Basics
Windows Networks
There are two ways to structure a Windows network:
Domain → server-client model
Worksgroup → peer-to-peer like model
Windows domain
On a Windows domain:
All users are connected to a domain controller
When you log into a machine it authenticates against the domain controller
The domain controller decides the security policies (lenght of password, how often it should be changed, disabling accounts, etc)
The person in control over the domain is in control of the network
Hackers have interest in gaining access to the domain controller with Administrator privileges to control the network
Since you authenticate against a domain controller you can log in to your account to any of the machines in the network (school/universities systems)
In order to set up a Domain network you need at least one Windows Server for the Domain Controller
To know if a machine is part of a domain or workgroup go to
Control Panel
>System
. If it saysWorkgroup: something
it means the machine is connected to a workgroup, not a domain.
Active Directory
Active Directory has been program used for maintaining the central database of users and configurations.
Domain Controller
Any windows computer can be configured to be a domain controller
The domain controller manages all the security aspects of the interaction between user and domain.
There are usually ate least two computers configured to be domain-controllers, in case on breaks down
If you have compromised a machine that belong to a domain, you can check if it has any users since DC's don't have local users.
If you run enum4linux you can look out for this section:
Other way is to run this command:
SMB
On networks that are based on Linux and you need to integrate a windows machine you can use SMB to do that.
Kerberos
Kerberos is a network authentication protocol
It is used by windows Domains to authenticate users
Usually, a machine having port 88 open (default kerberos port) can be assumed to be a Domain Controller
When the user insert her password it gets one-way encrypted and sent with Kerberos to the Active directory, which then compares it with its password database
The Key Distribution Center responds with a TGI ticket to the user machine
Workgroup
A workgroup architecture stands in contrast to the domain-system
If a computer is part of a workgroup it cannot be part of a domain
In a workgroup architecture each computer is in charge of its own security settings
In a workgroup users can see each other and share files
User Privileges
System (user)
System is not a user, is technically a security principle
One big difference between System and Administrator is that if the computer is connected to a domain, the system user can access the domain in the context of the domain account while the administrator cannot
On Windows it is possible to grant permission of a file to System byt not to Administrator
One example of this is the SAM key. The System user has access to thos information, but the administrator does not
Administrator
Administrator is a default account on Windows. It is the user with the highest privileges.
Normal user
The normal user obviously has less privileges than the Administrator.
You can add a new user through the cmd with the following command:
Windows Structure
Registry
Well the windows registry is a hierarchical database that stores low-level settings used by the OS or any other application that uses it. The SAM (Security account manager) uses it, along with a lot of other stuff.
Edit the registry
In Windows you open Regedit and you can see the whole hierarchy. The registry is built with Key-value pairs.
Drivers
Drivers are software that lets the OS communicate with the hardware. Like networks cards, graphics card, printers, etc. To list all the drivers in the machine we use the following command:
This can be good to know since drivers can contains vulnerabilities that can be used for priv-esc.
IIS - Windows web server
IIS stands for Internet Information Services (before it was Internet Information Server).
The software is usually included in most Windows versions, except for the home editions. The IIS version usually corresponds to the OS version. There is a new IIS version for every new OS, in general.
ASP
Active Server Pages is the scripting environment for IIS. ASP renders the content on the server side. The scripting languages that are supported are: VBScript, JScript and PerlScript
File types
BAT
.bat
→ windows equivalent to bash-scripts
In order to write a batch script you just write your commands in an editor, then save it as something.bat
and run the script from the cmd
DLL - Dynamic Link Library
A DLL file is a library that is used for one or more programs.
It is a binary file that it is not executable by itself, but contains code that an executable calls.
It is used to modularize the code of a program
Since dll-files are dynamically loaded at run-time, they are still around for the user to see
LIB
Libs is a bit like DLL, it is a library
Lib-files are linked on compile-time while dll-files are linked on run-time
Since lib-files are compiled into the executable, usually you will never see them (unless you are developing them)
Last updated
Was this helpful?