Summary of various infiltration and Elevation of Privilege experiences and techniques (II)

Summary of liunx-related Elevation of Privilege penetration techniques. 1. ldap penetration skills: 1. cat/etc/nsswitch Check the Password Logon Policy. We can see that the file ldap mode is used. 2. less/etc/ldap. conf Base ou = People, dc = unix-center, dc = net Locate ou, dc, and dc settings 3. Search for administrator Information Anonymous Mode Ldapsearch-x-D "cn = administrator, cn = People, dc = unix-center, dc = net"-B "cn = administrator, cn = People, dc = unix-center, dc = net "-h 192.168.2.2 Password format Ldapsearch-x-W-D "cn = administrator, cn = People, dc = unix-center, dc = net"-B "cn = administrator, cn = People, dc = unix-center, dc = net "-h 192.168.2.2 4. Search for 10 user records Ldapsearch-h 192.168.2.2-x-z 10-p specified port Practice: 1. cat/etc/nsswitch Check the Password Logon Policy. We can see that the file ldap mode is used. 2. less/etc/ldap. conf Base ou = People, dc = unix-center, dc = net Locate ou, dc, and dc settings 3. Search for administrator Information Anonymous Mode Ldapsearch-x-D "cn = administrator, cn = People, dc = unix-center, dc = net"-B "cn = administrator, cn = People, dc = unix-center, dc = net "-h 192.168.2.2 Password format Ldapsearch-x-W-D "cn = administrator, cn = People, dc = unix-center, dc = net"-B "cn = administrator, cn = People, dc = unix-center, dc = net "-h 192.168.2.2 4. Search for 10 user records Ldapsearch-h 192.168.2.2-x-z 10-p specified port Penetration Practice: 1. Return all attributes Ldapsearch-h 192.168.7.33-B "dc = ruc, dc = edu, dc = cn"-s sub "objectclass = *" Version: 1 Dn: dc = ruc, dc = edu, dc = cn Dc: ruc ObjectClass: domain Dn: uid = manager, dc = ruc, dc = edu, dc = cn Uid: manager ObjectClass: inetOrgPerson ObjectClass: organizationalPerson ObjectClass: person ObjectClass: top Sn: manager Cn: manager Dn: uid = superadmin, dc = ruc, dc = edu, dc = cn Uid: superadmin ObjectClass: inetOrgPerson ObjectClass: organizationalPerson ObjectClass: person ObjectClass: top Sn: superadmin Cn: superadmin Dn: uid = admin, dc = ruc, dc = edu, dc = cn Uid: admin ObjectClass: inetOrgPerson ObjectClass: organizationalPerson ObjectClass: person ObjectClass: top Sn: admin Cn: admin Dn: uid = dcp_anonymous, dc = ruc, dc = edu, dc = cn Uid: dcp_anonymous ObjectClass: top ObjectClass: person ObjectClass: organizationalPerson ObjectClass: inetOrgPerson Sn: dcp_anonymous Cn: dcp_anonymous 2. view the base class Bash-3.00 # ldapsearch-h 192.168.7.33-B "dc = ruc, dc = edu, dc = cn"-s base "objectclass = *" | More Version: 1 Dn: dc = ruc, dc = edu, dc = cn Dc: ruc ObjectClass: domain 3. Search Bash-3.00 # ldapsearch-h 192.168.7.33-B ""-s base "objectclass = *" Version: 1 Dn: ObjectClass: top NamingContexts: dc = ruc, dc = edu, dc = cn SupportedExtension: 2.16.840.1.113730.3.5.7 SupportedExtension: 2.16.840.1.113730.3.5.8 Supportedsaslmechanic ISMs: EXTERNAL Supportedsaslmechanic ISMs: DIGEST-MD5 SupportedLDAPVersion: 2 SupportedLDAPVersion: 3 VendorName: Sun Microsystems, Inc. VendorVersion: Sun-Java (tm)-System-Directory/6.2 Dataversion: 020090516011411 Netscapemdsuffix: cn = ldap: // dc = webA: 389 SupportedSSLCiphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA SupportedSSLCiphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

 

Summary of liunx-related Elevation of Privilege penetration skills; 2. NFS penetration skills: List IP addresses: showmount-e ip

 

Summary of liunx-related Elevation of Privilege penetration techniques. III. rsync penetration skills: 1. view the list on the rsync server: Rsync 210.51.X.X :: Finance Img_finance