7MS #425: DIY Pentest Dropbox Tips - Part 2
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.
Today's episode is all about creating and deploying your own pentest dropbox! In part 1 I talked about some "gotchas" but this time around I'm ready to dump a whole slug of specific and updated tips on ya! Below are the tips covered in this episode that are better read than said:
For the Windows VM
- Turn on RDP with PowerShell:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
- Change time zone with command line:
tzutil /s "Central Standard Time"
- Install Chrome with PowerShell:
$LocalTempDir = $env:TEMP; $ChromeInstaller = "ChromeInstaller.exe"; (new-object System.Net.WebClient).DownloadFile('http://dl.google.com/chrome/install/375.126/chrome_installer.exe', "$LocalTempDir\$ChromeInstaller"); & "$LocalTempDir\$ChromeInstaller" /silent /install; $Process2Monitor = "ChromeInstaller"; Do { $ProcessesFound = Get-Process | ?{$Process2Monitor -contains $_.Name} | Select-Object -ExpandProperty Name; If ($ProcessesFound) { "Still running: $($ProcessesFound -join ', ')" | Write-Host; Start-Sleep -Seconds 2 } else { rm "$LocalTempDir\$ChromeInstaller" -ErrorAction SilentlyContinue -Verbose } } Until (!$ProcessesFound)
- Install PowerUpSQL:
Install-Module -Name PowerUpSQL
- Turn off sleepy time:
powercfg.exe -change -standby-timeout-ac 0
- Install DotNet 3.5:
dism /online /Enable-Feature /FeatureName:"NetFx3"
For the Kali VM
- Refresh the SSH keys:
apt install openssh-server -y
mkdir /etc/ssh/default_keys
mv /etc/ssh/ssh_host_* /etc/ssh/default_keys/
dpkg-reconfigure openssh-server
systemctl enable ssh.service
systemctl start ssh.service
- Get SharpHound and Mimikatz:
wget https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200519/mimikatz_trunk.zip
wget https://github.com/BloodHoundAD/BloodHound/raw/master/Ingestors/SharpHound.exe
- Install pypykatz
sudo pip3 install pypykatz
- Install CrackMapExec binaries (which at time of this publication is this one):
curl https://github.com/byt3bl33d3r/CrackMapExec/releases/download/v5.0.1dev/cme-ubuntu-latest.zip -L -o cme.zip