Quality Of Life changes

To have MAXIMUM optimization when doing the lab

Firewall

netsh advfirewall show allprofiles
netsh advfirewall set allprofiles state off

#Add a route to the IP you want
route add <IP_YOU_WANT_TO_ACCESS> MASK 255.255.255.255 <YOUR_GATEWAY>
route add 172.16.3.11 MASK 255.255.255.255 172.16.100.254

Firewall Rules

For Firewall rules usually it needs to be run under administrator

netsh advfirewall firewall add rule name="Allow Traffic from 172.16.3.11" `
dir=in action=allow `
remoteip=172.16.3.11 `
protocol=TCP `
profile=any `
description="Allow incoming traffic from 172.16.3.11"

New-NetFirewallRule -DisplayName "Allow Traffic from 172.16.3.11" `
-Direction Inbound `
-Action Allow `
-RemoteAddress 172.16.3.11 `
-Protocol TCP `
-Profile Any `
-Enabled True `
-Description "Allow incoming traffic from 172.16.3.11"

Disabling AV

Disable real time monitoring

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f

Disable IOAV Protection

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableIOAVProtection /t REG_DWORD /d 1 /f

AMSI

To break AMSI this website can also work

AMSI.failamsi.fail

Enabling WinRM, WMIEXEC, SMB

I had also used the tricks down in persistence to make it easier for me to get into my student machine and to confirm if it works?. well NXC says it does of course I censored my student no.

kali@kali ~> nxc wmi 172.16.100.XX     -u 'sawyer' -p 'Password123' --local-auth
RPC         172.16.100.90   135    DCORP-STDXX      [*] Windows Server 2022 Build 20348 (name:DCORP-STDXX) (domain:dollarcorp.moneycorp.local)
RPC         172.16.100.90   135    DCORP-STDXX      [+] DCORP-STD90\sawyer:Password123

PreviousReview NextPorts

Last updated 1 year ago

hashtagFirewall

hashtagFirewall Rules

hashtagDisabling AV

hashtagAMSI

hashtagEnabling WinRM, WMIEXEC, SMB

Firewall

Firewall Rules

Disabling AV

AMSI

Enabling WinRM, WMIEXEC, SMB