freeBuf
主站

分类

漏洞 工具 极客 Web安全 系统安全 网络安全 无线安全 设备/客户端安全 数据安全 安全管理 企业安全 工控安全

特色

头条 人物志 活动 视频 观点 招聘 报告 资讯 区块链安全 标准与合规 容器安全 公开课
报告 专辑
行业服务
政 府
CNCERT CNNVD
会员体系(甲方) 会员体系(厂商) 产品名录 企业空间
知识大陆

官方公众号企业安全新浪微博

FreeBuf.COM网络安全行业门户,每日发布专业的安全资讯、技术剖析。

FreeBuf+小程序

FreeBuf+小程序

Domain_audit是一款基于渗透测试角度的域审计工具
  • 关注
Domain_audit是一款基于渗透测试角度的域审计工具
2023-09-14 22:19:03

关于Domain_audit

该工具是PowerView、Impacket、PowerUpSQL、BloodHound、Ldaprelayscan和Crackmapexec的包装器,用于自动执行枚举和在On-Prem Active Directory渗透测试期间执行的大量检查。

检查项目

Invoke-AD CheckAll将按顺序执行以下操作:

  • 收集AD对象的基础数据,以/data/格式放入.csv目录

  • 使用bloodhound收集数据-收集方法所有,acl和会话在后台。

  • /data/中创建所有(已启用)用户、管理员帐户、计算机和组的列表

  • 列出用户、组、计算机、OU、GPO、管理员、域控制器和域功能级别的数量。

  • 检查管理员数量是否超过5%(域中管理员数量高)

  • 枚举域信任和forst内的信任

  • 检查是否安装了AzureAD或Azure SSO

  • 在SQL检查的新窗口中执行runas

    • 检查域中的SQL实例

    • 检查当前用户是否有权访问SQL实例

      • 检查当前用户是否为sysadmin

      • 收集SQL实例的数据库信息

      • 检查谁正在运行SQL实例

      • 检查数据库链接是否为sysadmin

      • 运行invoke-sqlaudit并保存所有数据

        • 检查弱密码

        • 检查执行xp_dirtree和执行xp_fileexist

  • 检查域功能级别是否为2016

  • 检查密码策略配置

    • 检查cleartextpassword = 1

    • 检查密码长度

    • 检查密码复杂性

    • 检查帐户锁定

  • 检查Kerberos策略配置是否从默认值更改

  • 检查名称中是否有带有LAPS的GPO

    • 检查GPO应用于哪个OU

    • 检查LAPS策略

      • 检查admin account name

      • 检查密码复杂性

      • 检查密码长度

      • 检查密码日期

      • 检查pwexpirationprotection enabled

      • 检查已启用

  • 检查是否有安装了LAPS的系统

    • 检查是否存在未安装LAPS的系统

  • 如果找到LAPS GPO或找到LAPS计算机-检查当前用户是否可以读取LAPS密码

  • 获取所有用户的描述-手动检查密码或感兴趣的信息

    • 检查字符串pw、pass、ww或wachtwoord是否在描述中。

  • 获取带有描述的所有组-手动检查密码或感兴趣的信息

  • 获取所有带有说明的计算机-手动检查密码或感兴趣的信息

  • 检查是否有具有Spn的管理员

  • 检查是否存在具有Spn的用户

    • 具有Spn的Kerberoast用户

  • 检查具有受限委派的用户

  • 检查具有无约束委派的用户

  • 检查具有受限委派的计算机

  • 检查除域控制器之外的具有不受约束委派的计算机

  • 检查具有基于资源的受约束委派集的计算机

  • 检查用户的PASSWD_NOT_REQ属性

    • 检查用户密码是否为空

  • 检查用户的DONT_REQ_PREAUTH属性

    • AS-REP Roast用户

  • 检查用户的DONT_EXPIRE_PASSWORD属性

  • 检查是否有使用可逆加密的用户

  • 检查是否有使用DES加密的用户

  • 检查是否有使用旧密码的域管理员

  • 检查KRBTGT是否有旧密码

  • 检查AD中的EOL操作系统

  • 查看EOS Windows 10版本

  • 检查无登录或pwdlastset早于365天的非活动计算机对象

  • 检查过去365天内未登录的非活动用户

  • 检查是否所有特权用户都属于受保护用户组

  • 检查是否所有特权用户都有“此帐户敏感且无法委派”标志

  • 检查是否有下列特权组的成员:帐户操作员、备份操作员、打印操作员、DNS管理员、架构管理员

  • 检查高特权组中是否有计算机对象

  • 检查谁可以向域添加计算机对象

    • 检查这是否是默认的身份验证用户组

    • 检查ms-ds-machineaccountqouta是什么,如果它是null(好)或not-set(坏)或其他值。

  • 检查ADIDNS

    • 如果它包含已验证用户组的createchild

    • 如果通配符记录存在

  • 检查Pre-Windows2000 Compatible Access组的成员资格,以及经过身份验证的用户是否仍然是该组的成员

  • 检查printspooler服务是否正在DC上运行

  • 检查LDAP签名是否已启用,LDAPS是否已配置且LDAPS绑定是否已启用

  • 检查域中是否存在默认Exchange组

    • 检查是否存在Exchange服务器以及其是否处于活动状态

    • 检查默认Exchange组中的成员身份

  • 检查sysvol中的密码

  • 检查netlogon中的密码(脚本,程序等)

  • 检索所有计算机对象的IP地址并创建/24范围以供进一步枚举

    • 扫描已知的Windows端口+ ssh和web的范围。为每个端口创建列表

    • 检查可访问计算机上的SMB

      • 检查SMBv1

      • 检查签名要求

      • 检查可读共享

      • 检查可写共享

      • 检查WebService客户端是否正在可访问的机器上运行

    • 检查访问

      • 通过SMB检查当前用户是否为本地管理员

      • 检查当前用户是否可以通过WINRM访问

      • 检查当前用户是否可以通过RDP访问

      • 检查当前用户是否可以通过MSSQL进行访问并且是sysadmin(WIP)

功能特性

  • 是否创建EOS Server版本查询?

  • 将域管理员/企业管理员的查询/检查更新到所有特权组。

  • 更新查询以从数据中筛选禁用用户。

  • 检查旧的易受攻击的Exchange权限

  • 将特权角色函数更改为循环并添加更多角色

  • 删除可访问计算机的-Ping功能,并使用Invoke-Portscan对特定端口执行端口扫描

  • 通过SMB、RDP、MSSQL等检查对发现的计算机的访问!

  • 找到一种审计所有ACL的方法(Invoke-ACLScanner从非域加入的角度看不起作用,-ResolvGUIDS中断!)

  • 添加ADCS检查,但首先需要在LAB环境中进行设置。

  • 添加跳过dns更改的功能

  • 为每个函数添加依赖性选项

安装和设置

  • 安装python 3.10(例如从Windows商店)

git clone https://github.com/0xJs/domain_audit
cd .\domain_audit\import\
git clone https://github.com/SecureAuthCorp/impacket
cd impacket; python3 -m pip install .
cd ../;
git clone https://github.com/zyn3rgy/LdapRelayScan;
cd LdapRelayScan;
python3 -m pip install -r .\requirements.txt
cd ../../;

  • 请确保脚本中的以下工具的路径viariables正确(如果您遵循了安装步骤,则应该正确)

$script:PowerView_Path = "$PSScriptRoot\import\PowerView.ps1"
$script:Powerupsql_Path = "$PSScriptRoot\import\PowerUpSQL.ps1"
$script:Impacket_Path = "$PSScriptRoot\import\impacket"
$script:BloodHound_Path = "$PSScriptRoot\import\Sharphound.ps1"
$script:GpRegisteryPolicy_Path = "$PSScriptRoot\import\GPRegistryPolicy\GPRegistryPolicy.psd1"
$script:CME_Path = "$PSScriptRoot\import\cme"
$script:LdapRelayScan_Path = "$PSScriptRoot\import\LdapRelayScan\LdapRelayScan.py"

  • 访问Sysvol访问被拒绝的问题?

    • 要解决此问题,请运行gpedit.msc,转到Computer -> Administrative Templates -> Network -> Network Provider -> Hardened UNC Paths,启用策略并单击“显示”按钮。

    • 在“值名称”中输入*,在值中输入RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0

    • 在“值名称”中输入*,在值中输入RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0

    • 在“值名称”中输入*,在值中输入RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0

  • 如果仍然出现问题,请添加以下内容:

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\SYSVOL" /d "RequireMutualAuthentication=0" /t REG_SZ /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\NETLOGON" /d "RequireMutualAuthentication=0" /t REG_SZ /f

运行使用

  • 以管理员身份启动PowerShell

    • 这是将DNS服务器更改为DC IP并将域添加到主机文件所必需的。否则,某些检查/执行将失败,例如Impacket。

运行所有检查

PS C:\Users\user\Desktop> . C:\Tools\domain_audit\domain_audit.ps1
PS C:\Users\user\Desktop> Invoke-ADCheckAll -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3

  • 页面底部的示例输出。

运行单独检查

  • 有些检查需要主机文件中的DNS和域名。所以最好是设置它!

设置dns和主机文件

Invoke-ChangeDNS -Server 10.0.0.3 -Domain "amsterdam.bank.local"

运行检查

Invoke-ADEnum -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3
Invoke-ADEnumTrust -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3
Invoke-ADCheckSQL -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3

输出

该工具将在当前目录或提供的位置创建一个包含域名和日期的目录。在这个目录中有三个目录:

  • Data,具有来自域对象的.csv文件、侦探数据和一些对象列表。

  • Findings,检查的输出可能是有趣的内容或报告为发现。

  • Checks,具有检查的输出,应手动评估以检查是否有要报告的内容。

示例输出Invoke-ADCheckAll

PS C:\Users\user\Desktop> . C:\Tools\domain_audit\domain_audit.ps1
PS C:\Users\user\Desktop> Invoke-ADCheckAll -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3

[+] Running as administrator, changing DNS to 10.0.0.3 and adding 10.0.0.3 amsterdam.bank.local to host file
[+] AD Authentication for amsterdam.bank.local\john succeeded!
[+] Output will be written in C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22

---------- DATA EXPLAINED ----------
- All data is written to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\
- In this folder are three subfolders
- files in \findings\ are findings that should be reported
- files in \checks\ needs to be checked
- files in \data\ is raw data

---------- COLORS EXPLAINED ----------
White is informational text
Green means check has passed
Yellow means manually check the data
Dark Red means finding

---------- GATHERING DATA ----------
[+] Gathering data of all Users, Groups, Computerobject, GPO's, OU's, DC's and saving it to csv
[+] Gathering BloodHound data all, session and ACL in seperate PowerShell session in background

---------- BASIC ENUMERATION ----------
[W] Saving a list of all users to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_users.txt
[W] Saving a list of all enabled users to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_users_enabled.txt
[W] Saving a list of all administrators to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_administrators.txt
[W] Saving a list of all groups to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_groups.txt
[W] Saving a list of all computerobjects to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_computers.txt

---------- DOMAIN INFORMATION ----------
The domain functional level is: Windows 2016
In the domain amsterdam.bank.local there are:
- 27 users and 25 enabled users
- 51 groups
- 4 computers
- 4 OU's
- 2 GPO's
- 3 Administrators
- 1 Domain Controllers

---Checking if amount of admins is more then 5% of all users---
[-] There are 3 administrators, which is 11.11% of all users
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\large_amount_of_administrators.txt

---------- ENUMERATING DOMAIN TRUSTS ----------
[+] The domain amsterdam.bank.local trusts 1 domains which are:
bank.local
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\trusts.txt

[+] The trust for domain bank.local is WITHIN_FOREST, enumerating trusts
[+] The domain bank.local trusts 2 domains which are:
amsterdam.bank.local
secure.local
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\trusts.txt

---Checking if AzureAD connect is in use---
[+] AzureAD connect is not installed

---Checking if Azure SSO is in use---
[+] Azure SSO is not configured

---------- EXECUTING CHECKS ----------
[+] Executing in another window because runas is required
[+] Pleace manually supply the Password Welcome2022!
--- Running SQL checks in new window ---
Enter the password for amsterdam.bank.local\john:
Attempting to start powershell.exe -Exec bypass -NoExit Import-Module C:\Tools\domain_audit\domain_audit.ps1; Set-Variable Findings_Path -Value C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings; Set-Variable Data_Path -Value C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data; Set-Variable Checks_Path -Value C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks; Set-Variable OutputDirectoryCreated -Value True; Invoke-ADCheckSQL -Domain amsterdam.bank.local -Server 10.0.0.3 -User john -Password Welcome2022! -SkipPrompt as user "amsterdam.bank.local\john" ...

---Checking password policy---
[+] Passwordpolicy contains ClearTextPassword=0. Domain controller does not save passwords in cleartext
[-] Password length requirement is 7 characters
[-] PasswordComplexity is 0 (Disabled)!
[-] LockOutBadCount is 0, accounts wont be locked!
[-] ResetLockoutCount is not set
[-] LockoutDuration is not set
Writing password policy to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\passwordpolicy.txt

---Checking if there is a GPO with LAPS---
[-] There is no GPO with LAPS in their name

---Checking if LAPS is enabled on any computerobject---
[-] There are no systems where LAPS is enabled
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\laps_notenabled.txt

---Checking description field for passwords---
[-] There are 4 users that have a description, please manually check for passwords!
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\description_users.txt

---Checking groups description field for interesting information---
[-] There are 45 groups that have a description, please manually check for passwords or interesting information!
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\description_groups.txt

---Checking computerobjects description field for interesting information---
[+] There are no computerobjects with a description

---Checking kerberoastable administrators---
[-] There are 1 kerberoastable administrators
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\administrators_serviceprincipalname.txt

---Checking kerberoastable users---
[-] There are 2 kerberoastable users
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_serviceprincipalname.txt
[+] Requested 2 hashes, please crack with hashcat
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_kerberoast_hashes.txt

---Checking if there are users with the DONT_REQ_PREAUTH attribute---
[-] There are 2 users with the attribute DONT_REQ_PREAUTH
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_dontrequirepreath.txt
[+] Requested 2 hashes, please crack with hashcat
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_aspreproast_hashes.txt

---Checking constrained delegation users---
[-] There are 1 users that have constrained delegation enabled
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_constrained_delegation.txt

---Checking unconstrained delegation computerobjects, excluding domain-controllers---
[-] There are 1 users that have unconstrained delegation enabled
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_unconstrained_delegation.txt

---Checking constrained delegation computerobjects---
[+] There are no computerobjects with constrained delegation

---Checking unconstrained delegation computerobjects, excluding domain-controllers---
[-] There are 1 computerobjects that have unconstrained delegation enabled
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\computers_unconstrained_delegation.txt

---Checking resource based constrained delegation computerobjects---
[+] There are no computerobjects with resource based constrained delegation

---Checking if there are users with the PASSWD_NOTREQD attribute---
[-] There are 2 users with the attribute PASSWD_NOTREQD
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_passwdnotreqd.txt

---Checking for users with empty password---
[-] The password for user bank_dev is empty
[-] The password for user steve is empty

---Checking if there are users with the DONT_EXPIRE_PASSWORD attribute---
[-] There are 17 users with the attribute DONT_EXPIRE_PASSWORD
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_dontexpirepassword.txt

---Checking if there are users with the reversible encryption---
[+] There are no users with reversible encryption

---Checking if there are users with DES encryption---
[+] There are no users with DES encryption

---Checking if administrator accounts - that aren't disabled - have a password older then 365 days---
[+] There where no enabled administrators with a password older then 365 days

---Checking if KRBTGT account has a password older then 365 days---
[+] The password from the krbtgt is not older then 365 days

---Checking if there are EOL operating systems in the AD---
[+] There are no computerobjects in the AD that are EOL

---Checking if there are end of service Windows 10 operating systems in the AD---
[+] There are no Windows 10 computerobjects computerobjects in the AD that are End Of Service

---Checking if there are computerobjects that have no login or login/pwdlastset older then 365 days---
[+] There are no computerobjects in the AD that are inactive

---Checking if there are users that didn't login for 365 days---
[+] There are no users in the AD that are inactive (didn't login or changed their password in the last 365 days)

---Checking if members of privileged groups are part of the protected users group---
[-] There are 3 privileged users not part of the protected users group
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\administrators_notin_protectedusersgroup.txt

---Checking if members of privileged groups have the flag 'this account is sensitive and cannot be delegated'---
[-] There are 3 privileged users without the flag 'this account is sensitive and cannot be delegated' that aren't in the Protected Users group
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\administrators_delegation_flag.txt

---Checking if there are members in high privileged groups---
[+] There are no users in the Account Operators group
[+] There are no users in the Backup Operators group
[+] There are no users in the Print Operators group
[+] There are no users in the DNS Admins group
[+] There are no users in the Schema Admins group

---Checking if there are computerobjects part ofhigh privileged groups---
[+] There are no computerobjects part of a high privileged groups

---Checking who can add computerobjects to the domain---
[-] The authenticated users group(S-1-5-11) can add 10 computerobjects to the domain
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\authenticated_users_can_join_domain.txt
[W] Writing amount of computerobjects that can be joined to the domain by the object to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\can_join_domain_amount.txt

---Checking if there are passwords in the SYSVOL share---
This might take a while
[+] Checking SYSVOL of DC02
[-] There might be 1 passwords in the SYSVOL of DC02. Please manually check
Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\sysvol_passwords.txt

---Checking if there are passwords in the NETLOGON share---
This might take a while
[+] Checking NETLOGON of DC02
[-] There might be 1 passwords(string pass) in the NETLOGON of DC02. Please manually check
Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\netlogon_passwords.txt

---Checking printspooler service on each DC---
[-] Printspooler enabled on DC02
Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\printspooler_domaincontrollers.txt

---Running LdapRelayScan---
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\domaincontrollers_ldaprelayscan.txt

---Checking for LDAP signing---
[+] One or more domain controller(s) does not require LDAP signing
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\domaincontrollers_no_ldap_signing.txt

---Checking for LDAPS binding---
[+] One or more domain controller(s) does not require LDAPS binding
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\domaincontrollers_no_ldaps_binding.txt

---Checking if exchange is used within the domain---
[+] No Exchange groups exist

---Checking which machines are reachable from current machine through ping---
[+] There are 3 computers which are reachable
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\computers_accessible.txt

---Running crackmapexec against each reachable host enumerating SMB data and shares---
[+] Crackmapexec will hang and needs a enter to continue
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\crackmapexec_reachablecomputers.txt

---Checking for hosts which have SMBV1 enabled---
[+] There are no reachable computers which have SMBV1 enabled (SMBv1:True)

---Checking for hosts without signing---
[+] There are 2 reachable computers which does not require signing (Signing:False)
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\computers_nosigning.txt

---Checking for shares with READ access---
[+] There are 4 shares the current user can READ
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\shares_read_access.txt

---Checking for shares with WRITE access---
[+] There are 1 shares the current user can WRITE to
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\shares_write_access.txt

---Running crackmapexec against each reachable host enumerating webclient service---
[+] Crackmapexec will hang and needs a enter to continue
[W] Writing all data to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\crackmapexec_webdav.txt

[+] There are 1 systems with the webclient service running
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\computers_webdav.txt

---------- EXECUTING SQL CHECKS ----------
---Checking MSSQL instances---
[+] Found 1 MSSQL instances
[+] Checking connection to each MSSQL instance
[-] The current user can access 1 MSSQL instances
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\SQLserver_user_has_access.txt

---Checking if the user is sysadmin on the accessible instances---
[+] The current user is not sysdmin to any SQL instances

---Checking database links for sysadmin security context---
[-] There are 1 links which run under the security context of a sysadmin user
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\SQLserver_sysadmin_on_links.txt

---Running Invoke-SQLAudit on the accessible instances---
This might take a while
VERBOSE: WEB01.amsterdam.bank.local : No named instance found.
VERBOSE: WEB01.amsterdam.bank.local : Connection Success.
VERBOSE: WEB01.amsterdam.bank.local : Checking for autoexec stored procedures...
[-] Invoke-SQLAudit found 7 issues
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\SQLserver_sqlaudit.txt

image

许可证协议

本项目的开发与发布遵循GPL-3.0开源许可证协议。

项目地址

Domain_audit:【GitHub传送门

# 渗透测试 # web安全 # 系统安全 # 内网渗透 # 网络安全技术
免责声明
1.一般免责声明:本文所提供的技术信息仅供参考,不构成任何专业建议。读者应根据自身情况谨慎使用且应遵守《中华人民共和国网络安全法》,作者及发布平台不对因使用本文信息而导致的任何直接或间接责任或损失负责。
2. 适用性声明:文中技术内容可能不适用于所有情况或系统,在实际应用前请充分测试和评估。若因使用不当造成的任何问题,相关方不承担责任。
3. 更新声明:技术发展迅速,文章内容可能存在滞后性。读者需自行判断信息的时效性,因依据过时内容产生的后果,作者及发布平台不承担责任。
本文为 独立观点,未经授权禁止转载。
如需授权、对文章有疑问或需删除稿件,请联系 FreeBuf 客服小蜜蜂(微信:freebee1024)
被以下专辑收录,发现更多精彩内容
+ 收入我的专辑
+ 加入我的收藏
相关推荐
  • 0 文章数
  • 0 关注者
文章目录
关于Domain_audit
    检查项目
      功能特性
        安装和设置
          运行使用
          • 运行所有检查
          • 运行单独检查
          输出
            示例输出Invoke-ADCheckAll
              许可证协议
                项目地址