活动目录下的常见攻击方式
C$ Disk Default share IPC$ IPC Remote IPC NETLOGON Disk Logon server share Replication Disk SYSVOL Disk Logon server share Users Disk Reconnecting with SMB1 for workgroup listing. Connection to 10.10.10.100 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND) Failed to connect with SMB1 -- no workgroup available
[+] Attempting to map shares on 10.10.10.100 //10.10.10.100/ADMIN$ Mapping: DENIED, Listing: N/A //10.10.10.100/C$ Mapping: DENIED, Listing: N/A //10.10.10.100/IPC$ Mapping: OK Listing: DENIED //10.10.10.100/NETLOGON Mapping: DENIED, Listing: N/A //10.10.10.100/Replication Mapping: OK, Listing: OK //10.10.10.100/SYSVOL Mapping: DENIED, Listing: N/A //10.10.10.100/Users Mapping: DENIED, Listing: N/A ...[snip]... 而smbmap工具的输出结果就非常清楚,一目了然,如图所示,还显示了我们不经认证就有Replication Share的读取权限
|