Can hack Linux, but Windows...?

edited April 2020 in Machines

Hey there,

So I've had success with Linux machines, but trying Windows I seem useless (atleast with Active Directory!) https://www.tumblr.com/blog/c-cracks

Is there some essential tool I'm missing here? I've used a few of Impacket's scripts- the furthest I can get with Windows is the discovery of low-priv SMB credentials that I can't seem to do anything with! No write privileges, the machine isn't vulnerable to publicly known exploits, nothing. xD

I'm not mentioning the specific machine as I have a strict rule on solving things myself; I'm trying to pop a Windows cherry here and I seem to have picked a real awkard machine!

Anything like guides that don't just highlight the basics would be helpful! Like I said- I'm great with Linux, I even solved Symfonos 4 on VulnHub in a unique way! (not difficult but it proves my thinking is right!)

P.S: I'm asking for help because I can see that I suck at RPC/SMB enum and I want to be atleast capable in these areas. :') Was gonna enroll in OSCP at the beginning of May but wondering if I should wait a month or two with my incapability with Windows!

Comments

  • edited April 2020
    If you don't know anything about active directory I made a video on that



    But if you're familiar with all the basics and are asking how to exploit it... well it varies a lot. There isn't really a default method. It all depends on how things are configured and what you find. Hard to help without knowing more specifics about what you're stuck with.

    Having said that, a fair amount of machines on here have you using Impacket scripts like GetNpUsers and Secretsdump so they're often a good thing to try. I've made videos on both of those as well:
    https://www.youtube.com/channel/UCpoyhjwNIWZmsiKNKpsMAQQ

    Oh and another tool that a lot of people use for AD is Bloodhound so look into that
  • Also depending on which machine it is you're taking about, maybe smb is enough. Maybe you just need to enumerate more, rather than looking for known exploits. The windows machines I've released on here certainly focus more on that than traditional exploits
Sign In to comment.