Hi there 👋
Welcome to my blog
Htb BreadCrumbs
#PasswordReuse #sqlite #session #file_include #SQLInjection #jwt #AES #secure_file_priv 靶机开启后IP为:10.10.10.228 Nmap Scan TCP协议全部端口 sudo nmap -p- -Pn --min-rate 2000 -v 10.10.10.228 -oA Scan/ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 443/tcp open https 445/tcp open...
HTB Cascade
#LDAP_anonymous_binds #sqlite #VNC #.NET #AD_Recycle_Bin #PasswordReuse 靶机开启后IP为:10.10.10.182 Nmap Scan TCP协议全部端口 sudo nmap -p- --min-rate 2000 10.10.10.182 -vvv -oA Scan/ports PORT STATE SERVICE REASON 53/tcp open domain syn-ack ttl 127 88/tcp open kerberos-sec syn-ack ttl 127 135/tcp open msrpc syn-ack ttl 127 139/tcp...
Kerberos 认证协议理解记录
流量解密 Kerberos 流量解密可以看到更多细节的同时也便于解决渗透过程中的报错问题。 keytab 解密不是使用 administrator 管理员用户的hash,重点是申请票据用户的 hash 以及 krbtgt 用...
Kerberos Linux
Kerberos linux https://github.com/ricardojoserf/SSSD-creds ldb file apt install tdb-tools wget https://github.com/ricardojoserf/SSSD-creds/raw/main/analyze.sh ./analyze.sh var/lib/sss/db find var/ -type f -name *.ldb -exec strings {} \; | grep -i Password -A3 ksu ksu 是 su 程序的 Kerberized 版本,获得域用户的凭据之后都可以尝试,另外 krb5.conf 中配置了 .k5login。...
AD 工具报错
KRB_AP_ERR_SKEW(Clock skew too great) impacket-getST htb.local/svc-alfresco:s3rvice -spn cifs/forest.htb.local Impacket v0.11.0 - Copyright 2023 Fortra [-] CCache file is not found. Skipping... [*] Getting TGT for user [*] Getting ST for user Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great) 原因是与DC时间不同步,同步即可。 首先关掉同步 sudo timedatectl set-ntp off sudo rdate -n 10.10.10.161 [sudo] password...
vulnlab Trusted
nmap scan sudo nmap -Pn -v -A 10.10.234.117-118 -oA Scan/detail Nmap scan report for 10.10.234.117 Host is up (0.27s latency). Not shown: 990 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain? 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2024-08-10 14:43:24Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: trusted.vl0., Site: Default-First-Site-Name) 445/tcp open...
OSEP Review
考试准备 教材学习 3月初课程开始学到第六章,五月份重新捡起,八月初教材 lab 全部学完。 lab准备 HTB PEN-300 列表里的机器全部打完。 要说对考试的帮助有多大也...
HTB Bankrobber
#XSS #CSRF #SQLInjection 靶机开启后IP为:10.10.10.154 Nmap Scan TCP协议全部端口 sudo nmap -p- -Pn --min-rate 2000 -v 10.10.10.154 -oA scan/ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 445/tcp open microsoft-ds 3306/tcp open mysql 默认脚本扫描开放端口...
HelloWorld
Hello, World!