资料收集 ’ 目录归档

2014-Top40 hashes (LM/NTLM) Crack oclHashcat



阅读全文

Exploiting MS Excel 2007 with OLE embedded objects heapspray on Win7/8/10

 

阅读全文

Root Zone Database

https://www.iana.org/domains/root/db

Domain
Type
Sponsoring Organisation

.aaa
generic
American Automobile Association, Inc.

.abb
generic
ABB Ltd

.abbott
generic
Abbott Laboratories, Inc.

.abogado
generic
Top Level Domain Holdings Limited

.ac
country-cod

阅读全文

Locate and Attack Domain SQL Servers without Scanning

from:https://www.netspi.com/blog/entryid/228/locate-and-attack-domain-sql-servers-without-scanning

0x00 背景

在这篇文章里,我将分享一个新的PowerShell脚本来使用AD中Service Principal Name (SPN) 记录判别并攻击windows域中的SQL Server,而且不需要扫描发现。起初我写这个脚本是为了在渗透测试中帮助提权及定位关键的数据。下面我将展示它对攻击者和防御者是多么的有用。

0x01 非扫描式的SQL Server发现

当你没有S

阅读全文

Win10 dump hash test

  • mimkatz 2.0
    • can dump hashes, but not plaintext passwords
  • wce 1.42 beta
    • Does not seem to dump hashes or plaintext passwords
  • fgdump 2.10
    • Works as expected and dumps hashes

mimikatz 2.0 alpha x64 output

wce 1.42beta x64 output

fgdump 2.1.0 output



阅读全文

return top