当前位置:首页 > 报告详情

集群式故障点——攻击 Windows 服务器故障转移集群.pdf

上传人: 竿*** 编号:981952 2025-11-29 138页 21.03MB

1、#BHUSA BlackHatEventsClustered Points of FailureClustered Points of FailureAttacking Windows Server Failover ClustersAttacking Windows Server Failover ClustersGarrett Foster#BHUSA BlackHatEvents12390123456#BHUSA BlackHatEvents12890890678#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents

2、“A set of independent computers that work together to increase the availability of applications and services”#BHUSA BlackHatEventsFile ServerDatabase#BHUSA BlackHatEvents#BHUSA BlackHatEvents“that was weird.”“that was weird.”#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA Black

3、HatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEventsgarrettblackhat:$wmiexec.py cluster.ludus.domain k-no-pass#BHUSA BlackHatEventsgarrettblackhat:$wmiexec.py cluster.ludus.domain k-no-passImpacket v0.13.0.dev0+20250226.212301.ead516a1-Co

4、pyright Fortra,LLC and its affiliated companies-SMB SessionError:code:0 xc00000cc-STATUS_BAD_NETWORK_NAME-Network Name Not Found The specified share name cannot be found on the remote server.garrettblackhat:$#BHUSA BlackHatEventsgarrettblackhat:$wmiexec.py cluster.ludus.domain k-no-passImpacket v0.1

5、3.0.dev0+20250226.212301.ead516a1-Copyright Fortra,LLC and its affiliated companies-SMB SessionError:code:0 xc00000cc-STATUS_BAD_NETWORK_NAME-Network Name Not Found The specified share name cannot be found on the remote server.garrettblackhat:$#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHa

6、tEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEventsWhy did scheduled tasks Why did scheduled tasks work?work?#BHUSA BlackHatEventsWhy that host?Why that host?#BHUSA BlackHatEve

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
1. Windows Server Failover Clusters (WSFC) 被攻击,目标是提高应用程序和服务的可用性。 2. 攻击者使用 `wmiexec.py` 工具尝试访问集群,但遇到了网络名称错误。 3. 讨论了集群中的节点、虚拟集群对象 (VCO)、集群名称对象 (CNO) 和集群节点 (Node) 的关系。 4. 分析了为什么某些任务能够成功执行,以及为什么攻击选择了特定主机。 5. 探讨了会话数据的问题和Kerberos认证的工作原理。 6. 发现了在 `clusres.dll` 中的解密过程,并提供了相关代码示例。 7. 强调了集群配置错误可能导致的安全漏洞,如审计集群虚拟账户和资源数据访问权限问题。
如何攻击Windows服务器?" 谁在控制节点?" 破解Kerberos认证!"
客服
商务合作
小程序
服务号
折叠