在幻泉老师的博客里看到的````
I recommend double clicking the video and watching it in full screen so its somewhat legible. This video walks through an example of attacking a windows domain. This post also contains a textual walk through.
V.
Get administrator rights on a workstation which is on a windows domain using whatever method you can find. (exploit, stolen password, smbrelay, phishing, etc). Look for the domain server. There are a variety of ways to do this. You can arp -a to find active IP's or ping scan the network and then use the nbtstat tool to look for the right domain controller identifier or an obvious hostname.
You can also browse the network neighborhood or use the net view command.
Aquiring and cracking the hashes of your target is generally useful as well.
Enumerate group membership so you know who to target.
Category:
技术文章
|
Views:
758
|
Added by:
Jury
|
Date:
2010-10-09
|
