活动目录下的常见攻击方式

发布时间：2019-01-30 16:23:05 所属栏目：评论来源：SoftNight

导读：Active是一个很简单的box，不过也提供了很多学习的机会。这个box包含了很多与Windows活动目录相关的常见漏洞。你可以在这个box中进行SMB枚举，这是一个不错的练习机会。你也可以对Windows域使用kerberoasting，但如果你不是渗透测试员的话，是没有机会这么

root@kali:~/hackthebox/active-10.10.10.100# nmap -sV -sC -p 53,88,135,139,389,445,464,593,636,3268,3269,5722,9389,47001,49152-49158,49169,49170,49179 --min-rate 5

000 -oA nmap/scripts 10.10.10.100

Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-28 21:37 EDT

Nmap scan report for 10.10.10.100

Host is up (0.020s latency).

PORT STATE SERVICE VERSION

53/tcp open domain Microsoft DNS 6.1.7600 (1DB04001) (Windows Server 2008 R2)

| dns-nsid:

|_ bind.version: Microsoft DNS 6.1.7600 (1DB04001)

88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2018-07-29 01:37:17Z)

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: active.htb, Site: Default-First-Site-Name)

445/tcp open microsoft-ds?

464/tcp open kpasswd5?

593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0

636/tcp open tcpwrapped

3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: active.htb, Site: Default-First-Site-Name)

3269/tcp open tcpwrapped

5722/tcp open msrpc Microsoft Windows RPC

9389/tcp open mc-nmf .NET Message Framing

47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)

|_http-server-header: Microsoft-HTTPAPI/2.0

|_http-title: Not Found

49152/tcp open msrpc Microsoft Windows RPC

49153/tcp open msrpc Microsoft Windows RPC

49154/tcp open msrpc Microsoft Windows RPC

49155/tcp open msrpc Microsoft Windows RPC

49156/tcp closed unknown

49157/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0

49158/tcp open msrpc Microsoft Windows RPC

49169/tcp open msrpc Microsoft Windows RPC

49170/tcp open msrpc Microsoft Windows RPC

49179/tcp open msrpc Microsoft Windows RPC

Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2, cpe:/o:microsoft:windows

Host script results:

|_clock-skew: mean: -35s, deviation: 0s, median: -35s

|_nbstat: NetBIOS name: DC, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:a2:16:8b (VMware)

| smb2-security-mode:

| 2.02:

|_ Message signing enabled and required

| smb2-time:

| date: 2018-07-28 21:38:11

|_ start_date: 2018-07-28 15:00:50

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 150.56 seconds

root@kali:~/hackthebox/active-10.10.10.100# nmap -sU -p- --min-rate 5000 -oA nmap/alludp 10.10.10.100

Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-28 21:40 EDT

Warning: 10.10.10.100 giving up on port because retransmission cap hit (10).

Nmap scan report for 10.10.10.100

Host is up (0.021s latency).

Not shown: 65385 open|filtered ports, 145 closed ports

PORT STATE SERVICE

123/udp open ntp

137/udp open netbios-ns

49413/udp open unknown

49616/udp open unknown

65096/udp open unknown

SMB-TCP 139/445

SMB遍历

（编辑：晋中站长网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!

3/19

首页

尾页

低调中爆发？165W+骁龙	社区团购仍然一团浆糊
全球首座漂浮城市选	特斯拉收回先斩后奏供