[ Pen Testing Windows ] :: Penetration Testing Windows: Powershell/Empire

Powershell

This is post 3 of 3 in the series “[ Pen Testing Windows ]” Powershell Powershell is the object-oriented replacement for the ancient Windows cmd.exe. It it not present on all installations of Windows, but can be added via a download from Microsoft. There are five versions of Powershell at the moment (2018). You can …

[ Pen Testing Windows ] :: Penetration Testing Windows: CrackMapExec

Hacking in the dark

This is post 2 of 3 in the series “[ Pen Testing Windows ]” Gather Your Tools First off, be a smart hacker and know how to find great online materials, like this how-to: https://byt3bl33d3r.github.io/getting-the-goods-with-crackmapexec-part-1.html And this excellent tute on CrackMapExec: https://www.ivoidwarranties.tech/posts/pentesting-tuts/cme/crackmapexec/ For the TL;DR of that page, start in Bash: # get syntax and …

[ Pen Testing Windows ] :: Active Directory: Extracting NTDS and Cracking Hashes

Glenn Norman

This is post 1 of 3 in the series “[ Pen Testing Windows ]” Okay, you’ve gotten System user access on your Windows target, and now you want to get the goodies in Active Directory. Here’s the ultra-short version: Open Powershell and enter: ntdsutilActivate Instance ntdsifmcreate full c:\bak_fldrquitquit Check out this video that details of …

[ Pen Testing ] :: Step by Step: Uploading Shellcode and Upgrading the Shell

Blue Security Goddess

This is post 19 of 20 in the series “[ Pen Testing ]” Getting a Remote Shell Let’s assume you’ve found some sort of access to your target, ideally an upload vulnerability that will let you get some shellcode onto the target. Netcat You could just start a Netcat listener on the victim, if Netcat …

[ Pen Testing ] :: Step by Step: Database Enumeration

Hacking in the dark

This is post 16 of 20 in the series “[ Pen Testing ]” Database Enumeration Enumeration With SQLmap SQLmap is noisy as hell. Here is the official options/examples page: https://github.com/sqlmapproject/sqlmap/wiki/Usage. For example, save a captured header as an input file for SQLmap: Load HTTP request from a file Option: -r One of the possibilities of …