instance of exploiting exploit rights
Premise: has penetrated into an XP or 2003 system
First, the experimental target vulnerability: ms11-080
Patch: Kb2592799
Vulnerability Information: https://technet.microsoft.com/library/security/ms11-080
1, the Searchsploit command to find the vulnerability "Note: Find the vulnerability of the command-line window to be able to fully display the title and path"
#有python和ruby两种漏洞利用代码, depending on your preference, this chapter chooses Python
2. Search by Sandi
View a description of exploit code
#通过Afd. sys file for right of reference
# # #使用32位系统, XP and 2003,eng: Indicates that the English version of the operating system may not be applicable in Chinese
Copy 18176.py to XP system "Note: XP needs to install Python environment"
Chinese version XP test
May appear blue screen, can not realize the right to raise!
1, using the English version of XP for this experiment
2, by modifying the code to enable it to support the Chinese version
#1. If the system patch is installed, first uninstall, then proceed
#2. If the system does not have the required compilation environment, you can first compile the code into EXE execution program
How do python scripts compile into EXE executable programs?
1. Download Pyinstaller "https://pypi.python.org/pypi/PyInstaller/2.1" "function: Convert other Python scripts to exe"
2, download Pywin32 "http://sourceforge.net/projects/pywin32/files/pywin32/Build%20219/"
Install Pywin32 First, then put the extracted pyinstaller into python27, put 18176.py into the Pyinstaller file, run in command line mode
#.. \python.exe Specifying the system path
#--onefile Integrating library files into generated EXE files
In order to prevent uploading to other systems, by the anti-virus software interception, first compression
Normal user cannot write in C drive, extract to temp file
Success, create your own administrator account, or elevate yourself to Administrator privileges
For example: #net User B b/add #net localgroup Administrators a/add
Second, the experimental target vulnerability: ms11-046
Implement DOS "blue screen, restart"
ms14-068 "Can elevate a normal user of a host in a domain to domain administrator rights"
In the enterprise environment, the domain environment manages the computer, can control the entire domain environment's computer through the Domain control Administrator account Authority, can even control to other resources "such as: financial system" # #微软在域方面的安全问题比较少
Build domain "domain: http://www.cnblogs.com/suizhikuo/articles/2117831.html"
You must use the server version of the operating system as domain control management "such as: 2003"
Http://www.poluoluo.com/server/200809/46996.html
# #需使用静态ip地址, and yourself as your own DNS server
Assigning domain account passwords to individuals, restricting operational resources
Kali Integration Vulnerability Script
# #生成票据文件
ms14-068.py-u [email protected]-s usersid-d dc.lab.com
TGT: Authentication file for domain environment
#发起会话请求, Get notes
Python 35474.py-u [email protected]-s s-1-5-21-1174131619-510335615-37023860181-1107-d 192.168.1.145
#域里面的SID-D To specify the domain controller name/IP "Unless Kali also specify the same DNS, you will need to write to the address"
Log on to the machine, copy the ticket file to XP
Right under the command line
Mimikatz.exe Log "Kerberos::P TC [EMAIL protected]" exit
"If an exception occurs, try restarting the solution"
# # #在客户端XP系统, not successful, need to be on Win7
Using Mimikatz
# #kali中若提示出现缺少库文件
Can be downloaded to this website Https://github.com/bidord/pykek
On the Linux platform, exploit the right
cve-2012-0056 "Http://cve.scap.org.cn/CVE-2012-0056.html"
/proc/pid/mem #proc目录为系统启动过程中生成的临时目录, storing a large number of memory directories
This vulnerability exists in Linux with kernel versions higher than 2.6.39 "the latest kernel version has been fixed"
Principle: "https://git.zx2c4.com/CVE-2012-0056/about/"
Target drone: Ubuntu11.10 "old Ubuntu (stopped updating): http://old-releases.ubuntu.com/releases/11.10/"
Copy 18411.c to Ubuntu system
scp/usr/share/exploitdb/platforms/linux/local/18411.c [Email protected]:/home/admin/
Authorize chmod, run./exp
# #ubuntu早期版本中, do not integrate GCC commands and need to be updated manually
sudo apt-cdrom add && sudo apt-get install gcc
# #当更新源找不到包, the available installation CD as the update source "CD-ROM comes with a variety of packages, but the version is not necessarily up-to-date"
Select the ISO file, mount to the MNT directory or media directory "sudo mount/dev/cdrom/media/cdrom" and specify the update source "sudo apt-cdrom add" via the Mount command
Small white diary 24:kali penetration Test (IV.)--exploitation of the right to exploit the loophole