NTUSTISC - AD Note - Lab(偵測密碼揮灑)

Posted on 2024-01-31 | Post modified | In Security/Course/NTUST ISC/AD/3. 更多密碼 |

[TOC]

Background

得到更高權限之後，會想要更多的密碼

利用Event ID: 4625, 4648, 4771的認證失敗紀錄可以看到我是大約在4:52:08左右執行的，有一大堆的4625紀錄，如果抓最後一筆的紀錄，會顯示Account Name就是我們在Kali看到的最後一個帳戶，而且Keyword顯示Audit Failure

Post author: SBK6401
Post link: https://bernie6401.github.io/security/course/ntust%20isc/ad/3.%20%E6%9B%B4%E5%A4%9A%E5%AF%86%E7%A2%BC/2024/01/31/NTUSTISC-AD-Note-Lab(0x15%E5%81%B5%E6%B8%AC%E5%AF%86%E7%A2%BC%E6%8F%AE%E7%81%91)/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.