# Hack the Box 工具整理 ###### tags: `pwn` ### 網路掃描 1. Nmap ### 常見Protocal 漏洞 1. smbclient ```c=1 //使用非密碼方式存取smb服務，-L是指列出後面位置的所有檔案，-N為設定不須密碼 smbclient -N -L '\\10.10.11.152'' smbclient '\\10.10.11.152\Shares\' ``` ### Zip 暴力破解 1. zip2john 先使用zip2john將file轉成hash檔案，再使用john ```c=1 zip2john winrm_backup.zip > hash.txt ``` 2. john (John the Ripper) https://github.com/sirrushoo/python ```c=1 //可設定wordlist指定密碼本 john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt //show cracked passwords [if =left, then uncracked] //如下圖所示為成功，並且密碼為紅色區域 john --show hash.txt //如果有其他問題，可以用這個指令找2john有關的python檔在哪裡 locate *2john* ```  ### Evil-WinRM https://github.com/Hackplayers/evil-winrm https://medium.com/@MementoMemoria/hackthebox-timelapse-walkthrough-write-up-651be94ea4ee https://github.com/Kyuu-Ji/htb-write-up/blob/master/sizzle/psremote.rb https://breached.co/Thread-HTB-Timelapse-Discussion