# 第二章：老（待更新...）

- [第一百零一课：基于SCF做目标内网信息搜集第二季](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-ling-yi-ke-ji-yu-scf-zuo-mu-biao-nei-wang-xin-xi-sou-ji-di-er-ji.md)
- [第一百零二课：对抗权限长期把控-伪造无效签名第一季](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-ling-er-ke-dui-kang-quan-xian-chang-qi-ba-kong-wei-zao-wu-xiao-qian-ming-di-yi-ji.md)
- [第一百零三课：Http加密隧道下的横向渗透尝试---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-ling-san-ke-http-jia-mi-sui-dao-xia-de-heng-xiang-shen-tou-chang-shi-klion.md)
- [第一百零四课：Windows Smb 欺骗重放攻击利用---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-ling-si-ke-windows-smb-qi-pian-zhong-fang-gong-ji-li-yong-klion.md)
- [第一百零五课：windows 单机免杀抓明文或hash \[通过dump lsass进程数据\]---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-ling-wu-ke-windows-dan-ji-mian-sha-zhua-ming-wen-huo-hash-tong-guo-dump-lsass-jin-cheng-sh.md)
- [第一百零六课：windows 单机免杀抓明文或hash \[通过简单混淆编码绕过常规静态检测\]---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-ling-liu-ke-windows-dan-ji-mian-sha-zhua-ming-wen-huo-hash-tong-guo-jian-dan-hun-xiao-bian.md)
- [第一百零七课：跨平台横向移动 \[ windows计划任务利用 \]---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-ling-qi-ke-kua-ping-tai-heng-xiang-yi-dong-windows-ji-hua-ren-wu-li-yong-klion.md)
- [第一百零八课：跨平台横向移动 \[wmi利用\]---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-ling-ba-ke-kua-ping-tai-heng-xiang-yi-dong-wmi-li-yong-klion.md)
- [第一百零九课：依托 metasploit 尽可能多的发现目标内网下的各类高价值存活主机---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-ling-jiu-ke-yi-tuo-metasploit-jin-ke-neng-duo-de-fa-xian-mu-biao-nei-wang-xia-de-ge-lei-ga.md)
- [第一百一十课：窃取,伪造模拟各种windows访问令牌\[token利用\]---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-ke-qie-qu-wei-zao-mo-ni-ge-zhong-windows-fang-wen-ling-pai-token-li-yong-klion.md)
- [第一百一十一课：内网mssql完整利用流程 \[ 基础篇 \]---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-yi-ke-nei-wang-mssql-wan-zheng-li-yong-liu-cheng-ji-chu-pian-klion.md)
- [第一百一十二课：利用Dropbox中转C2流量---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-er-ke-li-yong-dropbox-zhong-zhuan-c2-liu-liang-klion.md)
- [第一百一十三课：COM Hijacking---倾旋](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-san-ke-com-hijacking-qing-xuan.md)
- [第一百一十四课：渗透沉思录](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-si-ke-shen-tou-chen-si-lu.md)
- [第一百一十五课：使用CrackMapExec 进行 NTLM Hash传递攻击---倾旋](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-wu-ke-shi-yong-crackmapexec-jin-hang-ntlm-hash-chuan-di-gong-ji-qing-xuan.md)
- [第一百一十六课：Windows域渗透 - 用户密码枚举---倾旋](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-liu-ke-windows-yu-shen-tou-yong-hu-mi-ma-mei-ju-qing-xuan.md)
- [第一百一十七课：Windows 本地特权提升技巧---倾旋](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-qi-ke-windows-ben-di-te-quan-ti-sheng-ji-qiao-qing-xuan.md)
- [第一百一十八课：CVE-2017-11882钓鱼攻击---倾旋](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-ba-ke-cve201711882-diao-yu-gong-ji-qing-xuan.md)
- [第一百一十九课：全平台高性能加密隧道 ssf---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-yi-shi-jiu-ke-quan-ping-tai-gao-xing-neng-jia-mi-sui-dao-ssfklion.md)
- [第一百二十课：win自带的高级网络配置管理工具深度应用 \[ netsh \]---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-er-shi-ke-win-zi-dai-de-gao-ji-wang-luo-pei-zhi-guan-li-gong-ju-shen-du-ying-yong-netsh-kl.md)
- [第一百二十一课：http加密代理深度应用 \[ abptts \]---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-er-shi-yi-ke-http-jia-mi-dai-li-shen-du-ying-yong-abptts-klion.md)
- [第一百二十二课：利用 ssh隧道实现内网断网机meterpreter反向上线---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-er-shi-er-ke-li-yong-ssh-sui-dao-shi-xian-nei-wang-duan-wang-ji-meterpreter-fan-xiang-shan.md)
- [第一百二十三课：利用ssh隧道将公网meterpreter弹至本地的msf中---klion](https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-.../di-yi-bai-er-shi-san-ke-li-yong-ssh-sui-dao-jiang-gong-wang-meterpreter-dan-zhi-ben-di-de-msf-zhong.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://micro8.gitbook.io/micro8/di-er-zhang-lao-dai-geng-xin-....md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.