
This video provides an overview of the entire course.
Hacking is a legal gray zone, thus students need to understand that due diligence has to be practiced.
Understand what ethical means
Warn students that they need to understand the laws of their country
This course is for educational purposes only
We need a windows environment where all exercises in the course can be executed.
Understand the architecture of the network
Understand how the three machines relate to each other
Get ready to install the test machines
Kali Linux is used as the attacker’s machine. It needs to be installed.
Download Kali
Download Virtual box
Import Kali to Virtual box
Most of the attacks will be done against a Windows 10 machine that symbolizes a standard enterprise workstation. It has to be configured carefully so that all exercises could be run.
Download the evaluation version of Windows 10
Create a new virtual machine and install Windows 10
Do additional configuration
Enterprise environments usually run Windows Servers. In our test network it will be a Windows 2016 that will act as the domain controller as well.
Download the evaluation version of Windows Server 2016
Create a new virtual machine and install Windows Server 2016
Save the virtual machine
The Windows machine should connect to an internal network that also runs an Active Directory Domain.
Turn the Windows 2016 to a domain controller
Join the new domain with the Windows 10
Create dummy service on the Windows 10
To define the attack surface, we would like to know as much about the target network as possible.
Identify all running hosts on the network
Identify all open TCP ports
Identify all running UDP port
To be able to exploit services we need to know exactly what they are.
Find out what kind of service is running on a port
Identify the program that is running the service
Identify the exact version of the program
Exploit development is very time consuming and complex. In most penetration tests publicly available exploits are used.
Find a suitable exploit on the Internet
Understand and modify the exploit as necessary
Run the exploit and get access to the machine
A more extensive framework is needed to efficiently do testing. The Metasploit Framework offers various tools that will be used in every stage of a pentest.
Find suitable exploit in Metasploit
Choose payload for the exploit
Run the exploit
Although not real exploitation but lot of real attacks rely on files that are that are executed by a victim user after a social engineering attack.
Choose a payload that should be executed by the victim
Create a malicious executable with the payload
Social engineer the target user to run you executable
Modern Anti-Virus programs such as Windows Defender can detect a wide variety of malicious actions. Evading these tools is a typical cat-and-mouse game.
Choose a legitimate Windows executable that will be used to carry the payload
Download and run shelter to inject the malicious payload into the executable
Run a handler to receive the connect back shell
We learnt a lot in this section and it should be practiced.
Review what we learnt
Explain how exploitation can be practiced
Practice the given steps
We need to understand where we in the penetration test are and what are the at this point.
Understand what the post-exploitation phase is about
Usable and stable backdoor is needed to properly interact with the exploited machine.
Create a meterpreter payload
Execute a payload handler
Get to know the meterpreter shell
After a successful exploit the attacker inherits the privileges of the exploited application. If that is not administration or system privilege, then further exploits are needed to achieve maximum privileges on the target machine.
Look for a process that runs as SYSTEM
Try to find a way to manipulate that process
Get the SYSTEM process to execute our payload
Credentials are valuable assets that can be used in further attacks. Thus harvesting them on newly compromised machines is essential.
Harvest Windows password hashes
Harvest passwords from HeidiSQL
Collect credentials from memory
Most modern systems only store password hashes. The plain text passwords can be still recovered though.
Understand how hash functions wor
Run dictionary attack with hashcat
Run dictionary attack with John the Ripper
The attackers’ first connection could be broken by various events, such as a reboot. To avoid losing the machine it should be made sure that a persistent backdoor is installed.
Understand various ways to achieve persistence
Use PowerSploit to create a persistent backdoor
Execute the backdoor on the target machine
A compromised machine could allow access to a network segment that was previously not reachable. Using these techniques, the traffic can be tunneled through the compromised host.
Understand the concept of pivoting
Use the Metasploit autoroute module to route traffic to the new network
Use a SOCKS proxy and proxychains to access the internal network by tools outside of Metasploit
Usually only password hashes are stored by Windows. However these can be still used to compromise other machines.
Understand the legitimate use of using password hashes
Dump password hashes with mimikatz
Take over the domain controller with mimikatz
We will see some important measures that should be taken after this course to get success in the penetration testing.
Managing Windows security has always been a challenge for any security professional. As Windows is the most popular operating system in the corporate environment, this course will help you detect and tackle attacks early to save your organization data and money.
This course will follow a typical penetration test scenario throughout. At each stage, you will be shown all the necessary tools and techniques, and how they are applied. The whole course is hands-on to guarantee that you gain practical knowledge. You will start by setting up the environment and learn service identification and network scanning techniques. You will master various exploitation and post exploitation techniques. You will also learn to proxy traffic and implement the most famous hacking technique: the pass-the-hash attack.
By the end of this video tutorial, you will be able to successfully identify and tackle the flaws and vulnerabilities within the Windows OS (versions 7, 8.1, 10) using Metasploit and Kali Linux tools.
About the Author
Gergely Révay, the instructor of this course, hacks stuff for fun and profit at Multinational Corporation in Germany and in the USA. He has worked as a penetration tester since 2011; before that, he was a quality assurance engineer in his home country, Hungary. As a consultant, he did penetration tests and security assessments in various industries, such as insurance, banking, telco, mobility, healthcare, industrial control systems, and even car production.
Gergely has also built online courses and tutorials since 2014 on various platforms. During this time he has put a lot of effort into understanding how pentesting and offensive security can be taught efficiently.