`

Windows工具集

 
阅读更多
参考:https://community.rapid7.com/servlet/JiveServlet/downloadBody/2881-102-2-6389/Mitigating%20Service%20Account%20Credential%20Theft%20on%20Windows.pdf

Kerberos
KerbCrack(http://ntsecurity.nu/toolbox/kerbcrack/)
Cain & Abel(http://www.oxid.it/cain.html)
Password Recovery(http://www.elcomsoft.com/products.html)

NTLM
NTLMv1和NTLMv2都存在明显的漏洞,可以观察或MITM一个NTLM session的攻击者可以欺骗高选项user认证到他们的系统,或者可以可以使用MITM来进行降级攻击。最后攻击者可以使用使用重放攻击。
工具:
Responder(https://github.com/SpiderLabs/Responder)
Squirtle(https://code.google.com/p/squirtle/)
Cain & Abel(http://www.oxid.it/cain.html)
SMBRelay3(http://www.tarasco.org/security/smbrelay/)
The Metasploit Framework

线下暴力破解工具
John the Ripper by Solar Designer
Cain & Abel by Massimiliano Montoro
HashCat & oclHashCat by Atom
L0phtcrack by L0pht Holdings
Password Recovery by ElcomSoft
CloudCracker.com by Thoughtcrime Labs
分享到:
| Shellshock示例
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics