凭据传递 on Linux邪修https://linuxiexiu.github.io/docs/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8/%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8/%E5%87%AD%E6%8D%AE%E4%BC%A0%E9%80%92/Recent content in 凭据传递 on Linux邪修Hugozh© 2024 Linux邪修凭据传递基础知识https://linuxiexiu.github.io/docs/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8/%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8/%E5%87%AD%E6%8D%AE%E4%BC%A0%E9%80%92/%E5%87%AD%E6%8D%AE%E4%BC%A0%E9%80%92%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/Mon, 01 Jan 0001 00:00:00 +0000https://linuxiexiu.github.io/docs/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8/%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8/%E5%87%AD%E6%8D%AE%E4%BC%A0%E9%80%92/%E5%87%AD%E6%8D%AE%E4%BC%A0%E9%80%92%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/<h2 id="技术介绍">技术介绍<a class="anchor" href="#%e6%8a%80%e6%9c%af%e4%bb%8b%e7%bb%8d">#</a></h2> <p>凭据传递是一种利用用户凭据在系统中进行横向移动的技术。攻击者通过窃取或重用用户凭据,在系统中进行横向移动,以访问更多的系统资源。本教程将详细介绍凭据传递的基础知识、核心概念和技术方法,帮助安全人员理解和防御凭据传递攻击。</p> <h3 id="凭据传递核心概念">凭据传递核心概念<a class="anchor" href="#%e5%87%ad%e6%8d%ae%e4%bc%a0%e9%80%92%e6%a0%b8%e5%bf%83%e6%a6%82%e5%bf%b5">#</a></h3> <ul> <li><strong>凭据(Credential)</strong>:用于身份验证的信息</li> <li><strong>凭据传递(Credential Passing)</strong>:利用凭据进行横向移动的技术</li> <li><strong>用户凭据(User Credential)</strong>:用户的凭据</li> <li><strong>管理员凭据(Administrator Credential)</strong>:管理员的凭据</li> <li><strong>服务凭据(Service Credential)</strong>:服务的凭据</li> <li><strong>哈希传递(Pass the Hash)</strong>:利用哈希进行认证的技术</li> <li><strong>票据传递(Pass the Ticket)</strong>:利用票据进行认证的技术</li> <li><strong>凭据转储(Credential Dumping)</strong>:转储凭据的技术</li> <li><strong>凭据重用(Credential Reuse)</strong>:重用凭据的技术</li> <li><strong>凭据窃取(Credential Theft)</strong>:窃取凭据的技术</li> <li><strong>凭据存储(Credential Storage)</strong>:存储凭据的技术</li> <li><strong>凭据缓存(Credential Caching)</strong>:缓存凭据的技术</li> </ul> <h3 id="凭据传递的特点">凭据传递的特点<a class="anchor" href="#%e5%87%ad%e6%8d%ae%e4%bc%a0%e9%80%92%e7%9a%84%e7%89%b9%e7%82%b9">#</a></h3> <ul> <li><strong>隐蔽性</strong>:凭据传递攻击隐蔽性强</li> <li><strong>灵活性</strong>:凭据传递技术灵活多样</li> <li><strong>依赖性</strong>:凭据传递依赖用户凭据</li> <li><strong>检测难度</strong>:凭据传递检测难度较大</li> <li><strong>影响范围</strong>:凭据传递影响范围广</li> <li><strong>技术复杂</strong>:凭据传递技术复杂</li> </ul> <h3 id="凭据传递的重要性">凭据传递的重要性<a class="anchor" href="#%e5%87%ad%e6%8d%ae%e4%bc%a0%e9%80%92%e7%9a%84%e9%87%8d%e8%a6%81%e6%80%a7">#</a></h3> <ul> <li><strong>攻击检测</strong>:检测凭据传递攻击</li> <li><strong>系统加固</strong>:加固系统防止凭据传递</li> <li><strong>安全防护</strong>:防护凭据传递攻击</li> <li><strong>合规性</strong>:满足合规性要求</li> <li><strong>风险降低</strong>:降低安全风险</li> <li><strong>业务保护</strong>:保护业务连续性</li> </ul> <h2 id="技术体系">技术体系<a class="anchor" href="#%e6%8a%80%e6%9c%af%e4%bd%93%e7%b3%bb">#</a></h2> <p>凭据传递技术体系主要包括以下几个方面:</p> <h3 id="凭据传递原理">凭据传递原理<a class="anchor" href="#%e5%87%ad%e6%8d%ae%e4%bc%a0%e9%80%92%e5%8e%9f%e7%90%86">#</a></h3> <ul> <li><strong>凭据认证</strong>:凭据的认证过程</li> <li><strong>凭据存储</strong>:凭据的存储机制</li> <li><strong>凭据缓存</strong>:凭据的缓存机制</li> <li><strong>凭据传递</strong>:凭据的传递机制</li> <li><strong>凭据验证</strong>:凭据的验证机制</li> </ul> <h3 id="凭据传递技术">凭据传递技术<a class="anchor" href="#%e5%87%ad%e6%8d%ae%e4%bc%a0%e9%80%92%e6%8a%80%e6%9c%af">#</a></h3> <ul> <li><strong>哈希传递</strong>:利用哈希进行认证</li> <li><strong>票据传递</strong>:利用票据进行认证</li> <li><strong>凭据转储</strong>:转储凭据</li> <li><strong>凭据重用</strong>:重用凭据</li> <li><strong>凭据窃取</strong>:窃取凭据</li> </ul> <h3 id="凭据传递防御">凭据传递防御<a class="anchor" href="#%e5%87%ad%e6%8d%ae%e4%bc%a0%e9%80%92%e9%98%b2%e5%be%a1">#</a></h3> <ul> <li><strong>凭据保护</strong>:保护凭据安全</li> <li><strong>凭据监控</strong>:监控凭据活动</li> <li><strong>凭据管理</strong>:管理凭据生命周期</li> <li><strong>凭据加密</strong>:加密凭据</li> <li><strong>凭据轮换</strong>:定期轮换凭据</li> </ul> <h2 id="工具使用">工具使用<a class="anchor" href="#%e5%b7%a5%e5%85%b7%e4%bd%bf%e7%94%a8">#</a></h2> <h3 id="凭据传递检测工具">凭据传递检测工具<a class="anchor" href="#%e5%87%ad%e6%8d%ae%e4%bc%a0%e9%80%92%e6%a3%80%e6%b5%8b%e5%b7%a5%e5%85%b7">#</a></h3> <ol> <li> <p><strong>Mimikatz</strong>:</p> <ul> <li><strong>功能</strong>:凭据转储工具</li> <li><strong>用途</strong>:转储和分析凭据</li> <li><strong>使用方法</strong>: <div class="highlight"><pre tabindex="0" style="color:#e2e4e5;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#78787e"># 下载Mimikatz</span> </span></span><span style="display:flex;"><span><span style="color:#78787e"># 从GitHub下载</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#78787e"># 运行Mimikatz</span> </span></span><span style="display:flex;"><span><span style="color:#78787e"># 提升权限</span> </span></span><span style="display:flex;"><span>privilege::debug </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#78787e"># 转储凭据</span> </span></span><span style="display:flex;"><span>sekurlsa::logonpasswords </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#78787e"># 转储LSASS内存</span> </span></span><span style="display:flex;"><span>sekurlsa::minidump lsass.dmp </span></span><span style="display:flex;"><span>sekurlsa::logonpasswords</span></span></code></pre></div></li> </ul> </li> <li> <p><strong>Rubeus</strong>:</p>