Privilege Escalation to intranet forwarding

This article has no passion, because the author's language level is limited
Cause: to learn about Intranet penetration, I found a site,
Directly jump to get shell
The Copyright www.oldying.com is actually more about www.oldying.com/love. Diaosi's love ~
View Components ~

 
OK support ,~ Run the CMD command directly ~

Read the Basic Information
Okay,

 

. Net user. You can add an account directly for visual testing.

 

Not Echo? I will go. So proceed to pr

 

Not OK? I did not think of any problems at half past one. I found a pr with no parameters,

 

OK .. Open remote connection
Nima cannot connect?
 

After reading this, we actually opened 3389. Is it Intranet .?
Then ipconfig looked at it.
 
Confirm the Intranet. Forward immediately.
Lcx uploaded
Run the following command:
Because I am an intranet, I use a server for forwarding.
 

The local machine executes the listener and forwards it in shell
 

The server IP address is hashed.

The forwarding is successful.
Connected
 

The code is broken ,. You cannot understand

 

OK.

Then, the Intranet penetrated. First use hsacn to scan down. Not bad
 

Weak passwords of two mysql instances indicate that they will be compromised again,
Then you can see the data of a pop3 mailbox. Find the address and see if you can find something ~,