https://blog.qife122.com/tags/gpo%E6%BB%A5%E7%94%A8/ Recent content in GPO滥用 on 办公AI智能小助手 Hugo zh-cn qife Sat, 27 Sep 2025 14:08:57 +0800 https://blog.qife122.com/p/htb-babytwo%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E5%AE%9E%E6%88%98%E4%BB%8Esmb%E6%BC%8F%E6%B4%9E%E5%88%B0gpo%E6%8F%90%E6%9D%83/ Sat, 27 Sep 2025 14:08:57 +0800 https://blog.qife122.com/p/htb-babytwo%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E5%AE%9E%E6%88%98%E4%BB%8Esmb%E6%BC%8F%E6%B4%9E%E5%88%B0gpo%E6%8F%90%E6%9D%83/ <h1 id="初始扫描">初始扫描</h1> <p>nmap扫描发现21个开放TCP端口，显示这是一个Windows域控制器：</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">oxdf@hacky$ nmap -p- -vvv --min-rate <span class="m">10000</span> 10.129.194.134 </span></span><span class="line"><span class="cl">PORT STATE SERVICE </span></span><span class="line"><span class="cl">53/tcp open domain </span></span><span class="line"><span class="cl">88/tcp open kerberos-sec </span></span><span class="line"><span class="cl">445/tcp open microsoft-ds </span></span><span class="line"><span class="cl"><span class="c1"># ...其他端口...</span> </span></span></code></pre></td></tr></table> </div> </div><h1 id="smb枚举">SMB枚举</h1> <p>使用netexec进行SMB共享枚举，发现多个可访问共享：</p>