Skip to content

Latest commit

 

History

History
151 lines (129 loc) · 5.07 KB

TODO.md

File metadata and controls

151 lines (129 loc) · 5.07 KB
Raw

TODO

General

  • Static IPs
  • Create a config.json with all the repited data like domain admin credentials
  • Add LAPS to the network
  • Install spanish keyboard
- name: Windows | Add the fr keyboard layout
  win_shell: $langList = Get-WinUserLanguageList; $langList.Add("es-ES"); Set-WinUserLanguageList -LanguageList $langList -Force
  • Enable Insecure guest logons
1. Go to DC/Group Polocicy Management/Forest/Domains/<DOMAIN>/Group Policy Objects/Default Domain Policy
2. Right Click/Edit
3. Go to Cinoyter Configuration/Policies/Administrative Templates/Network/Lanman Workstation
4. Enable "Enable insecure guest logons"

  • Install Vuln-AD-plus -> The problem was on the script :D

    • Script Output into a file
    • Make it into a .yml filey

  • Disable Real Time monitoring in all the machines

    • Disable cloud-delivered protection
    • Disable sample submissio

  • Fix enhanced session on Windows Machines

  • Move all machines.yml to ansible also roles.

  • Activate Windows permanently

# Windows Server 2022 Evaluation
dism /online /set-edition:ServerStandard /productkey:VDYBN-27WPP-V4HQT-9VMD4-VMK7H /accepteula /NoRestart
cscript //nologo c:\windows\system32\slmgr.vbs /upk
cscript //nologo c:\windows\system32\slmgr.vbs /ipk VDYBN-27WPP-V4HQT-9VMD4-VMK7H
cscript //nologo c:\windows\system32\slmgr.vbs /skms 10.10.10.6:1688
cscript //nologo c:\windows\system32\slmgr.vbs /ato

# Windows 10 Enterprise Evaluation
<Upload skus-Windows-10.zip>
Expand-Archive -Force .\skus-Windows-10.zip C:\Windows\System32\spp\tokens\skus\
cscript.exe %windir%\system32\slmgr.vbs /rilc
cscript.exe %windir%\system32\slmgr.vbs /upk >nul 2>&1
cscript.exe %windir%\system32\slmgr.vbs /ckms >nul 2>&1
cscript.exe %windir%\system32\slmgr.vbs /cpky >nul 2>&1
cscript.exe %windir%\system32\slmgr.vbs /ipk M7XTQ-FN8P6-TTKYV-9D4CC-J462D
sc config LicenseManager start= auto & net start LicenseManager
sc config wuauserv start= auto & net start wuauserv
clipup -v -o -altto c:\
echo
cscript //nologo c:\windows\system32\slmgr.vbs /ipk M7XTQ-FN8P6-TTKYV-9D4CC-J462D
cscript //nologo c:\windows\system32\slmgr.vbs /skms 10.10.10.6:1688
cscript //nologo c:\windows\system32\slmgr.vbs /ato

Raditz - Unconstrained Delegation

  • Unconstrained delegation (HTTP-> RADITZ)
    • Add scheduled tasks to perform a web request from gohan to raditz -> It doesnt matter if you use SpoolSample
      • Mount a web site with domain authentication web
      • Resolve odd behaviour: When a user authenticates againts the machinethe user's ticket doesn't appear on the unconstrained machine
      • Try to delete win_feature "web-server" from raditz.

Gohan - Constrained Delegation

  • Constrained delegation (MSSL -> DC)
    • Install datase server
    • Enable xp_cmdshell -> El usuario tiene permisos para habilitarlo
    • Allow domain user to access the database
    • Add constrained delegation

Krillin - Vulnerable service

  • Create W10 WST
    • Install vulnerable a service
  • Install virtual studio code -> Too much time
  • Install hacking tools
  • Allow Non Admin users to restart the machine
  • Make vuln_svc sysadmin at MSSQL service
  • Install clamAV
  • Upload Office2016
  • Activate Office With KMS
cd "C:\Program Files\Microsoft Office\Office16"
for /f %x in ('dir /b ..\root\Licenses16\ProPlus2019VL*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%x"
cscript.exe .\OSPP.VBS /sethst:10.10.10.2
cscript.exe .\OSPP.VBS /act
  • Change from Windows Server To Workstation
    • Disable tamper monitoring
    • Install AD cmdlets
Get-WindowsCapability -Name RSAT* -Online
Add-WindowsCapability -Online -Name 'Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0'

Kali machine

  • Create a kali machine for Hyper-V
  • Set static IP
  • Fix sources.list keys
  • Fix error to install packages without upgrading the machine
  • Install Tools
  • Install apache2
  • Install samba server
  • Allow Remote RDP
[visualstudio]
path = /var/www/html/data
browseable = yes
read only = no
writeable = yes
guest ok = yes
public = yes
force user = auditor

Development Workstation

  • Activate KMS
  • Add Samba Script
 echo net use Z: /delete > kshare.bat && echo net use Z: \\10.10.10.4\visualstudio '' /user:'' >> kshare.bat
  • Install Visual Studio Code
  • Install Visual Studio

KMS Server

Tien

  • Install Offiice

Network Inspector

Networks structure:

graph LR
A[Windows] -->B[Ubuntu] <-->C(Internet)<-->D[Kali]
Loading

Ubuntu Machine with:

  • dnsmasq
  • Nginx
  • Snort

Windows machine with RDP

  • It is possible to RDP to the Windows machine, by performing local port forwarding using SSH through the Ubuntu machine