{"id":74,"date":"2024-03-22T10:00:00","date_gmt":"2023-05-11T02:00:00","guid":{"rendered":"http:\/\/123.207.45.199\/index.php\/2023\/05\/11\/%e5%86%85%e7%bd%91%e4%bf%a1%e6%81%af%e6%94%b6%e9%9b%86\/"},"modified":"2026-05-31T21:58:46","modified_gmt":"2026-05-31T13:58:46","slug":"%e5%86%85%e7%bd%91%e4%bf%a1%e6%81%af%e6%94%b6%e9%9b%86","status":"publish","type":"post","link":"https:\/\/www.redspear.cn\/index.php\/2024\/03\/22\/%e5%86%85%e7%bd%91%e4%bf%a1%e6%81%af%e6%94%b6%e9%9b%86\/","title":{"rendered":"\u5185\u7f51\u4fe1\u606f\u6536\u96c6"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">\u8865\u5145:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\u83b7\u53d6\u57df\u5bc6\u7801\u4fe1\u606f=&gt;\u5bc6\u7801\u7206\u7834\u53ef\u4ee5\u4f5c\u4e3a\u4e00\u4e2a\u53c2\u8003\nnet account domain\n\u67e5\u8be2\u57df\u7ba1\u7406\u5458\u7ec4\nnet group \"Domain admins\" \/domain\n\u83b7\u53d6\u8def\u7531\u4fe1\u606f\narp -g\troute print<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">\u5e38\u89c4\u4fe1\u606f\u7c7b\u6536\u96c6<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5e94\u7528&#038;\u670d\u52a1&#038;\u6743\u9650\u7b49<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\tsysteminfo \u8be6\u7ec6\u4fe1\u606f\n\tnetstat -ano \u7aef\u53e3\u5217\u8868\nroute print \u8def\u7531\u8868\n\tnet start \u542f\u52a8\u670d\u52a1\n\ttask1ist \u8fdb\u7a0b\u5217\u8868\n\tschtasks \u8ba1\u5212\u4efb\u52a1\nipconfig \/all\t\u5224\u65ad\u5b58\u5728\u57df\nnet view \/domain\u5224\u65ad\u5b58\u5728\u57df\n\tnet time \/domain\u5224\u65ad\u4e3b\u57df\nnetstat -ano\u5f53\u524d\u7f51\u7edc\u7aef\u53e3\u5f00\u653e\nns1ookup \u57df\u540d\u8ffd\u8e2a\u6765\u6e90\u5730\u5740\nwmic service list brief \u67e5\u8be2\u672c\u673a\u670d\u52a1\nnet config workstation \u67e5\u8be2\u5f53\u524d\u767b\u5f55\u57df\u53ca\u767b\u5f55\u7528\u6237\u4fe1\u606f\nwmic startup get command,caption \u67e5\u770b\u5df2\u542f\u52a8\u7684\u7a0b\u5e8f\u4fe1\u606f<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">\u67b6\u6784\u4fe1\u606f<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u7f51\u7edc&#038;\u7528\u6237&#038;\u57df\u63a7<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">\u5173\u952e\u4fe1\u606f\u7c7b\u6536\u96c6<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5bc6\u7801&#038;\u51ed\u8bc1&#038;\u53e3\u4ee4<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u5de5\u5177<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Adfind=>\u4e0a\u4f20\u5230\u9776\u673a=>\u9488\u5bf9\u5c0f\u578b\u62d3\u6251<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>--\u5217\u51fa\u57df\u63a7\u5236\u5668\u540d\u79f0\uff1a\n\tAdFind -sc dclist\n\u67e5\u8be2\u5f53\u524d\u57df\u4e2d\u5728\u7ebf\u7684\u8ba1\u7b97\u673a\uff1a\n\tAdFind -sc computers_active\n--\u67e5\u8be2\u5f53\u524d\u57df\u4e2d\u5728\u7ebf\u7684\u8ba1\u7b97\u673a(\u53ea\u663e\u793a\u540d\u79f0\u548c\u64cd\u4f5c\u7cfb\u7edf)\uff1a\n\tAdFind -sc computers_active name operatingSystem\n\u67e5\u8be2\u5f53\u524d\u57df\u4e2d\u6240\u6709\u8ba1\u7b97\u673a\uff1a\n\tAdFind -f \"objectcategory=computer\"\n\u67e5\u8be2\u5f53\u524d\u57df\u4e2d\u6240\u6709\u8ba1\u7b97\u673a(\u53ea\u663e\u793a\u540d\u79f0\u548c\u64cd\u4f5c\u7cfb\u7edf)\uff1a\n\tAdFind -f \"objectcategory=computer\" name operatingSystem\n--\u67e5\u8be2\u57df\u5185\u6240\u6709\u7528\u6237\uff1a\n\tAdFind -users name\n\u67e5\u8be2\u6240\u6709GPO\uff1a\n\tAdFind -sc gpodmp<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">bloodHoundAD\t=>\u9488\u5bf9\u5927\u578b<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">https:\/\/github.com\/BloodHoundAD\/BloodHound<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>1.\u8fdb\u5165neo4j bin\u76ee\u5f55\u4e0b\n\u8fd0\u884c\tneo4j.bat console\n\u670d\u52a1\u542f\u52a8\u540e\uff0c\u6d4f\u89c8\u5668\u8f93\u5165\uff1a\nhttp:\/\/127.0.0.1:7474\/browser\/\n\u8d26\u53f7\u4e3aneo4j\t\u5bc6\u7801\u4e3aAdmin@123\nbloodHoundAD.exe\n\u8fdb\u5165 \\BloodHound-win32-x64\\resources\\app\\Collectors\u76ee\u5f55\t\n\u5c06exe\u4e0a\u4f20\u81f3\u8981\u6536\u96c6\u7684\u673a\u5668\u91cc\tSharpHound.exe -c all\u8fd0\u884c\t\u5c06zip\u6587\u4ef6\u62c9\u56de<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u8865\u5145: \u5e38\u89c4\u4fe1\u606f\u7c7b\u6536\u96c6 \u5e94\u7528&#038;\u670d\u52a1&#038;\u6743\u9650\u7b49 \u67b6\u6784\u4fe1\u606f \u7f51\u7edc&#038;\u7528\u6237&#038;\u57df\u63a7 &hellip; <\/p>\n","protected":false},"author":3,"featured_media":75,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-74","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-neiwang"],"_links":{"self":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts\/74","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/comments?post=74"}],"version-history":[{"count":3,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts\/74\/revisions"}],"predecessor-version":[{"id":137,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts\/74\/revisions\/137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/media\/75"}],"wp:attachment":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/media?parent=74"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/categories?post=74"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/tags?post=74"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}