information gathering

The first use of nmap Scan the network segment and collect it to the host ip Address ：

nmap -sP 192.168.31.0/24

Scan host information ：

The discovery could be win7 Operating system and open 80 port

getshell

Because of openness 80 port , Go directly to the website :
obtain ：

Scan directory and find administrator login ：

obtain ：

Weak password :admin admin12345

phpcms9.6.3 backstage getshell A loophole in the , There are many online references to this blog ：
https://blog.csdn.net/weixin_42433470/article/details/112409431

What I'm using here is ：

user -> Administrator module -> Add member model

obtain shell:

Access permissions

Connect with an ant sword shell

And then use it cs go online ：

The modules used are ：

First create a listener ：

The attack module used is ：
attack–>web DRIVE-BY -->scripted web delivery

Generate ：

Copy to ant sword to run ：

cs It's online here ：

CS Sniffing

shell systeminfo

obtain ：

Collect to ： Domain is god.org
There is an address ：192.168.52.143

Raise the right

obtain system jurisdiction ：

cs obtain hash

Access–>Run Minikatz

CS View the domain environment :

net view

CS Get the list of hosts in the domain :

CS Get host in domain win2008

Start to get ：

Carry out orders ：

CS Get host in domain WindowsServer2003

Start to get ：

Execute the command to get ：

shell ipconfig see ip Address