[ Hacker Night School ] :: Got a shell on a Windows target? Now turn off the firewall.

Penetration Testing

This is post 11 of 17 in the series “[ Hacker Night School ]” Part of the hacking process is getting a first foothold into a system. Then once you’re in, escalating privileges and peeling back protections is the next priority. More than once in pen-testing situations or capture-the-flag games I’ve gotten into a Windows …

[ Hacker Night School ] :: Got a foothold on a Windows target? Now enable Remote Desktop.

Windows Remote Desktop
This entry is part 12 of 17 in the series [ Hacker Night School ]

This is post 10 of 17 in the series “[ Hacker Night School ]” Want to make your life easier once you’ve gotten a foothold on your Windows target? Enable Remote Desktop. See this article: https://www.interfacett.com/blogs/how-to-remotely-enable-and-disable-rdp-remote-desktop/ TL;DR: In cmd.exe: Reg add “\\computername\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server”  /v fDenyTSConnections /t REG_DWORD /d /f In Powershell: Invoke-Command –Computername “server1”, “Server2” –ScriptBlock …

[ Pen Testing Windows ] :: Penetration Testing Windows: Powershell/Empire

Powershell

This is post 3 of 3 in the series “[ Pen Testing Windows ]” Powershell Powershell is the object-oriented replacement for the ancient Windows cmd.exe. It it not present on all installations of Windows, but can be added via a download from Microsoft. There are five versions of Powershell at the moment (2018). You can …

[ Pen Testing Windows ] :: Penetration Testing Windows: CrackMapExec

Hacking in the dark

This is post 2 of 3 in the series “[ Pen Testing Windows ]” Gather Your Tools First off, be a smart hacker and know how to find great online materials, like this how-to: https://byt3bl33d3r.github.io/getting-the-goods-with-crackmapexec-part-1.html And this excellent tute on CrackMapExec: https://www.ivoidwarranties.tech/posts/pentesting-tuts/cme/crackmapexec/ For the TL;DR of that page, start in Bash: # get syntax and …

[ Pen Testing Windows ] :: Active Directory: Extracting NTDS and Cracking Hashes

Glenn Norman

This is post 1 of 3 in the series “[ Pen Testing Windows ]” Okay, you’ve gotten System user access on your Windows target, and now you want to get the goodies in Active Directory. Here’s the ultra-short version: Open Powershell and enter: ntdsutilActivate Instance ntdsifmcreate full c:\bak_fldrquitquit Check out this video that details of …

[ Pen Testing ] :: Step by Step: Uploading Shellcode and Upgrading the Shell

Blue Security Goddess

This is post 19 of 19 in the series “[ Pen Testing ]” Getting a Remote Shell Let’s assume you’ve found some sort of access to your target, ideally an upload vulnerability that will let you get some shellcode onto the target. Netcat You could just start a Netcat listener on the victim, if Netcat …