Label: Not On Label (Kommando 192 Sef-released) - none • Format: CDr Numbered • Country: Germany • Genre: Rock • Style: Oi
For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform.
As security researchers, every one of us has probably spent hours customizing a Windows working environment at least once and we all use the same tools, utilities, and techniques during customer engagements. Therefore, maintaining a custom environment while keeping all our tool sets up-to-date can be a monotonous chore for all. Recognizing that, we have created a Windows distribution focused on supporting penetration testers and red teamers. This blog post aims to discuss the features of Commando VM, installation instructions, and an example use case of the platform.
Head over to the Github to find Commando VM. Penetration testers commonly use their own variants of Windows machines when assessing Active Directory environments. Commando VM was designed specifically to be the go-to platform for performing these internal penetration tests.
This list includes more than tools, including:. With such versatility, Commando VM aims to be the de facto Windows machine for every penetration tester and red teamer. The versatile tool sets included in Commando VM provide blue teams with the tools necessary to Kommando 192 - Demo their networks and improve their detection capabilities. With a library of offensive tools, it makes it easy for blue teams to keep up with offensive tooling and attack trends. Figure 1: Full blue team support.
This eases deployment and provides the ability to revert to a clean state prior to each engagement. We assume you have experience setting up and configuring your own virtualized environment. Start by creating a new virtual machine VM with these minimum specifications:. Next, perform a fresh installation of Windows. Commando VM is designed to be installed on Windows 7 Service Pack 1, or Windows 10, with Windows 10 allowing more features to be installed.
Once the Windows installation has completed, we recommend you install your specific VM guest tools e. From this point, all installation steps should be performed within your VM. Figure 2: Install script running. The rest of the installation process is fully You Killed Me First - Various - Beware The Cat #10. Depending upon your Internet speed the entire installation may take between 2 to 3 hours to finish.
The VM will reboot multiple times due to the numerous software installation requirements. Once the installation completes, the PowerShell prompt remains open waiting for you to hit any key before exiting.
After completing the installation, you will be presented with the following desktop environment:. Figure 3: Desktop environment after install. At this point it is recommended to reboot the machine to ensure the final configuration Liquid Poison - Phonic Senses - Liquid Poison take effect.
After Kommando 192 - Demo you will have successfully installed Commando VM! We recommend you power For Whom The Bell Tolls - Elmer Bernstein - Gone With The Wind the VM and then take another snapshot to save a clean VM state to use in future engagements.
Commando VM is built with the primary focus of supporting internal engagements. We get started with Commando VM by running network scans with Nmap. Figure 4: Nmap scan using Commando VM.
Looking for low hanging fruit, we find a host machine running an interesting web server on TCP portKommando 192 - Demo port commonly used for administrative purposes. Figure 5: Jenkins server running on host. We navigate to our Wordlists directory in the Desktop folder and select an arbitrary password file from within SecLists.
Figure 6: SecLists password file. Figure 7: Successful brute-force of the Jenkins server. We can take advantage of this and gain privileged command execution. Figure 8: Jenkins Script Console. Now that we have command execution, we have many options for the next step. For now, we will investigate the box and look for sensitive files. Through browsing user directories, we find a password file and a private SSH key.
Figure 9: File containing password. Figure Valid credentials for a domain user. Excellent, now that we know the credentials are valid, we can run CredNinja again to see what hosts the user might have local administrative permissions on.
It looks like we only have administrative permissions over the previous Jenkins host, Not to worry though, now that we have valid domain credentials, we can begin reconnaissance activities against the domain. Figure cmd. Figure 12 shows that we can successfully list the contents of the SYSVOL file share on the domain controller, confirming our domain access. Now we start up PowerShell and start share hunting with PowerView.
We are also curious about what groups and permissions are available to the user account compromised. Figure Get-DomainUser win. We also want to check for further access using the SSH key we found earlier. Looking at our port scans we identify one host with TCP port 22 open. We access the SSH server and also find an easy path to rooting the server. Figure Browsing shares in windomain. After going through many files, we finally find a Kommando 192 - Demo . Using CredNinja, we validate these credentials against the domain controller and discover that we have local administrative privileges!
All of the tools used in the demo are installed on the VM by default, as well as many more. For a complete list of tools, and for the install script, please see the Commando VM Github repo. We are looking forward to addressing user feedback, adding more tools and features, and creating many enhancements.
We believe this distribution will become the standard tool for penetration testers and look forward to continued improvement and development of the Windows attack platform. Report an Incident. Contact Kommando 192 - Demo . About Commando VM Penetration testers commonly use their own variants of Windows machines when assessing Active Directory environments.
Start by creating a new virtual machine VM with these minimum specifications: 60 GB of disk space 2 GB memory Next, perform a fresh installation of Windows. Make sure Windows is completely updated with the latest patches using the Windows Update utility. Note: you may have to check for updates again after a restart. We recommend taking a snapshot Gimmie Shelter - Rio Reiser - Am Piano II your Kommando 192 - Demo at this point to have a clean instance of Windows before the install.
Start a new session of PowerShell with elevated privileges. Commando VM attempts to install additional software and modify system Kommando 192 - Demo therefore, escalated privileges are required for installation. Within PowerShell, change directory to the location where you have decompressed the Commando VM repository. Figure 2: Install script running The rest of the installation process is fully automated.
After completing the installation, you will be presented with the following desktop environment: Figure 3: Desktop environment after install At this point it is recommended to reboot the machine to ensure the final configuration changes take effect. Proof of Concept Commando VM is built with the primary focus of supporting internal engagements. Figure 4: Nmap scan using Commando VM Looking for low hanging fruit, Kommando 192 - Demo find a host machine running an interesting web server on TCP porta port commonly used for administrative purposes.
Figure 8: Jenkins Script Console Now that we have command execution, we have many options for the next step. Figure Valid credentials for a domain user Excellent, now that we know the credentials are valid, we can run CredNinja again to see what hosts the user might have local administrative permissions on. Figure PowerView's Invoke-ShareFinder output We are also curious about what groups and permissions are available to the user account compromised.
Final Thoughts All of the tools used in the demo are installed on the VM by default, as well as many more. Previous Post. Next Post. Email Updates Information and insight on today's advanced threats from Kommando 192 - Demo .
You Can Depend On Me - Tony Bennett & k.d. lang - A Wonderful World, Drama - Mundpropaganda - Jetzt Oder Nie, Dance Exponents - Sex And Agriculture, I Give You Paradise (Anton Sever Chill Remix) - Various - Royal Chill Vol. 1 (File, MP3, MP3), Scarlet Tree - Free Design* - Sing For Very Important People