File sharing permissions
Local NTFS permissions
UNC address\
Understand customer needs and formulate corresponding strategies
whoami net use f: \10.1.1.2\ipc$ password/user:user net use * /del net use f: /del Map the 10.1.1.2 shared folder to the local f drive net use f: \10.1.1.2\ share password/user:user IPC$ for exploiting the vulnerability password /user:administratorKaTeX parse error: Undefined control sequence: \windows at position 115: …1.1.2 11:19 “c:\̲w̲i̲n̲d̲o̲w̲s̲\ system32\heihe… net share View the shared services open on your computer and use brute force to crack them net localgroup net user hidden share
netstat -an
ipconfig renew Re-obtain IP. Send request to renew when there is IP. Send discovery packet to re-obtain IP when there is no IP
ipconfig release Release IP. Cancel lease
IIS-ftp software creates a new site: the final user permission is the intersection of FTP permissions and NTFS permissions
FTP working method
1) Active mode port 21 : Control port 20: Data port
2) Passive mode port 21 + random port as data transmission port
Active passive mode: The so-called master or passive station Server's perspective
8UFTP as client Serv_U as server
account password
net user username /del net user username new password /add
Promote administrator: net localgroup administrators
MySQL default username sa
Brute force cracking of any network password
ssh
hydra -l root -P /root/dic/test_pwd.dic 10.10.20.79 ssh -vV
Mysql
Hydra -l sa -P /root/dic/test_pwd.dic 10.10 .20.79 mysql -vV
Crack the Windows account hash value locally using the tool getpass
Crack the Windows hash value using the QuarksPwDump tool to read the Windows hash value, and then use the SAMinside tool to crack the hash value
DHCP principle
1. The client sends a DHCP Discovery broadcast packet to request IP allocation
2. The server responds to the DHCP Offer broadcast packet and provides an IP
3. The client sends DHCP Request broadcast packet selects IP
4. The server sends a DHCP ACK broadcast packet to determine the IP and other information
5. DHCP renewal sends DHCP Request to renew a>
DHCP server
The open port is UDP 67/68 DHCP relay technology
Scope options>Server options
When there are multiple scopes on the server You can set the DNS server in the server options
Attack the DHCP server: Frequently send fake DHCP requests, until the DHCP address pool resources are exhausted
Defense: In Dynamic MAC address binding on the switch (managed) port
Disguise DHCP server attack
Defense: On the switch (managed), in addition to legitimate DHCP All interfaces other than the server's interface are set to prohibit sending dhcp offer packets
ophcrack tool to crack window password
Obtain SAM files and system files in the system through IceSword
Hscan tool to crack ssh password
Set up phpstudy environment and DVWA
linux remote connection command ssh [email protected]
DNS server
The listening port is 53
Clear the cache ipconfig /flushddns
Display the DNS cache ipconfig /displaydns
Create a new host A Create a new alias CNAME
Primary DNS server, secondary DNS server, reverse resolution, alias, forwarder
Client domain name request resolution sequence: < a i=6> DNS cache----local hosts file-----find local DNS server Server processing sequence of domain name requests DNS cache -----Local zone parsing file-----Forwarder-----Root A record: Forward parsing record CNAME record: Alias PTR record: Reverse parsing record MX : Mail exchange record NS: Domain name resolution server DNS server classification: Primary name server Secondary name server Root name server Cache name server
area
Enter dcpromo to install domain services
Active Directory Users and Computers
Log in to the domain qf\administrator on the DC. The local administrator of the DC is upgraded to domain management. Member
Domain: Centralized/Unified Management
Active Directory->Domain Controller: DC Member Intranet Environment: Workgroup Domain