• ÍêÃÀÊÊÅä iOS 11 Files£¬Ö§³Ö iTunes Îļþ¹²Ïí
2¡¢Èç¹ûûÓÐÎÊÌ⣬Ôò°ÎÏÂÖ÷»úµçÔ´Ïߣ¬ÔÚ´ò¿ª»úÏ䣬¼ì²éÄڴ棬ÓêÁÖľ·çwin10Óü¤»î£¬ÏÔʾ¿¨µÈÊÇ·ñ½Ó´¥²»Á¼
4¡¢´ÅͷоƬ¹ÊÕÏ
оƬ³öÏÖÎÊÌâ¿ÉÄÜ»á³öÏÖ´ÅÍ·²»ÄÜÕýÈ·Ñ°µÀ¡¢Êý¾Ý²»ÄÜдÈëÅÌƬ¡¢²»ÄÜʶ±ðÓ²ÅÌ¡¢ÓÐÒìÏìµÈ¹ÊÕÏÏÖÏó
ÏñWindowsµÄÆäËû°æ±¾Ò»Ñù£¬windows 10ÈÔÈ»´æÔÚ²»ÉÙµÄBUG£¬Óв»ÉÙÓû§¾ÍÓöµ½¹ýÕâÖÖÇé¿ö£ºÔÚ´ò¿ªIEÊdzöÏÖ“·þÎñÆ÷ÕýÔÚÔËÐÐÖУ¬ÓÉÓÚÁíÒ»¸ö³ÌÐòÕýÔÚÔËÐÐÖУ¬ÓêÁÖľ·ç win7 ghost£¬´Ë²Ù×÷ÎÞ·¨Íê³É2¡¢ÌØÊâÇé¿ö¡£Èçϵͳ“ÖÐÕДÁË£¬ÏµÍ³¹¦ÄܾÍÏÔµÃÓÐЩѷɫÁË¡£ÓÐЩ²¡¶¾Ä¾Âí»áÁôÏÂÖ´ÐÐDZ·üÈÎÎñµÄÌØÎñ·Ö×Ó£¬²ØÄäÔÚ»ØÊÕÕ¾ÄÚ¡£´Ëʱ£¬ÓÃÉÏÃæµÄ²Ù×÷Êǽâ¾ö²»µôËüµÄ¡£
ÏÔʾÆ÷¼ÓµçʱÓÐ"àê"µÄÒ»ÉùÏ죬ÇÒÏÔʾÆ÷µÄµçԴָʾµÆÁÁ£¬Óû§Òƶ¯µ½ÏÔʾÆ÷ÆÁĻʱÓÐ"ßÐßÐ"Éù£¬ÊÖ±³º¹Ã«ÊúÆð
ÁíÍ⣬¿ªÆô“Blue Support Servie”·þÎñÒ²¿É½â¾ö“É豸ºÍ´òÓ¡»úÎÞ·¨´ò¿ª”µÄÎÊÌâ¡£
¡¡¡¡linuxºÍwindows˫ϵͳµÄ°²×°ÊÇÓеÄС»ï°éÔÚ¼¼ÊõµÄÖ§³ÖÖÐÐèÒªµÄ£¬ÄÇÈç¹ûÄãÒ²ÊǶÔʱ¼äͬ²½µÄÎÊÌâ²»»á´¦ÀíµÄ»°£¬ÓêÁÖľ·çwin10£¬±¾´ÎµÄ·½·¨¶ÔÓÚlinuxºÍwindowsÁ½¸öϵͳʱ¼äͬ²½·½·¨µÄ½Ì³Ì¿ÉÒÔÊÔÊÔ
Èçͼ£º
5¡¢¶ø“slmgr -dlv”Ôò¿ÉÒԲ鿴Win10Õýʽ°æ¼¤»î¸ü¼ÓÏêϸµÄÐÅÏ¢pe×°²»ÁË64λϵͳ2¡¢ÔÚµçÄÔ×ÀÃæµÄ×óÏ·½ÕÒµ½ËÑË÷¿ò£¬ÊäÈë¿ØÖÆÃæ°å£¬µã»÷»Ø³µ¼ü¡£
µçÄÔÉèÖùÊÕϵĽâ¾ö·½·¨£º
1¡¢ÄÇô¶ÔÔÏȵçÄÔµã»÷¡¾¿ªÊ¼-¿ØÖÆÃæ°å-Ìí¼ÓÐÂÓ²¼þ-²éÕÒ¡¿È»ºó²éÕÒÓÐûÓÐÍⲿÉ豸£¬Èç¹ûÓеĻ°¿ÉÒÔ´ò¿ªµã»÷¡¾Ó²¼þ¡¿½«Çý¶¯Ð¶Ôصô£¬È»ºóÔÚ²åÈë¶Á¿¨Æ÷£¬ÖØа²×°Çý¶¯;
2¡¢µ±È»¿ÉÒÔ½øÈëµ½°²È«Ä£Ê½£¬È»ºóÐÞ¸´×¢²á±í£¬È»ºóÔÚÖØнøÈëµ½Õý³£Ä£Ê½À´²å°Î¶Á¿¨Æ÷£¬²é¿´¹ÊÕÏʱºò½â¾öÁ˵ç³Ø²»ÒªÏÐÖÃʱ¼äÌ«³¤£¬³¤Ê±¼äÏÐÖÃÒªÔÚÀïÃæÊÂÏȳäÉÏ70%×óÓҵĵçÁ¿;
¹¦ÄÜÌØÐÔ
ÄÚ½¨smbÈÏÖ¤·þÎñÆ÷,Ö§³ÖµÄ·¶Î§: Windows 95 µ½ Server 2012 RC, Samba ÒÔ¼° Mac OSX Lion,¸Ã¹¦ÄÜ»áĬÈϱ»ÆôÓÃ,¿ÉÒÔÓÃÀ´½Ø»ñhash À´ÓÃÓÚsmb relay¹¥»÷
ÄÚ½¨mssqlÈÏÖ¤·þÎñÆ÷.¶Ôwindows°æ±¾¸ßÓÚwindows VistaµÄ»úÆ÷ʹÓÃ-rÑ¡Ïî À´Öض¨ÏòmssqlÈÏÖ¤µ½¸Ã¹¤¾ß,ÔÚWindows SQL Server 2005 & 2008 Éϳɹ¦²âÊÔ.
ÄÚ½¨httpÈÏÖ¤·þÎñÆ÷,¶Ôwindows°æ±¾¸ßÓÚwindows VistaµÄ»úÆ÷ʹÓÃ-rÑ¡ÏîÀ´Öض¨ÏòhttpÈÏÖ¤µ½¸Ã¹¤¾ß.³É¹¦ÔÚ IE 6 µ½ IE 10, Firefox, Chrome, Safari.²âÊÔ
ÄÚ½¨httpsÈÏÖ¤·þÎñÆ÷,¶Ôwindows°æ±¾¸ßÓÚwindows VistaµÄ»úÆ÷ʹÓÃ-rÑ¡Ïî À´Öض¨ÏòhttpsÈÏÖ¤µ½¸Ã¹¤¾ß certs/ Ŀ¼ÏÂÓÐÁ½¸öĬÈϵÄÖ¤Êé.
ÄÚ½¨LDAPÈÏÖ¤·þÎñÆ÷,¶Ôwindows°æ±¾¸ßÓÚwindows VistaµÄ»úÆ÷ʹÓÃ-rÑ¡Ïî À´Öض¨ÏòLDAPÈÏÖ¤µ½¸Ã¹¤¾ß
ÄÚ½¨FTP, POP3, IMAP, SMTP ·þÎñÆ÷ÓÃÓÚÊÕ¼¯Ã÷ÎĵÄƾ¾Ý.
ÄÚ½¨DNS ·þÎñÆ÷.ÓÃÀ´ÏìÓ¦ AÀàÐͲéѯ,ÅäºÏarpÆÛƹ¥»÷¾Í·Ç³£À÷º¦ÁË.
ÄÚ½¨ WPAD ´úÀí·þÎñÆ÷.¸ÃÄ£¿é»áץȡÍøÂçÖеÄÊý¾Ý°ü,È»ºóÕÒµ½¿ªÆôÁËAuto-detect settingsµÄieä¯ÀÀÆ÷,È»ºóÏòËû×¢ÈëPAC½Å±¾¾ßÌå¿ÉÒÔ¿´Responder.conf.
Browser Listener ÔÚÒþÉíģʽÏÂÕÒÖ÷Óò¿Ø
Ö¸ÎÆʶ±ðÄ£¿é ʹÓà -f ±êÇ©ÆôÓÃ,Ëû»á×Ô¶¯Ê¶±ðʹÓÃµÄ LLMNR/NBT-NS²éѯµÄÖ÷»úÖ¸ÎÆ.
IcmpÖض¨ÏòÄ£¿é python tools/Icmp-Redirect.py ÔÚWindows XP/2003ÒÔ¼°¸üÔç°æ±¾µÄÓò³ÉÔ±À´½øÐÐÖмäÈ˹¥»÷,Ò»°ãÅäºÏ DNS ·þÎñÆ÷Ä£¿éÀ´Ê¹ÓÃ.
Rogue DHCP Rogue DHCP
·ÖÎöģʽ ʹÓÃÕâÖÖģʽÄã¿ÉÒԲ鿴ûÓо¹ýÈκζ¾»¯µÄNBT-NS, BROWSER, LLMNR, DNSÇëÇóµÄÕæʵÐÎ̬.ͬʱ¿ÉÒÔ±»¶¯µÄÓ³ÉäÄÚÍøµÄÍØÆË,ͬʱ¿ÉÒԲ鿴ÊÇ·ñ¿ÉÒÔ½øÐÐicmpÖض¨Ïò¹¥»÷.
SMBRelayÄ£¿é Õë¶ÔÌض¨µÄÓû§Ê¹ÓÃÆäƾ¾ÝÖ´ÐÐÎÒÃǶ¨ÒåµÄÃüÁî
ÈÕÖ¾¼Ç¼
ËüËùÓÐ×¥µ½µÄhash¶¼»á±»´òÓ¡µ½±ê×¼Êä³ö½Ó¿ÚÉÏͬʱ»áÒÔÏÂÃæµÄ¸ñʽ´æ´¢.
(MODULE_NAME)-(HASH_TYPE)-(CLIENT_IP).txt
ÈÕÖ¾ÎļþλÓÚ logs/ Ŀ¼ÏÂ,ËùÓеĻ¶¼»á¼Ç¼µ½ Responder-Session.log ,·ÖÎöģʽϵÄÈÕÖ¾±£´æµ½ Analyze-Session.log, ¶¾»¯Ä£Ê½ÏµÄÈÕÖ¾±£´æµ½ Poisoners-Session.log.ͬʱËùÓÐ×¥µ½µÄhash¶¼»á´æ´¢µ½ÎÒÃÇÔÚResponder.confÖÐÅäÖõÄsqliteÊý¾Ý¿âÖÐ.
Ñ¡Ïî
--version show program's version number and exit
-h, --help show this help message and exit
-A, --analyze Analyze mode. This option allows you to see NBT-NS,
BROWSER, LLMNR requests without responding.
-I eth0, --interface=eth0
Network interface to use
-b, --basic Return a Basic HTTP authentication. Default: NTLM
-r, --wredir Enable answers for netbios wredir suffix queries.
Answering to wredir will likely break stuff on the
network. Default: False
-d, --NBTNSdomain Enable answers for netbios domain suffix queries.
Answering to domain suffixes will likely break stuff
on the network. Default: False
-f, --fingerprint This option allows you to fingerprint a host that
issued an NBT-NS or LLMNR query.
-w, --wpad Start the WPAD rogue proxy server. Default value is
False
-u UPSTREAM_PROXY, --upstream-proxy=UPSTREAM_PROXY
Upstream HTTP proxy used by the rogue WPAD Proxy for
outgoing requests (format: host:port)
-F, --ForceWpadAuth Force NTLM/Basic authentication on wpad.dat file
retrieval. This may cause a login prompt. Default:
False
--lm Force LM hashing downgrade for Windows XP/2003 and
earlier. Default: False
-v, --verbose Increase verbosity.
ʾÀý
WPAD´úÀí·þÎñÆ÷
WPADÓÃÓÚÔÚwindowsÖÐ×Ô¶¯»¯µÄÉèÖÃieä¯ÀÀÆ÷µÄ´úÀí.´ÓWindows 2000¿ªÊ¼¸Ã¹¦Äܱ»Ä¬ÈÏ¿ªÆô. windowsÖ÷»úÊ×ÏÈ»áÏò dhcp·þÎñÆ÷ºÍdns·þÎñÆ÷²éѯ wpad. µÄ·¾¶,Èç¹ûÕÒ²»µ½µÄ»¯,»áÏò±¾µØ¾ÖÓòÍø·¢ËÍ LLMNR ºÍ NBT-NS²éѯ.Èç¹û´ËʱResponder ÔËÐÐÔÚÕâ¸öÍøÂçÖÐ,Ëû»áÏìÓ¦ÕâЩÇëÇó²¢Çһ᷵»ØÒ»¸öÎÒÃÇÖ¸¶¨µÄ wpad.datÎļþ¸øÄ¿±êä¯ÀÀÆ÷.Ò»¸ö wpad.datÎļþʾÀý
function FindProxyForURL(url, host)
{
if ((host=="localhost") || shExpMatch(host, "localhost.*") ||(host=="127.0.0.1") || isPlainHostName(host))
return "DIRECT";
if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)"))
return "DIRECT";
return 'PROXY ISAProxySrv:3141; DIRECT';
}
¸ÃÎļþµÄ×÷ÓÃΪ:
µ±Ïòlocalhost ,127.0.0.1 ,»òÕßÊÇ plainÖ÷»úÃû(±ÈÈç: http://pre-prod/service.amx),ʱ¾Í²»Ê¹ÓÃResponder´úÀí¶øÖ±½ÓÁ¬½Óµ½·þÎñÆ÷
µ±ÇëÇó*.RespProxySrv Ò²ÊÇÖ±½ÓÁ¬½Ó
ÆäËûÇëÇóʱ¶¼»áʹÓà λÓÚ ISAProxySrv:3141µÄ Responder´úÀí·þÎñÆ÷.
Ò»µ©ä¯ÀÀÆ÷ÊÕµ½Ò»¸öÎÒÃÇαÔìµÄwpad.datÎļþ,Ëû¾Í»áʹÓÃÎÒÃǵÄResponder´úÀí·þÎñÆ÷.
¿ÉÒÔ¿´µ½ä¯ÀÀÆ÷ÒѾ¿ªÊ¼Ê¹ÓÃÎÒÃǵÄResponder´úÀí·þÎñÆ÷ÁË,ËûµÄÁ÷Á¿ÒѾ¿ÉÒÔ±»Ðá̽µ½ÁË.ʹÓÃÁË -F on Ñ¡ÏîµÄ×÷ÓÃÊǵ±ä¯ÀÀÆ÷ÔÙ´ÎÇëÇó wpad.datÎļþʱǿÖÆËûʹÓà NTLM ÈÏÖ¤. ¸ÃÑ¡ÏîĬÈϹرÕ.
´ÓÉÏÃæµÄͼƬ¿ÉÒÔ¿´µ½ÏÖÔÚÄ¿±êÖ÷»úµÄÁ÷Á¿ÒѾ±» ResponderËù½Ø»ñÁË.ÕâʱÎÒÃÇ¿ÉÒÔÏòËû×¢Èë¶ñÒâµÄhtml´úÂë.¿ÉÒÔÔÚ Responder.confÖÐÅäÖÃÐèҪעÈëµÄhtml ´úÂë.
SMB RelayÄ£¿é
SMBRelay½Å±¾ÐèÒªºÍResponderÒ»ÆðʹÓÃ,ÔÚʹÓà SMBRelay½Å±¾ ÎÒÃÇÐèÒªuÅÌд±£»¤ÈçºÎ½â³ýÔÚResponder.conf ÖÐÉèÖà [Responder Core]±êÇ©Ï嵀 SMB=Off,ʹÓøýű¾Ê±»¹Òª¸øÒ»¸öÕë¶ÔʹÓÃSMBRelay¹¥»÷µÄÓû§ÃûÁбí,ͬʱÔÚʹÓøýű¾Ç°Ò»°ãÏÈʹÓà nmap smb-enum-users»ò enum4linuxÀ´Ã¶¾ÙÓû§È¨ÏÞ,ÒÔ±ãÑ¡È¡¸ßȨÏÞµÄÓû§À´Ö´ÐÐÎÒÃǵÄÃüÁî.
ÔÚÉÏÃæÕâ¸öÀý×ÓÖÐÎÒÃdzɹ¦¶Ô Administrator Õ˺ÅʵÏÖÁËSMBRelay¹¥»÷,¹¥»÷µÄ½á¹¹¾ÍÊÇ,´´½¨ÁËÒ»¸ö¹ÜÀíÔ±Óû§.
·ÖÎöģʽ
Responder±¾Éí¾ÍÊÇÉè¼Æ³ÉÁËÒ»¸öÒþ±ÎµÄÉø͸¹¤¾ß.ͨ¹ýʹÓÃʹÓøÃģʽÎÒÃÇ¿ÉÒԲ鿴ÕæÕýµÄLLMNR, NBT-NS ÒÔ¼°ä¯ÀÀÆ÷ÇëÇó¹ã²¥.ÔÚÏÂÃæÕâ¸öÀý×ÓÖÐÎÒÃÇ±È½Ï ±¾»úipµØÖ·ºÍ dns·þÎñÆ÷µÄipµØÖ·À´ÅжÏÊÇ·ñ¿ÉÒÔʹÓà icmpÖض¨Ïò¹¥»÷
.¸ÃÀý×ÓÖÐÒ»¸ö×î»ù±¾µÄÊä³öÈçÏÂ
ÔÚ¸ÃÄ£¿éÏÂÓÐÒ»¸ö Lanman ×ÓÄ£¿é,ʹÓÃÕâ¸öÄ£¿éÎÒÃÇ¿ÉÒÔ±»¶¯µÄÓ³Éä³öÄÚÍøÖеÄÓò¿Ø,sql server ,Óò³ÉÔ±.....
ICMPÖض¨Ïò¹¥»÷
Ä¿±ê windows xp 2003 ÒÔϵİ汾.»·¾³ÅäÖÃ
¹¥»÷ÕßÓµÓеÄip 192.168.2.10
Óò¿ØÖÆÆ÷ip 192.168.3.58,ͬʱËûÒ²ÊÇÖ÷dns·þÎñÆ÷
Ä¿±êip 192.168.2.39
Íø¹Øip 192.168.2.1
¹¥»÷֮ǰ,·Óɱí:
Ê×ÏÈÔÚ±¾»ú½ûÓÃicmp³ö¿ÚÁ÷Á¿
È»ºóÔËÐÐ Icmp-Redirect.py ½Å±¾
¹¥»÷Ö®ºó,·Óɱí:
ÏÖÔÚÎÒÃÇ¿ÉÒÔ´´½¨Ò»¸ö NAT ·À»ðǽ¹æÔò ʹµÃ±¾»úÀ´ÏìÓ¦ËùÓдÓ192.16uÅÌÆô¶¯ÅÌϵͳ·ÅÄÄ8.2.39 µ½ 192.168.3.58µÄdnsÇëÇó
iptables -t nat-A PREROUTING -p udp --dst 192.168.3.58 --dport 53 -j DNAT--to-destination 192.168.2.10:53
Ö®ºó,Responder¾Í¿ÉÒÔÏìÓ¦dnsÇëÇóÁË.ÀûÓÃÕâ¸ö¾Í¿ÉÒÔ×öºÜ¶àÓÐȤµÄÊÂÇéÁË.
Ö¸ÎÆʶ±ð
×Ô¶¯Ê¶±ðʹÓÃµÄ LLMNR/NBT-NS²éѯµÄÖ÷»úÖ¸ÎÆ
ftpÃÜÂëץȡģ¿é
×ܽá
¸Ã¹¤¾ßÓÖÌṩÁ˼¸ÖÖ¶ÔÄÚÍø½øÐÐÉø͸µÄ˼·. smbrelay ,½Ù³Öwpad´úÀí,icmpÖмäÈË........
¡£
±¾ÎÄÊôÓÚÔ´´ÎÄÕ£¬ÈçÈôתÔØ£¬Çë×¢Ã÷À´Ô´£ºÓêÁÖľ·çϵͳÏÂÔØ¡£ÎÒÃDZ¾ÎÄ»°Ìâ¾ÍÊÇ£ºwin764λװ32λϵͳÂðwin7 64λϵͳiso£¬ÒÔÉϵÄÈ«²¿ÄÚÈݲ»´ú±í±¾Õ¾µãÆÀ,½ö´Ë²Î¿¼£¬ÏëÒªÁ˽â¸ü¶à£¬Çë¹Ø×¢±¾ÎÄ×÷Õß:Íõ¶þµ°,Ó¦Óо¡ÓС£