.X </span></b><b><i><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">段,经扫描</span></i></b><b><i><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.13.50.101 </span></i></b><b><i><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">开了</span></i></b><b><i><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">3389</span></i></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,我用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">nessus </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">扫描如下图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-d4d96210375a1952.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="296" src="https://www.2k8.org/content/uploadfile/202203/17/c323fe2f.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">利用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ms08067 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">成功溢出服务器,成功登录服务器</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-72ad91b91731ee4a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="410" src="https://www.2k8.org/content/uploadfile/202203/17/97d236b1.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">我插管理员在线,貌似也是有域的,这就是域服务器,而且域下没有别的机器,我们经抓</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">hash </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">得知</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">administrator </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">密码为</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">zydlasen</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">这样两个域我们就全部拿下了。</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">3 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">、通过</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">oa </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">系统入侵进服务器</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">Oa </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">系统的地址是</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"><a href="http://10.10.1.21:8060/oa/login.vm" target="_blank"><span style="color:#4183C4;">http://10.10.1.21:8060/oa/login.vm</span></a></span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">如图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-29bbbdb60e8b2e0b.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="201" src="https://www.2k8.org/content/uploadfile/202203/17/77227e06.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">没有验证码,我插,试了好多弱口令都不行,没办法想到了溯雪,所以就开溯雪配置好如图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-a9d368cba04bc41f.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="272" height="230" src="https://www.2k8.org/content/uploadfile/202203/17/fd132df8.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">填写错误标记开扫结果如下</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-6d014d2b4a8e01f1.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="360" height="236" src="https://www.2k8.org/content/uploadfile/202203/17/74e75366.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">下面我们进</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">OA</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-fc3a834d5754faf9.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="146" src="https://www.2k8.org/content/uploadfile/202203/17/89c2e724.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">我们想办法拿</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">webshell </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,在一处上传地方上传</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">jsp </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">马如图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-718ca7a0856a633f.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="328" src="https://www.2k8.org/content/uploadfile/202203/17/b71a1653.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-7654922efc05de91.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="352" src="https://www.2k8.org/content/uploadfile/202203/17/3885c052.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">利用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">jsp </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">的大马同样提权</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ok </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,哈哈其实这台服务器之前已经拿好了</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">4 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">、利用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">tomcat </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">提权进服务器</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">nessus </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">扫描目标</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ip </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">发现如图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-2b30aee2aad0c43c.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="300" src="https://www.2k8.org/content/uploadfile/202203/17/13c1c4ac.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">登录如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-d8afa17cc81020dc.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="263" src="https://www.2k8.org/content/uploadfile/202203/17/a1dd69ae.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">找个上传的地方上传如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-aee80342d982d77f.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="286" src="https://www.2k8.org/content/uploadfile/202203/17/279cb22b.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">然后就是同样执行命令提权,过程不在写了</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">5 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">、利用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">cain </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">对局域网进行</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ARP </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">嗅探和</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">DNS </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">欺骗</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">首先测试</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ARP </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">嗅探如图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-7bd65974166097d2.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="282" src="https://www.2k8.org/content/uploadfile/202203/17/9a712564.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">测试结果如下图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-db7987bf7c609310.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="359" src="https://www.2k8.org/content/uploadfile/202203/17/e2a73a84.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">哈哈嗅探到的东西少是因为这个域下才有几台机器</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">下面我们测试</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">DNS</span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">欺骗,如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-124f8e922780116c.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="317" src="https://www.2k8.org/content/uploadfile/202203/17/bd816bef.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.12.188 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">是我本地搭建了小旋风了,我们看看结果:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-6f78dff77b94982e.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="977" height="425" src="https://www.2k8.org/content/uploadfile/202203/17/44ecd28e.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">(注:欺骗这个过程由于我之前录制了教程,截图教程了)</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">6 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">、成功入侵交换机</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">我在扫描</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.0. </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">段的时候发现有个</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">3389 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">好可疑地址是</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">10.10.0.65 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,经过</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">nessus </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">扫描也没发现明显可利用的漏洞,后来经过查看之前抓</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">hash </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">得到这台服务器的密码为</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">lasenjt, </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">我插,感觉测评我们公司的运气是杠杠的,不过也从侧面知道安全是做的何等的烂呀</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">我们进服务器看看,插有福吧看着面熟吧</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-c7a42b776edffdcf.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="546" height="362" src="https://www.2k8.org/content/uploadfile/202203/17/f158ee11.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">装了思科交换机管理系统,我们继续看,有两个</span></b><b><span style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">管理员</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-bcca470982cd1bac.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="319" src="https://www.2k8.org/content/uploadfile/202203/17/d3843366.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">这程序功能老强大了,可以直接配置个管理员登陆</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">N </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">多交换机,经过翻看,直接得出几台交换机的特权密码如图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-7c890d02610d11bd.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="302" src="https://www.2k8.org/content/uploadfile/202203/17/a48d80dc.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">172.16.4.1,172.16.20.1 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">密码分别为:</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">@lasenjjz </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">@lasenjjz </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,好几个特权密码这里就不一一列举了,下面利用另一种方法读配置文件,利用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">communuity string </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">读取,得知已知的值为</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">lasenjtw *</span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,下面我们利用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">IP Network Browser </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">读取配置文件如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-512af9d67c9b448a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="404" src="https://www.2k8.org/content/uploadfile/202203/17/300b38e0.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">点</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">config </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,必须写好对应的</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">communuity string </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">值,如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-77c53b4d45eba914.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="415" src="https://www.2k8.org/content/uploadfile/202203/17/493a9d8c.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">远程登录看看,如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-d886647aeba99ea0.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="418" src="https://www.2k8.org/content/uploadfile/202203/17/1bbf5f53.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">直接进入特权模式,以此类推搞了将近</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">70 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">台交换机如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-cf40fc9b2a67170c.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="465" src="https://www.2k8.org/content/uploadfile/202203/17/2be2fc78.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-f63dd8f672b4daa9.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="391" src="https://www.2k8.org/content/uploadfile/202203/17/4c9fcc64.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">总结交换机的渗透这块,主要是拿到了</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">cisco </span></b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">交换机的管理系统直接查看特权密码和直接用</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">communuity string </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">读取配置文件查看交换机用户密码和特权密码,如果没拿到思科交换机管理系统的话就只能靠</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">nessus </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">扫描了,只要是</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">public </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">权限就能读取配置文件了,之前扫描到一个</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">nessus </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">的结果为</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">public </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,这里上一张图,</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">**</span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-8a6e141fa45c912a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="378" src="https://www.2k8.org/content/uploadfile/202203/17/c77b24ca.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">确实可以读取配置文件的。</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">除此之外还渗进了一些</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">web </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">登录交换机和一个远程管理控制系统如下图</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-6300f2137c4539e0.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="335" src="https://www.2k8.org/content/uploadfile/202203/17/7f13307b.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-eb3afcdb766229dd.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="384" src="https://www.2k8.org/content/uploadfile/202203/17/03cf1232.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">直接用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">UID </span></b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">是</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">USERID </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,默认</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">PW </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">是</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">PASSW0RD( </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">注意是数字</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">0 </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">不是字母</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">O) </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">登录了,可以远程管理所有的</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">3389 </span><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">。</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-5056c85ec77224e0.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="367" src="https://www.2k8.org/content/uploadfile/202203/17/ae2bab46.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">上图千兆交换机管理系统。</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">7 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">、入侵山石网关防火墙</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">对某公司网关进行渗透测试。。。具体详情如下:</span></b><b><span style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">思路是通过社工来搞定网关,所以就想办法收集内网管理员的信息,经测试发现域服务器的域用户比较多,所以就给服务器安装了</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> cain </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">进行本地</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> hash </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">的读取,读取信息如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-5dbe21b4f67fb569.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="400" src="https://www.2k8.org/content/uploadfile/202203/17/3e8e2936.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">网关是山石网关,在不知道具体有哪些用户名(默认有个</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> hillstone </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">无法删除,属于内置用户)的情况下只能根据最有可能的账号结合抓到的密码一个一个测试,最终还是没成功,后来想到叫人写个程序暴力破解,但是发现错误三次,就会锁定</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> IP2 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">分钟,所以效果不是很好,登陆域服务器发现桌面有个屏幕录像专家,打开看个教程,发现服务器登陆过网关,里面有</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> id </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">地址记录,地址是</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> 172.16.251.254 </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">这样就想到用</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> ie </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">密码读取器来查看</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> ie </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">历史密码</span></b><b><span style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"> </span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">如图:</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-2eadee0662094c87.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="288" src="https://www.2k8.org/content/uploadfile/202203/17/7bb45089.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">然后登陆网关如图:</span></b><b><i><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">**</span></i></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-e481e82711e3e7a8.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="554" height="407" src="https://www.2k8.org/content/uploadfile/202203/17/d4ee7b4f.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">经过半天的努力,防火墙网关我进来了,我渗透进一台域服务器,进去抓了域所有用户的密码一个个去试网关,都没成功,忽然发现桌面上安装了屏幕录制专家,我就打开看了,发现有个录像里</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">**</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">ie</span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">家里里</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">172.16.251.254</span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,这不就是网关的地址么,所以我就用</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">administrator</span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">登陆了域服务器,然后打开网关地址,妈呀网关的账号直接就在记录里,可惜没有密码,哈哈不过这也不错,真心比乱搞强多了,然后忽然想到用</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">IE</span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">密码记录器查看密码,于是乎下载了一个工具查看密码,这样网关就搞定了,彩笔的是原来这个早已经被我搞出来了,是交换机的特权密码,</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">73</span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">台的密码我也不可能一个个的试吧,本来想写个程序,结果打电话给山石人家说密码错误三次直接封</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">IP</span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">好吧,有时候有些东西真的是需要耐心的,当然也需要一定的智慧,当然也有一定的运气成分在里面,就这样网关就被拿到了,之前用</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">nessus</span><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">扫没扫到漏洞,至此大型局域网渗透就完结,哈哈,大牛不要笑话哦!</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">**</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">总结:本渗透测试过程没有什么高的技术含量,全靠运气和细心的发现才得以有此过程,整个渗透测试过程全部录制为视频教程。。。由于时间仓促,所以渗透就到此为止,在工作组下的个人</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">PC</span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">还没有拿下,严格的说这个渗透是不完美的,本来还想再做交换机端口镜像的教程,但是考虑到网络的稳定性这里就不搞测试了,还请大家海涵。。谢谢观赏。。鄙人</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">QQ</span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">:</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">635833</span></b><b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">,欢迎进行技术交流。</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">补充:最近公司换领导,本来想搞搞端口镜像,嗅探和</span></b><b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">dns**</span></b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">欺骗,但考虑到其有一定的风险性就后续暂时不会搞了。现在上一张摸清楚的拓扑图:</span><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;">**</span>
</p>
<div align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:11.25pt;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;font-size:12.0pt;">
<hr size="0" width="100%" noshade="noshade" style="color:#333333;" align="center" />
</span>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<a href="http://upload-images.jianshu.io/upload_images/5822121-c3ebda51a7c035c1.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"><img width="736" height="538" src="https://www.2k8.org/content/uploadfile/202203/17/e6d4e2a6.png" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:18.0pt;text-align:left;text-justify:inter-ideograph;">
<b><span style="color:#333333;font-family:宋体;font-size:11.5pt;letter-spacing:.55pt;">注:已经给公司提交渗透测试报告,并已修复漏洞,为了尽量不影响文章的观赏性,故不再打码处理。。。</span></b><span lang="EN-US" style="color:#333333;font-family:Segoe UI,sans-serif;font-size:11.5pt;letter-spacing:.55pt;"></span>
</p>
<p style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"> </span>
</p>
<p>
<br />
</p>
<link rel="File-List" href="https://qq.vin/admin/38294a75343481837ac7c69236cd7b70.files/filelist.xml" /><link rel="Edit-Time-Data" href="https://qq.vin/admin/38294a75343481837ac7c69236cd7b70.files/editdata.mso" /><link rel="themeData" href="https://qq.vin/admin/38294a75343481837ac7c69236cd7b70.files/themedata.thmx" /><link rel="colorSchemeMapping" href="https://qq.vin/admin/38294a75343481837ac7c69236cd7b70.files/colorschememapping.xml" />
<style>
<!-- /* Font Definitions */ @font-face {font-family:宋体; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-alt:SimSun; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 135135232 16 0 262145 0;} @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:等线; mso-font-alt:DengXian; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:-1610612033 953122042 22 0 262159 0;} @font-face {font-family:"Segoe UI"; panose-1:2 11 5 2 4 2 4 2 2 3; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-536861953 -1073733541 9 0 479 0;} @font-face {font-family:"\@宋体"; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 135135232 16 0 262145 0;} @font-face {font-family:"\@等线"; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:-1610612033 953122042 22 0 262159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; text-align:justify; text-justify:inter-ideograph; mso-pagination:none; font-size:10.5pt; mso-bidi-font-size:11.0pt; font-family:等线; mso-ascii-font-family:等线; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:等线; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:等线; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-noshow:yes; mso-style-priority:99; mso-style-link:"批注框文本 Char"; margin:0cm; margin-bottom:.0001pt; text-align:justify; text-justify:inter-ideograph; mso-pagination:none; font-size:9.0pt; font-family:等线; mso-ascii-font-family:等线; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:等线; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:等线; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;} span.Char {mso-style-name:"批注框文本 Char"; mso-style-noshow:yes; mso-style-priority:99; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:批注框文本; mso-ansi-font-size:9.0pt; mso-bidi-font-size:9.0pt;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} /* Page Definitions */ @page {mso-page-border-surround-header:no; mso-page-border-surround-footer:no;} @page Section1 {size:595.3pt 841.9pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:42.55pt; mso-footer-margin:49.6pt; mso-paper-source:0; layout-grid:15.6pt;} div.Section1 {page:Section1;} -->
</style>
页:
[1]