Showing posts with label Windows Hacking. Show all posts
Showing posts with label Windows Hacking. Show all posts

Bypass Admin access through guest Account in windows 10

Open command prompt and check windows user account status using “whoami” command.

Account name is “joe” and account status is ‘DefaultAccount’ which is a non-administrator account type.
Try changing administrator using the ’net user’ command. You will see an error ‘Access is denied’

Now download “CVE-2017-0213_x64” from here and unzip in your PC. Go to the folder and you can find the .exe file, double click on it to run it.

The moment you double click on it, it will automatically open a new command prompt with administrator privileges.

Use ‘net user’ command to change the administrator account password. Message ‘The command completed successfully’ will appear. You have now successfully changed the administrator accounts password.

Bypass Windows Login Password using Android Phone with DriveDroid

Drive Droid is an Android application that allows you to boot your PC from ISO/IMG files stored on your phone. This is ideal for trying Linux distributions or always having a rescue-system on the go... without the need to burn different CDs or USB pen drives.

Drive Droid also includes a convenient download menu where you can download USB-images of a number of operating systems from your phone. You can also create USB-images which allow you to have a blank USB-drive where you can store files in. Blank images also allow you to use tools on your PC to burn images to the drive and create a bootable USB disk that way.

You can manually download it from google playstore.
Note: need root privilegde means you need rooted phone.

Let’s start!!!

Install DriveDroid app on your smartphone and run the application.

Click on plus sign at the lower right corner to add any iso image file.

Under preference here we need to select image directories so that we can browse konboot iso image file.

Further it will move into internal storage to let you choose your iso file, I have opt for konboot.iso and click on select (Please note that the kon-bootCD.iso file should exist on your phone)

Selected the koonboot iso file and it will get mounted

Tap on the mounted file and we can see three boot options as shown in the figure below Select the third option of CD-ROM and connect the smart phone with the system and reboot the system

Now plug the USB cable between phone and system for booting it from your phone and restart the system (pc) then continuously press function key of your desktop system.

Great!!! Successfully you will get administration console; now hit the enter button on the key board. This will bypass the admin console without entering password.

Setup VPN Penetration Testing Lab in Server 2008

You just need to follow the basic steps for configuring a remote access virtual private network (VPN) server using Server Manager, the Add Roles Wizard, and the Routing and Remote Access Server Setup Wizard. After you finish configuring a basic remote access VPN server, you can perform additional configuration tasks on client depending on the way you want to use the remote access VPN server.

 Start -> Administrative Tools -> Server Manager. Click Add Roles

This wizard helps you install roll on your server, click on next to continue

Check the status of “Network Policy Server” under Role Services and click on next.
Network policy and access services provides Network Policy server (NPS), Routing and Remote Access (RRAS), Health Registration Authority (HRA), and Host Credential Authorization Protocol (HCAP) ,which help safeguard the health and security of your network.

Read the requirements and click “Next” to continue.

On the following screen “Select Role Services” for Network Policy and Access Service, place a check mark on Routing and Remote Access Services and make sure “Remote Access Service” and “Routing” are selected as well. Click next to continue.

To install following role services for Network Policy and Access Service click on Install.

This show the summary of Remote Access services and Routing were installed successfully. Once the installation finishes, click close to end the wizard.
Till here I have completed installation of VPN in server.

To complete configuration in Routing and Remote Access follow these step.
Start -> Administrative Tools ->Routing and Remote Access

In the console that opens, right click your server name and right click on “Configure and Enable Routing and Remote Access “this configures Routing and Remote Access on the selected server.

In the Wizard you can enable any of following combinations of services. I will choose Custom Configuration for my server and click on Next.

Next is Routing and Remote Access server setup wizard in which I am going to decide which type of access should be allows to client to access server network.

You can configure the selected services in the Routing and Remote Access console. I am selecting the Check Box VPN access service on this server and click on next to continue

Now you have successfully completed the task of VPN access service in your server, to close this wizard click on finish.

Now you will get the dialog box which shows message that Routing and Remote Access service is ready to use. So click on Start Service.

Once the process is finished, and you are back on the main Server Manager window, routing and remote access should now be up and running.

Once you have successfully configuration of Routing and Remote, the administrator will select the desire user and give privilege to access the server through VPN connection for connecting client from different location.

 Start -> Administrative Tools -> Active Directory Users and Computers -> Right Click the properties of an user

Click on the Dial-In tab and under “Network Access Permission” select Allow Access. Click on Apply and Ok to finish. Only selected client will be able to connect with server network through VPN using different network.

This was first phase of VPN configuration on server-side performs by administrator.


Setting up a client connection to a VPN network is very similar to setting up an old-fashioned Dial-Up connection through a phone line. You need to enter a server address (hostname or IP), user and password. Once connected, this system will receive an IP address within the VPN network, so you’ll be able to access it from any other machines also connected to the same VPN network.

Click on the Start -> Control Panel ->Network and Internet -> Network and Sharing Center
Change your network settings click on setup a new connection or network option, this contains different types of network connection options like broadband, dial-up, VPN or set up a router or access point.

 Here you can many other options as I told, I will choose connect to a workplace to set a dial-up or VPN connections to your workplace. This option will set the connection to a workplace or say to our server for the client.

Now you will see next wizard for connect to workplace, which will ask for type of connection through which you will connect to your workplace or server.
My option will be use my internet connection (VPN) and the will be established using internet.

Now for connecting network you must aware of IP address of workplace or say server. it is the IP of my windows server 2008 r2 having VPN setup and configuration ,so I have mention this IP in Internet Address for connection.

Now I had set privilege for user pentest to Allow Access for VPN connection. When you will try to connect it will ask for your credentials for authentication. Client will enter his username and password for establishing connection and click on connect.

When given credential will be found authorized, it will allow client to connect with workplace and provide VPN connection.

This is unshared and secure connection over internet between client and server for sharing data in a transparent medium

To ensure that you have successful VPN connection open your command promot and type ipconfig this show another IP over LAN.

My IP is under PPP adapter VPN connection, which will be used for login in server to access network and share data, as I am also having my LAN IP This shows my VPN connection is established successfully

Control Remote PC using PSTools

PS Tools Kit is a collection of 13 tools developed by Mark Russinovich. These tools are command-line tool that lets you execute processes on remote systems and redirect console applications' output to the local system so that these applications appear to be running locally. All of these are special tools that are compatible with the NT windows version or later. Being a console application, these tools can work on both local computer and remote host. These tools require no manual installation of software on the remote system, and they let you specify alternative credentials to access the remote system. The "Ps" prefix in PsList relates to the fact that the standard UNIX process listing command-line tool is named "ps", so this prefix has been adopted for all the tools in order to tie them together into a suite of tools named PsTools.

Listed below are all tools in the said tool kit:
·         PsExec - execute processes remotely
·         PsFile - shows files opened remotely
·         PsGetSid - display the SID of a computer or a user
·         PsInfo - list information about a system
·         PsPing - measure network performance
·         PsKill - kill processes by name or process ID
·         PsList - list detailed information about processes
·         PsLoggedOn - see who's logged on locally and via resource sharing (full source is included)
·         PsLogList - dump event log records
·         PsPasswd - changes account passwords
·         PsService - view and control services
·         PsShutdown - shuts down and optionally reboots a computer
·         PsSuspend - suspends processes

Let us now learn how we will use these through command prompt one bye one

Firstly, let us open PSTool Kit and to do so open your command prompt and open PSTool kit using cd command as shown below : 

Once you have open PSTool kit, run dir command so that you can see the list of al tools.
Now, we run a command that will help us use PSGetsid tool in the Tool Kit. The command is:
PSGetsidc64.exe \\ -u administrator -p Ignite@123
Here, --> our victim's IP
-u --> denotes username
Administrator --> username
-p --> denotes password
Ignite@123 --> password

Executing these commands informs us about the SID of our victim's PC.
Next, we will learn about psinfo.exe tool which gives us all the necessary information of the remote PC. To make this tool work type:
psinfo.exe \\ -u administrator -p Ignite@123

After this command has been run, it will give you the information as you can see above.
Moving forward, we will now make psfile tool work by typing the following command:
psfile64.exe \\  -u administrator -p Ignite@123

Execution of this command will help us to see every file and directories that are remotely open on the PC of victim.
Our next tool is pslist and to make it work type:
pslist64.exe \\ -u administrator -p Ignite@123

This command lets us see the list of all the files on our remote PC as seen above.
Our next command is Psservice.exe which lets us know about all the services running on our victims' PC. The command is:
PsService64.exe \\ -u administrator -p Ignite@123

You can result in the above pic.
One of these tools helps us to see the logs of victim PC. That tool is psloglist.exe and the command to run this tool is:
psloglist.exe \\ -u administrator -p Ignite@123

So, like this our command is successful as we have our desired result.
Now, pspasswd64.exe is the most important tool as it lets us to change the password of a PC. And the command to achieve this is:
pspasswd64.exe \\ -u administrator -p ignite@123 administrator forever
Here, --> our victim's IP
-u --> denotes username
Administrator --> username
-p --> denotes password
Ignite@123 --> password
Administrator --> username (which we have to give again to specify that which user's password we want to change)

This can successfully change the password as shown in above image.
Another important tool is PsExec64.exe which takes us directly in the shell of victim's PC. Its command is:
PsExec64.exe \\ -u administrator -p forever cmd

Lastly our next tool helps us to shutdown remote PC. And for that just type:
psshutdown.exe \\ -u administrator -p forever

And as shown in the image above the remote PC will shutdown in 20 seconds.
So, these were tools in the PSTool kit and the commands to run them. These tools make our work alot easy and come in handy.
PS --> If you come across such dialogue box then always click on AGREE or else the above commands will not work. The image of dialogue box is shown below:

Pentest Lab Setup for Windows Server Environment (Beginner Guide)

To install Windows server 2008 R2 click this link

To install active directory in the windows server, assign static IP address.
Such as        IP Address   :
                       Subnet mask   :
                     Default Gateway   :
                     Preferred DNS Server :

                     Click OK

To install Active Directory, Type DCPROMO (Domain Controller Promotion) in Run Command
With Run as Administrator. Click OK.

To start the installation click on "Next"

Click next to move on

We going to install new domain Controller in new forest please select the option "Create a new domain in new forest" option and click on "Next”

Now we have to provide the name for new domain. It must be FQDN. In our case I used as the domain. Please click "Next" after it.

Select forest functional level to Server 2008 R2 to add domain controller of Windows server 2008 R2 or later.

In next window since it's the first DC we should make it as DNS server too. Leave the default selection and click on "Next"

If the wizard cannot create a delegation for the DNS server, it displays a message to indicate that you can create the delegation manually. To continue, click "Yes"

In next window it will show up the database location. If you want to change it physical location Click browse and do the changes or click on “Next" to proceed.

Choose a Strong Active Directory Restore Mode Password and click next twice to kick off the configuration

Next window is giving you a brief of the installation. Click on "Next

Then it will start the installation of the AD. It will take some time to complete.

When its done you will be notified and required to reboot your PC.