Showing posts with label Windows Hacking. Show all posts
Showing posts with label Windows Hacking. Show all posts

Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 using Potato

First check your IP Address of your local PC using ipconfig command


Now open command prompt, type net localgroup administrators command to check who all users are associated with administrator.
In my case I’m login with RAAZ user which is not a part of administrator


Now download Potato.exe from here and go to the Potato folder from command prompt and type

Potato.exe –ip 192.168.1.9 –disable_exhaust true –cmd “C:\\windows\\System32\\cmd.exe /K net localgroup administrators RAAZ /add”


Now it will open a firewall prompt, click on Allow access


Now again type net localgroup administrators, here you can see my user RAAZ is also a member of administrator.

Hack Windows 7 Password from Guest Account using 2015-1701 Exploit (Easy Way)

From Wikipedia
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.


The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.


Now here type net user command to change the admin password but it will show you the error “Access is denied”


Download CVE 2015-1701 from here and unzip in your Pc. Then go to the compiled folder in CVE Master. Here you will find 2 exe files for 32-bit user and 64-bit user(in my case I’m using 64-bit user).


Now run Taihou64.exe, it will open a command prompt with admin priveleges. Now you can change the password using net user command. Example is given below:
Syntax:
net user (username) *   then press enter


Note: This trick works only on Windows7(all versions) not available for Windows8 and Windows10 yet.

6 ways to Find Connected PC in your Network (Beginner Guide)

Fast Resolver
FastResolver is a small utility that resolves multiple host names into IP addresses and vice versa. You can simply type the list of IP addresses or host name that you want to resolve, or alternatively, you can specify IP addresses range that you want to scan. For local network, FastResolver also allows you to get the MAC address of all IP addresses that you scan. FastResolver is a multithreaded application, so it can resolve dozens of addresses within a few seconds.


Download Fastresolver form here and click fastresolver icon and select the IP range and click on ok.



Advanced IP Scanner
Advanced IP Scanner is a fast, robust and easy-to-use free IP scanner for Windows. In a matter of seconds, this utility finds all the computers on your network and provides easy access to their various resources, whether HTTP, HTTPS, FTP or shared folders. With Advanced IP Scanner, you can wake up and shut down remote groups of Windows machines.

Download advanced IP scanner from here. Click on the icon and enter the IP range. Click on scan.


SoftPerfect Network Scanner

SoftPerfect Network Scanner is a free multi-threaded IPv4/IPv6 scanner with a modern interface and many advanced features. It is intended for both system administrators and general users interested in computer security. The program pings computers, scans for listening TCP/UDP ports and discovers shared folders, including system and hidden ones.

Download SoftPerfect from here. Open the tool and enter the range to scan then click on start scanning.


Angry IPScanner

Angry IP scanner is a very fast IP address and port scanner. It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Download Angry IPScanner from here. Open the tool and enter the range and then click on start.


Netdiscover
Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.
Open Kali Linux terminal and write netdiscover. This will show the IPs of the systems in the network.


Nmap    
The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features.

Download Nmap from here. Open the tool and then enter the range. then select the type of scan then click on scan.

Hack Windows Password in Clear Text using Mimikatz and Windows credential Editor

mimikatz is a tool to check Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.


First Download mimikatz windows version from here. and right click on it & Run it as Administrator.


It will open mimikatz windows.


Type the following command to check  privilege
privilege::debug


Now type the following command to get users passwords in text mode.
sekurlsa::logonPasswords


Windows Credential Editor

Windows Credentials Editor (WCE) is a security tool that allows to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and clear text passwords).

First Download WCE from here.
Go to WCE directory & execute the following command as Administrator. And run the following command
 wce.exe -w It will show the password in plaintext

How to use Your Pen drive as a Password in Windows 7

Insert the Pen drive in Your PC
Now Open the Run Dialog box and Type 'compmgmt.msc ' and click OK button.


Select 'Disk Management' in left panel of computer management.

Right click your pen drive and select 'Change Drive Letter and Paths'



Click the change button and Change Drive Letter Select A and click OK button. Now your pen drive act like Floppy Disk.


Open Run Dialog box type syskey


Click on Update


Select 'Store Startup Key on Floppy Disk' and click OK button.



Finally, when you start your PC you need to insert pendrive. Without Pendrive you will not able to access your computer. So keep this Pendrive as PC password Protected safe.

How to Fix Disk Drive and Recover Data from Suddenly Became RAW

When attempting to access the drive in Windows you may see a message asking you to you need to format the disk in Drive E: before you can use it


After installing it on your computer, choose Complete Recovery which is used when hard drive or partition becomes inaccessible.


Select the file types you want to recover and select the "RAW" partition or other inaccessible logic drive and click "NEXT" to start scanning.


Select the files or directory that you want to restore and select a pass to save the files.

After above steps, you are able to recover files from RAW disk, save them and then perform format, you will achieve to repair RAW disk.

How to Hide File in Remote Victim PC

Once you got the meterpreter session use ‘shell‘command to get command prompt of  the target.

Type attrib +h +r +s (drive name) d:/Folder Name and press Enter button to activate it.

This will hide your "Video Folder" folder from D drive. No one can unhide this folder using "Show hidden files and folders" option also


 If you want to unhide the folder you may just change the parameters from ‘+’ to ‘-’ :-
attrib example -s –h

For unhide attrib -h -r -s (drive name) d:/Foldername

Hack Remote Windows Passwords in Plain Text with WCE


Windows Credentials Editor (WCE) is a security tool that allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos tickets and reuse them in other Windows or Unix systems and dump cleartext passwords entered by users at logon. WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing. It supports Windows XP, 2003, Vista, 7 and 2008.

First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)

Step 1: Now upload the wce.exe in victim pc using
Upload /pentest/passwords/wce/wce.exe .
Step 2: type shell to get the command prompt of victim pc
Step 3: now use wce.exe –w command to get password in text form

How to Secure your Wireless (Wifi) Network

Change Router Password
open a Web browser and type "http://192.168.1.1" in the Web browser's address bar, press "Enter," then type in the username and password for the router's control panel (the default is "admin" for both the username and password).

Click the "Maintenance" tab, then change Password


Change the Default SSID

An SSID is a 32-character alphanumeric key uniquely identifying a wireless LAN. Its refers to the name of your wireless connection, that you see on the “Available Wireless Connections” list from your laptop while connecting

Click on Interface Setup -> wireless settings -> Change the “Wireless Network Name (SSID)


Disable SSID broadcast

Click on Interface Setup -> wireless settings -> Broadcast SSID Select no or Disable


Enable MAC filtering 

Without MAC address filtering, any wireless client can join Wi-Fi network if they know the network name (also called the SSID) and perhaps a few other security parameters like encryption keys. When MAC address filtering is enabled users are granted or denied access to the WLAN network based on the MAC address of the client they use

Click on Wireless -> Wireless MAC Address filter -> Click on Activated radio Button


Enable Encryption

WEP (Wired Equivalent Protection) 64-bit and 128-bit: WEP is an old wireless encryption standard. Never use WEP encryption, which can be hacked within seconds.

WPA (Wi-Fi Protected Access): WPA-PSK is also refered as WPA-Personal. This is a new version of wireless encryption standard and more secure than WEP. Most of the wireless adapters on your laptop will  support WPA.

WPA2: This is the latest wireless encryption standard that provides the best encryption. Always use WPA2, if both your wireless router and laptop wireless adapter supports it.

Click on Interface Setup -> wireless settings -> Change Authentication Type" drop-down menu, select Authentication Type 


Best of Windows 7 Wireless Wi-Fi Commands

How to Detect list of available Wireless Networks

Click Start, click Run, type cmd, and then click OK, to open a command prompt.
At the command prompt, type

netsh wlan show networks mode=bssid


How to Connects to a wireless network

netsh wlan connect name=MTNL

Replace MTNL with your own profile name


How to disconnect to a wireless network

netsh wlan disconnect



How to show available Wireless Network profiles your PC

netsh wlan show profile


How to Saves WLAN profiles as XML files to the specified location

netsh wlan export profile name=MTNL


How to Block a Wireless Connection

netsh wlan add filter permission=block ssid=netgear networktype=infrastructure


If you want to block this computer from accessing all wireless network use denyall option in the command.

netsh wlan add filter permission=denyall networktype=adhoc


How to show the blocked network

netsh wlan show blockednetworks


How to show the installed wireless drivers

netsh wlan show drivers