参考:
https://community.rapid7.com/servlet/JiveServlet/downloadBody/2881-102-2-6389/Mitigating%20Service%20Account%20Credential%20Theft%20on%20Windows.pdf
Kerberos
KerbCrack(
http://ntsecurity.nu/toolbox/kerbcrack/)
Cain & Abel(
http://www.oxid.it/cain.html)
Password Recovery(
http://www.elcomsoft.com/products.html)
NTLM
NTLMv1和NTLMv2都存在明显的漏洞,可以观察或MITM一个NTLM session的攻击者可以欺骗高选项user认证到他们的系统,或者可以可以使用MITM来进行降级攻击。最后攻击者可以使用使用重放攻击。
工具:
Responder(
https://github.com/SpiderLabs/Responder)
Squirtle(
https://code.google.com/p/squirtle/)
Cain & Abel(
http://www.oxid.it/cain.html)
SMBRelay3(
http://www.tarasco.org/security/smbrelay/)
The Metasploit Framework
线下暴力破解工具
John the Ripper by Solar Designer
Cain & Abel by Massimiliano Montoro
HashCat & oclHashCat by Atom
L0phtcrack by L0pht Holdings
Password Recovery by ElcomSoft
CloudCracker.com by Thoughtcrime Labs
Windows工具集
猜你喜欢
转载自j4s0nh4ck.iteye.com/blog/2169920
今日推荐
周排行