Today was a fun day because I was finally able to delve into Windows hacking.  I’ve been concentrating on unix machines for quite a while now, and have been very curious about the various hacks that can occur.  I now, finally, have some insights into them.

The thing is, I’ve been using Windows (both server and desktop) for years, and have been very aware of the defenses we use on an enterprise network to detect, track, and overcome attacks.  In fact, I was the lead on a project to get our network rid of the ‘welchia’ virus back in 2003; it was a crazy replicating virus that denied us our network, but didn’t cause any damage.  So knowing Windows, and having been an admin on several large networks, i’m realizing now just how much we didn’t know!

Taking advantage of the features within an Active Domain system, the hacks performed today weren’t even owning the boxes… they were simply intercepting things like password hashes via the standard operating procedures that Windows uses.  It was pretty easy, in fact… scary easy.

One of the things learned today that was a surprise to me was that I could run the program hashcat on Windows.  Throughout this journey, I’ve set up several versions of hacking platforms, and all had hashcat installed by default.  The problem always was the access to video card drivers.  I’ll probably write more about that at another time (I took notes each time I did an install), but for now, I’ll say that being able to run hashcat on Windows allows me to use my huge rig that houses my VMs to also access the graphics card directly.  VMs are unable to have direct access to the PCI bus, which is why I was building a bare-metal rig to do nothing but hashcat.  Now, I can use that as a backup firewall for my segmented networks, and also monitor the resources used by hashcat on Windows.  I thought that was pretty cool.

So overall, a LOT was learned today, and a possible change in my network structure was considered.  I haven’t changed anything yet, but if I do, I’ll write it up.  There’s a lot more to do in the Windows privilege escalation realm, and I’m well on my way to learning it.  I’ve purchased an entire course on nothing but this topic, and can’t wait to start it.  I’ll let you know if the class was worth it, but i have a feeling i already know the answer.  See my references page for all of the courses I’ve taken, and if they were worth the my time.