# 横向移动

- [探测存活主机](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-cun-huo-zhu-ji.md)
- [For+Ping命令查询存活主机](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-cun-huo-zhu-ji/for+ping-ming-ling-cha-xun-cun-huo-zhu-ji.md)
- [NbtScan](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-cun-huo-zhu-ji/nbtscan.md)
- [NetDiscover](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-cun-huo-zhu-ji/netdiscover.md)
- [NMAP](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-cun-huo-zhu-ji/nmap.md)
- [rp scan](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-cun-huo-zhu-ji/rp-scan.md)
- [代理nmap扫描](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-cun-huo-zhu-ji/dai-li-nmap-sao-miao.md)
- [内外网资产对应](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-cun-huo-zhu-ji/nei-wai-wang-zi-chan-dui-ying.md)
- [MSF](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-cun-huo-zhu-ji/msf.md)
- [探测服务&端口](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou.md)
- [常见端口](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou/chang-jian-duan-kou.md)
- [MSF](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou/msf.md)
- [Nc](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou/nc.md)
- [Powershell](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou/powershell.md)
- [PTScan](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou/ptscan.md)
- [SMB](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou/smb.md)
- [CobaltStrike+K8Aggressor](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou/cobaltstrike+k8aggressor.md)
- [Linux\_Samba服务](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou/linuxsamba-fu-wu.md)
- [Masscan](https://www.heresecurity.wiki/heng-xiang-yi-dong/tan-ce-fu-wu-duan-kou/masscan.md)
- [执行命令\&IPC&计划任务](https://www.heresecurity.wiki/heng-xiang-yi-dong/zhi-xing-ming-ling-ipc-ji-hua-ren-wu.md)
- [AT](https://www.heresecurity.wiki/heng-xiang-yi-dong/zhi-xing-ming-ling-ipc-ji-hua-ren-wu/at.md)
- [IPC](https://www.heresecurity.wiki/heng-xiang-yi-dong/zhi-xing-ming-ling-ipc-ji-hua-ren-wu/ipc.md)
- [Schtasks](https://www.heresecurity.wiki/heng-xiang-yi-dong/zhi-xing-ming-ling-ipc-ji-hua-ren-wu/schtasks.md)
- [Wmic](https://www.heresecurity.wiki/heng-xiang-yi-dong/zhi-xing-ming-ling-ipc-ji-hua-ren-wu/wmic.md)
- [代理](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li.md)
- [goproxy](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/goproxy.md)
- [shadowsocks](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/shadowsocks.md)
- [sock4a](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/sock4a.md)
- [socks5](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/socks5.md)
- [socks5web](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/socks5web.md)
- [ssf](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/ssf.md)
- [ssh](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/ssh.md)
- [代理软件](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/dai-li-ruan-jian.md)
- [chisel](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/chisel.md)
- [earthworm](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/earthworm.md)
- [revsocks](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/revsocks.md)
- [Gost](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/gost.md)
- [gotohttp](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/gotohttp.md)
- [rustdesk](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/rustdesk.md)
- [frp](https://www.heresecurity.wiki/heng-xiang-yi-dong/dai-li/frp.md)
- [NTLM中继和中间人攻击](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji.md)
- [Ntlmrelayx+资源受限委派](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/ntlmrelayx+-zi-yuan-shou-xian-wei-pai.md)
- [Responder/LLMNR毒害](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/responderllmnr-du-hai.md)
- [DNS Poisonning](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/dns-poisonning.md)
- [MS08-068 NTLM反射](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/ms08068-ntlm-fan-she.md)
- [RemotePotato0](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/remotepotato0.md)
- [SMB签名禁用和IPv4](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/smb-qian-ming-jin-yong-he-ipv4.md)
- [SMB签名禁用和IPv6](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/smb-qian-ming-jin-yong-he-ipv6.md)
- [WebDav中继](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/webdav-zhong-ji.md)
- [捕获和破解Net NTLMv1和NTLMv1哈希](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/bu-huo-he-po-jie-net-ntlmv1-he-ntlmv1-ha-xi.md)
- [CVE-2019-1040](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/cve-2019-1040.md)
- [CVE-2019-1384](https://www.heresecurity.wiki/heng-xiang-yi-dong/ntlm-zhong-ji-he-zhong-jian-ren-gong-ji/cve-2019-1384.md)
- [ActiveDirectory的ACL和ACE](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-de-acl-he-ace.md)
- [GenericAll](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-de-acl-he-ace/genericall.md)
- [GenericWrite](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-de-acl-he-ace/genericwrite.md)
- [WriteDACL](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-de-acl-he-ace/writedacl.md)
- [WriteOwner](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-de-acl-he-ace/writeowner.md)
- [读取GMSA密码](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-de-acl-he-ace/du-qu-gmsa-mi-ma.md)
- [读取LAPS密码](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-de-acl-he-ace/du-qu-laps-mi-ma.md)
- [强制更改密码](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-de-acl-he-ace/qiang-zhi-geng-gai-mi-ma.md)
- [ActiveDirectory证书服务](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu.md)
- [ESC1-配置错误的证书模板](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/esc1-pei-zhi-cuo-wu-de-zheng-shu-mu-ban.md)
- [ESC2-配置错误的证书模板](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/esc2-pei-zhi-cuo-wu-de-zheng-shu-mu-ban.md)
- [ESC3-配置错误的注册代理模板](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/esc3-pei-zhi-cuo-wu-de-zhu-ce-dai-li-mu-ban.md)
- [ESC4-访问控制漏洞](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/esc4-fang-wen-kong-zhi-lou-dong.md)
- [ESC6-EDITF\_ATTRIBUTESUBJECTALTNAME2](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/esc6-editf_attributesubjectaltname2.md)
- [ESC7-易受攻击的证书颁发机构访问控制](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/esc7-yi-shou-gong-ji-de-zheng-shu-ban-fa-ji-gou-fang-wen-kong-zhi.md)
- [ESC8-ADCS中继攻击](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/esc8adcs-zhong-ji-gong-ji.md)
- [Pass-The-Certificate](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/pass-the-certificate.md)
- [查找证书服务器](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/cha-zhao-zheng-shu-fu-wu-qi.md)
- [经过认证的CVE-2022-26923](https://www.heresecurity.wiki/heng-xiang-yi-dong/activedirectory-zheng-shu-fu-wu/jing-guo-ren-zheng-de-cve202226923.md)
- [DCOM-Exploitation](https://www.heresecurity.wiki/heng-xiang-yi-dong/dcom-exploitation.md)
- [DCOM](https://www.heresecurity.wiki/heng-xiang-yi-dong/dcom-exploitation/dcom.md)
- [通过MMC应用程序类进行DCOM](https://www.heresecurity.wiki/heng-xiang-yi-dong/dcom-exploitation/tong-guo-mmc-ying-yong-cheng-xu-lei-jin-xing-dcom.md)
- [通过Office进行DCOM](https://www.heresecurity.wiki/heng-xiang-yi-dong/dcom-exploitation/tong-guo-office-jin-xing-dcom.md)
- [通过ShellBrowserWindow进行DCOM](https://www.heresecurity.wiki/heng-xiang-yi-dong/dcom-exploitation/tong-guo-shellbrowserwindow-jin-xing-dcom.md)
- [通过ShellExecute进行DCOM](https://www.heresecurity.wiki/heng-xiang-yi-dong/dcom-exploitation/tong-guo-shellexecute-jin-xing-dcom.md)
- [Kerberoasting](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberoasting.md)
- [申请票据](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberoasting/shen-qing-piao-ju.md)
- [破解密码](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberoasting/po-jie-mi-ma.md)
- [导出票据](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberoasting/dao-chu-piao-ju.md)
- [SPN发现](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberoasting/spn-fa-xian.md)
- [GetUserSPNs](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberoasting/getuserspns.md)
- [重写票据](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberoasting/zhong-xie-piao-ju.md)
- [MSF添加路由](https://www.heresecurity.wiki/heng-xiang-yi-dong/msf-tian-jia-lu-you.md)
- [Ngrok内网穿透](https://www.heresecurity.wiki/heng-xiang-yi-dong/ngrok-nei-wang-chuan-tou.md)
- [PASS-THE-HASH](https://www.heresecurity.wiki/heng-xiang-yi-dong/pass-the-hash.md)
- [PASS-THE-TICKET](https://www.heresecurity.wiki/heng-xiang-yi-dong/pass-the-ticket.md)
- [PASS-THE-KEY](https://www.heresecurity.wiki/heng-xiang-yi-dong/pass-the-key.md)
- [组策略对象GPO](https://www.heresecurity.wiki/heng-xiang-yi-dong/zu-ce-le-dui-xiang-gpo.md)
- [WinRM无文件执行](https://www.heresecurity.wiki/heng-xiang-yi-dong/winrm-wu-wen-jian-zhi-xing.md)
- [方程式内网不产生session](https://www.heresecurity.wiki/heng-xiang-yi-dong/fang-cheng-shi-nei-wang-bu-chan-sheng-session.md)
- [隔离主机payload](https://www.heresecurity.wiki/heng-xiang-yi-dong/ge-li-zhu-ji-payload.md)
- [攻击MSSQL数据库](https://www.heresecurity.wiki/heng-xiang-yi-dong/gong-ji-mssql-shu-ju-ku.md)
- [攻击MySQL数据库](https://www.heresecurity.wiki/heng-xiang-yi-dong/gong-ji-mysql-shu-ju-ku.md)
- [共享](https://www.heresecurity.wiki/heng-xiang-yi-dong/gong-xiang.md)
- [获取保存的RDP密码](https://www.heresecurity.wiki/heng-xiang-yi-dong/huo-qu-bao-cun-de-rdp-mi-ma.md)
- [快速定位域管理登过的机器](https://www.heresecurity.wiki/heng-xiang-yi-dong/kuai-su-ding-wei-yu-guan-li-deng-guo-de-ji-qi.md)
- [添加域管命令](https://www.heresecurity.wiki/heng-xiang-yi-dong/tian-jia-yu-guan-ming-ling.md)
- [ASEPRoasting](https://www.heresecurity.wiki/heng-xiang-yi-dong/aseproasting.md)
- [CVE-2019-0708](https://www.heresecurity.wiki/heng-xiang-yi-dong/cve-2019-0708.md)
- [GPP-Password](https://www.heresecurity.wiki/heng-xiang-yi-dong/gpp-password.md)
- [MS08\_067](https://www.heresecurity.wiki/heng-xiang-yi-dong/ms08_067.md)
- [MS17\_010](https://www.heresecurity.wiki/heng-xiang-yi-dong/ms17_010.md)
- [MSF管道监听](https://www.heresecurity.wiki/heng-xiang-yi-dong/msf-guan-dao-jian-ting.md)
- [账户委派](https://www.heresecurity.wiki/heng-xiang-yi-dong/zhang-hu-wei-pai.md)
- [资源受限委派](https://www.heresecurity.wiki/heng-xiang-yi-dong/zi-yuan-shou-xian-wei-pai.md)
- [域内爆破](https://www.heresecurity.wiki/heng-xiang-yi-dong/yu-nei-bao-po.md)
- [危险的内置组使用](https://www.heresecurity.wiki/heng-xiang-yi-dong/wei-xian-de-nei-zhi-zu-shi-yong.md)
- [域与域](https://www.heresecurity.wiki/heng-xiang-yi-dong/yu-yu-yu.md)
- [kerberos青铜比特攻击CVE-2020-17049](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberos-qing-tong-bi-te-gong-ji-cve202017049.md)
- [kerberos无约束委派](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberos-wu-yue-shu-wei-pai.md)
- [kerberos约束委派](https://www.heresecurity.wiki/heng-xiang-yi-dong/kerberos-yue-shu-wei-pai.md)
- [基于kerberos资源的约束委派](https://www.heresecurity.wiki/heng-xiang-yi-dong/ji-yu-kerberos-zi-yuan-de-yue-shu-wei-pai.md)
- [PrivExchange攻击](https://www.heresecurity.wiki/heng-xiang-yi-dong/privexchange-gong-ji.md)
- [PXE启动映像攻击](https://www.heresecurity.wiki/heng-xiang-yi-dong/pxe-qi-dong-ying-xiang-gong-ji.md)
- [RODC-只读域控制器入侵](https://www.heresecurity.wiki/heng-xiang-yi-dong/rodc-zhi-du-yu-kong-zhi-qi-ru-qin.md)
- [WSUS部署](https://www.heresecurity.wiki/heng-xiang-yi-dong/wsus-bu-shu.md)
- [SCCM部署](https://www.heresecurity.wiki/heng-xiang-yi-dong/sccm-bu-shu.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.heresecurity.wiki/heng-xiang-yi-dong.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.