Windows

共有218篇文章

VulNyx-Build

Box Info OS Difficulty Windows Low Nmap [root@kali] /home/kali ❯ nmap 192.168.55.68 -sV -A -p- Not shown: 65523 closed tcp ports (reset) PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 | http-methods: |_ Potentially risky methods: TRACE |_http-title: IIS Windows |_http-server-header: Microsoft-IIS/10.0 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds? 8080/tcp open http Jetty 12.0.19 |_http-server-header: Jetty(12.0.19) |_http-title: Site doesn't have a title (text/html;charset=utf-8). | http-robots.txt: 1 disallowed entry |_/ 49664/tcp open msrpc Microsoft Windows RPC 49665/tcp open msrpc Microsoft Windows RPC 49666/tcp open msrpc Microsoft Windows RPC 49667/tcp open msrpc Microsoft Windows RPC 49668/tcp open msrpc Microsoft Windows RPC 49669/tcp open msrpc Microsoft Windows RPC 49670/tcp open msrpc Microsoft Windows RPC MAC Address: 08:00:27:9C:A2:BB (PCS Systemtechnik/Oracle VirtualBox virtual NIC) Device type: general purpose Running: Microsoft Windows 10 OS CPE: cpe:/o:microsoft:windows_10 OS details: Microsoft Windows 10 1709 - 21H2 Network Distance: 1 hop Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_clock-skew: 14h59m58s | smb2-time: | date: 2025-06-01T03:03:58 |_ start_date: N/A |_nbstat: NetBIOS name: BUILD, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:9c:a2:bb (PCS Systemtechnik/Oracle VirtualBox virtual NIC) | smb2-security-mode: | 3:1:1: |_ Message signing enabled but not required Jenkins RCE 来到8080端口,默认的用户凭证就是admin/admin ...

2025年05月31日 · 2 分钟 · 576 字 · HYH

HTB-Fluffy

Box Info OS Difficulty Windows Easy As is common in real life Windows pentests, you will start the Fluffy box with credentials for the following account: j.fleischman / J0elTHEM4n1990! Nmap [root@kali] /home/kali/Fluffy ❯ nmap Fluffy.htb -sV -T4 PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: fluffy.htb0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: fluffy.htb0., Site: Default-First-Site-Name) 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: fluffy.htb0., Site: Default-First-Site-Name) 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: fluffy.htb0., Site: Default-First-Site-Name) 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 添加dc01.fluffy.htb到/etc/host ...

2025年05月29日 · 6 分钟 · 2729 字 · HYH

HTB-Puppy

Box Info OS Difficult Windows Medium As is common in real life pentests, you will start the Puppy box with credentials for the following account: levi.james / KingofAkron2025! Nmap [root@kali] /home/kali/Puppy ❯ nmap puppy.htb -sV PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos 111/tcp open rpcbind 2-4 (RPC #100000) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: PUPPY.HTB0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 2049/tcp open nlockmgr 1-4 (RPC #100021) 3260/tcp open iscsi? 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: PUPPY.HTB0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) RPC [root@kali] /home/kali/Puppy ❯ rpcclient 10.xx.xx.xx -U levi.james ⏎ Password for [WORKGROUP\levi.james]: rpcclient $> enumdomusers user:[Administrator] rid:[0x1f4] user:[Guest] rid:[0x1f5] user:[krbtgt] rid:[0x1f6] user:[levi.james] rid:[0x44f] user:[ant.edwards] rid:[0x450] user:[adam.silver] rid:[0x451] user:[jamie.williams] rid:[0x452] user:[steph.cooper] rid:[0x453] user:[steph.cooper_adm] rid:[0x457] rpcclient $> 得到一个用户列表 ...

2025年05月28日 · 6 分钟 · 2727 字 · HYH

Thehackerslabs-Black Gold

Box Info OS Windows Difficulty Hard Nmap [root@kali] /home/kali ❯ nmap 192.168.56.10 -sV -A -p- PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 | http-methods: |_ Potentially risky methods: TRACE |_http-server-header: Microsoft-IIS/10.0 |_http-title: Neptune 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-04-08 07:26:35Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: neptune.thl0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: neptune.thl0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Not Found 9389/tcp open mc-nmf .NET Message Framing 49664/tcp open msrpc Microsoft Windows RPC 49670/tcp open msrpc Microsoft Windows RPC 53459/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 53460/tcp open msrpc Microsoft Windows RPC 53470/tcp open msrpc Microsoft Windows RPC 53479/tcp open msrpc Microsoft Windows RPC MAC Address: 08:00:27:37:4E:C0 (Oracle VirtualBox virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): Microsoft Windows 2022|11|2016 (97%) OS CPE: cpe:/o:microsoft:windows_server_2016 Aggressive OS guesses: Microsoft Windows Server 2022 (97%), Microsoft Windows 11 21H2 (91%), Microsoft Windows Server 2016 (91%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb2-time: | date: 2025-04-08T07:27:27 |_ start_date: N/A |_nbstat: NetBIOS name: DC01, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:37:4e:c0 (Oracle VirtualBox virtual NIC) | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required 修改**/etc/hosts** ...

2025年04月08日 · 3 分钟 · 1464 字 · HYH

Thehackerslabs-B.I.G

Box Info OS Windows Difficulty Hard Nmap [root@kali] /home/kali ❯ nmap 192.168.212.4 -sV -A -p- PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 | http-methods: |_ Potentially risky methods: TRACE |_http-title: Site doesn't have a title (text/html). |_http-server-header: Microsoft-IIS/10.0 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-04-05 23:20:54Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: bbr.thl, Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: bbr.thl, Site: Default-First-Site-Name) 3269/tcp open tcpwrapped 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-title: Not Found |_http-server-header: Microsoft-HTTPAPI/2.0 9389/tcp open mc-nmf .NET Message Framing 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-title: Not Found |_http-server-header: Microsoft-HTTPAPI/2.0 49664/tcp open msrpc Microsoft Windows RPC 49665/tcp open msrpc Microsoft Windows RPC 49666/tcp open msrpc Microsoft Windows RPC 49667/tcp open msrpc Microsoft Windows RPC 49669/tcp open msrpc Microsoft Windows RPC 49670/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 49671/tcp open msrpc Microsoft Windows RPC 49673/tcp open msrpc Microsoft Windows RPC 49676/tcp open msrpc Microsoft Windows RPC 49686/tcp open msrpc Microsoft Windows RPC 57043/tcp open msrpc Microsoft Windows RPC MAC Address: 08:00:27:29:23:16 (Oracle VirtualBox virtual NIC) Device type: general purpose Running: Microsoft Windows 2016 OS CPE: cpe:/o:microsoft:windows_server_2016 OS details: Microsoft Windows Server 2016 build 10586 - 14393 Network Distance: 1 hop Service Info: Host: BIG; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_clock-skew: 15h54m38s | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required |_nbstat: NetBIOS name: BIG, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:29:23:16 (Oracle VirtualBox virtual NIC) | smb2-time: | date: 2025-04-05T23:21:49 |_ start_date: 2025-04-05T19:55:29 将bbr.thl添加到**/etc/hosts** ...

2025年04月05日 · 3 分钟 · 1481 字 · HYH

HTB-Haze

Box Info OS Windows Difficulty Hard Nmap [root@kali] /home/kali ❯ nmap Haze.htb -sV -A PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: haze.htb0., Site: Default-First-Site-Name) | ssl-cert: Subject: commonName=dc01.haze.htb | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:dc01.haze.htb | Not valid before: 2025-03-05T07:12:20 |_Not valid after: 2026-03-05T07:12:20 |_ssl-date: TLS randomness does not represent time 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: haze.htb0., Site: Default-First-Site-Name) | ssl-cert: Subject: commonName=dc01.haze.htb | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:dc01.haze.htb | Not valid before: 2025-03-05T07:12:20 |_Not valid after: 2026-03-05T07:12:20 |_ssl-date: TLS randomness does not represent time 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: haze.htb0., Site: Default-First-Site-Name) |_ssl-date: TLS randomness does not represent time | ssl-cert: Subject: commonName=dc01.haze.htb | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:dc01.haze.htb | Not valid before: 2025-03-05T07:12:20 |_Not valid after: 2026-03-05T07:12:20 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: haze.htb0., Site: Default-First-Site-Name) |_ssl-date: TLS randomness does not represent time | ssl-cert: Subject: commonName=dc01.haze.htb | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:dc01.haze.htb | Not valid before: 2025-03-05T07:12:20 |_Not valid after: 2026-03-05T07:12:20 8000/tcp open http Splunkd httpd | http-title: Site doesn't have a title (text/html; charset=UTF-8). |_Requested resource was http://Haze.htb:8000/en-US/account/login?return_to=%2Fen-US%2F |_http-server-header: Splunkd | http-robots.txt: 1 disallowed entry |_/ 8088/tcp open ssl/http Splunkd httpd |_http-server-header: Splunkd |_http-title: 404 Not Found | ssl-cert: Subject: commonName=SplunkServerDefaultCert/organizationName=SplunkUser | Not valid before: 2025-03-05T07:29:08 |_Not valid after: 2028-03-04T07:29:08 | http-robots.txt: 1 disallowed entry |_/ 8089/tcp open ssl/http Splunkd httpd |_http-title: splunkd | ssl-cert: Subject: commonName=SplunkServerDefaultCert/organizationName=SplunkUser | Not valid before: 2025-03-05T07:29:08 |_Not valid after: 2028-03-04T07:29:08 | http-robots.txt: 1 disallowed entry |_/ |_http-server-header: Splunkd dc01.haze.htb添加到**/etc/hosts** ...

2025年03月31日 · 8 分钟 · 3673 字 · HYH

HTB-TheFrizz

Box Info OS Windows Difficulty Medium Nmap [root@kali] /home/kali/TheFrizz ❯ nmap thefrizz.htb -sV -A PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH for_Windows_9.5 (protocol 2.0) 53/tcp open domain Simple DNS Plus 80/tcp open http Apache httpd 2.4.58 (OpenSSL/3.1.3 PHP/8.2.12) |_http-title: Did not follow redirect to http://frizzdc.frizz.htb/home/ |_http-server-header: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 88/tcp open kerberos-sec Microsoft Windows Kerberos 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: frizz.htb0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: frizz.htb0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped 将frizz.htb添加到**/etc/hosts** ...

2025年03月17日 · 5 分钟 · 2322 字 · HYH

VulNyx-Change

Box Info OS Windows Difficulty Medium Nmap [root@kali] /home/kali ❯ nmap 192.168.56.114 -sV -A -p- ⏎ PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-03-11 02:36:46Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megachange.nyx0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megachange.nyx0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-title: Not Found |_http-server-header: Microsoft-HTTPAPI/2.0 9389/tcp open mc-nmf .NET Message Framing 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-title: Not Found |_http-server-header: Microsoft-HTTPAPI/2.0 49664/tcp open msrpc Microsoft Windows RPC 49665/tcp open msrpc Microsoft Windows RPC 49666/tcp open msrpc Microsoft Windows RPC 49667/tcp open msrpc Microsoft Windows RPC 49669/tcp open msrpc Microsoft Windows RPC 49670/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 49671/tcp open msrpc Microsoft Windows RPC 49674/tcp open msrpc Microsoft Windows RPC 49675/tcp open msrpc Microsoft Windows RPC 49680/tcp open msrpc Microsoft Windows RPC 49697/tcp open msrpc Microsoft Windows RPC MAC Address: 08:00:27:DD:48:CA (Oracle VirtualBox virtual NIC) Device type: general purpose Running: Microsoft Windows 2019 OS details: Microsoft Windows Server 2019 Network Distance: 1 hop Service Info: Host: CHANGE; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required |_clock-skew: 15h59m57s |_nbstat: NetBIOS name: CHANGE, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:dd:48:ca (Oracle VirtualBox virtual NIC) | smb2-time: | date: 2025-03-11T02:37:41 |_ start_date: N/A 把megachange.nyx添加到**/etc/hosts** ...

2025年03月11日 · 3 分钟 · 1353 字 · HYH

HackMyVm-DC02

Box Info OS Windows Difficulty Medium Nmap [root@kali] /home/kali ❯ nmap 192.168.56.126 -sV -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-02 18:44 CST Nmap scan report for 192.168.56.126 Host is up (0.00028s latency). Not shown: 989 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-03-02 23:47:04Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped MAC Address: 08:00:27:4E:CF:21 (Oracle VirtualBox virtual NIC) Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.84 seconds 把SOUPEDECODE.LOCAL、DC01.SOUPEDECODE.LOCAL添加到**/etc/hosts** ...

2025年03月03日 · 3 分钟 · 1236 字 · HYH

HackMyVM-DC03

Box Info OS Windows Difficulty Medium Nmap [root@kali] /home/kali/Desktop ❯ nmap 192.168.56.103 -sSV -Pn -A -T4 PORT STATE SERVICE VERSION 53/tcp open domain? 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-03-02 03:01:34Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped MAC Address: 08:00:27:46:72:D1 (Oracle VirtualBox virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): Microsoft Windows 2022|11|2016 (97%) OS CPE: cpe:/o:microsoft:windows_server_2016 Aggressive OS guesses: Microsoft Windows Server 2022 (97%), Microsoft Windows 11 21H2 (91%), Microsoft Windows Server 2016 (91%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required |_clock-skew: 14h59m36s | smb2-time: | date: 2025-03-02T03:03:53 |_ start_date: N/A |_nbstat: NetBIOS name: DC01, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:46:72:d1 (Oracle VirtualBox virtual NIC) 把DC01.SOUPEDECODE.LOCAL添加到**/etc/hosts** ...

2025年03月01日 · 3 分钟 · 1187 字 · HYH