Windows Hacking

When a Windows computer is hacked, it means (in a negative sense) that someone has broken into someone else’s computer. A computer that has no protection against viruses, spyware and other types of threats is extremely vulnerable to this.

Protect computer from hackers

You must always protect your computer from viruses, spyware and hackers; preferably with a good antivirus program that is always up-to-date, but having a antivirus solution is not enough. We will explain to you why.

What are hackers looking for?

Hackers hack your computer to steal or do illegal business. Hackers seek access to other people’s computers for various reasons.

The hacked computer can be used to secretly put illegal files on it, such as explicit content or other files that are prohibited by law for any reason; also illegal software, for example.

The hacker puts a program on your computer that causes your computer to send spam messages (aggressive advertising). Sending spam on a large scale is a criminal offense, so if it comes from your PC, the real sender is not at high risk of being penalized.

The hacker wants to find out the passwords of the owner of the computer, and gain access to bank accounts and to login names and passwords of (other) websites where something can be obtained (also think of online subscriptions of all kinds).

All by all, hackers are always looking for methods which they can use to gain access (to data).

Hacking protection

  • Good firewall
  • Good virus scanner and regular virus scanning
  • Spyware protection, and regular scanning
  • Be careful when downloading programs and never download illegal programs
  • Be aware of unknown attachments in emails.

Protect PC from viruses, spyware and hackers

There are several good programs that offer protection against hackers, viruses, trojans, spyware and malware, and so on. Norton is well known and updates every 10 to 15 minutes so that you are always optimally protected.

Hacking in a positive sense, how was that again?

True hackers originally do a good job. They are hired by companies to detect errors in computer systems and design solutions for them. Hackers are actually people who know a lot about computers. We have forgotten that because hacking is nowadays mainly associated with illegal practices.

Tools used for Windows hacking

Windows hacking tools should help you forward. They must take away the repetitive work, so that you can focus on your Windows hacking task.

There is a wide range of Windows hacking tools available on the web. We have collected some of them for you in a nice list. All of these tools are hosted on Github, and can be downloaded for free:

  • Exploitation : Windows Software Exploitation
  • hacking-team-windows-kernel-lpe : Previously-0day exploit from the Hacking Team leak, written by Eugene Ching/Qavar.
  • mimikatz : A little tool to play with Windows security – extract plaintexts passwords, hash, PIN code and kerberos tickets from memory.
  • Pazuzu : Reflective DLL to run binaries from memory
  • Potato : Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012
  • UACME : Defeating Windows User Account Control
  • Windows-Exploit-Suggester : This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
  • BloodHound : Six Degrees of Domain Admin
  • Empire : Empire is a PowerShell and Python post-exploitation agent
  • Generate-Macro : Powershell script will generate a malicious Microsoft Office document with a specified payload and persistence method
  • Invoke-AltDSBackdoor : This script will obtain persistence on a Windows 7+ machine under both Standard and Administrative accounts by using two Alternate Data Streams
  • Old-Powershell-payload-Excel-Delivery : This version touches disk for registry persistence
  • PSRecon : PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team
  • PowerShell-Suite : Some useful scripts in powershell
  • PowerSploit : A PowerShell Post-Exploitation Framework
  • PowerTools : A collection of PowerShell projects with a focus on offensive operations
  • Powershell-C2 : A PowerShell script to maintain persistance on a Windows machine
  • Powershell-Payload-Excel-Delivery : Uses Invoke-Shellcode to execute a payload and persist on the system
  • mimikittenz : A post-exploitation powershell tool for extracting juicy info from memory.

Windows hacking local passwords

To be able to break into Windows 10 to change your password, you need a Windows 10 installation medium. This can be an installation DVD or a bootable USB stick. If you don’t have one, you can easily create it with Microsoft’s Media Creation Tool. This will download an ISO image of the Windows 10 installation DVD, and you can use it to create a bootable USB stick. We will need this in the next step.

Boot the computer with the created recovery medium (DVD or USB stick) and – as soon as the first screen of the Windows 10 installation procedure appears – press the key combination shift + F10. A command prompt will now open. From this command prompt you will ensure that you will be able to log into Windows 10 outside of your Windows password and reset the password of your existing account.

With the trick explained below, we are going to replace the Accessibility function – which you can call up at the Windows 10 login screen, to call up a virtual keyboard, for example – with the command prompt, so that it starts up instead of the Accessibility tool.

The steps are:

  • Boot off a Windows 10 DVD (or USB)
  • When the WINDOWS SETUP screen appears, press SHIFT+F10 to launch a CMD window
  • Type ren c:\windows\system32\utilman.exe utilman.exe.bak and press the ENTER key
  • Type copy c:\windows\system32\cmd.exe c:\windows\system32\utilman.exe and press the ENTER key
  • Exit the Windows 10 setup (just power down)
  • Boot normally to your hard drive
  • At the Login Screen click the EASE OF ACCESS icon (beside the Power icon in the bottom right corner of the screen).
  • A new CMD window will appear
  • Type net user test /add and press the ENTER key
  • Type net localgroup administrators YOURNAME /add and press the ENTER key
  • Press ALT+F4 to close the CMD prompt
  • Click the Power icon (bottom right corner of the screen) and select RESTART
  • Sign in as YOURNAME without a password

Mimikittenz

mimikittenz

The aim of mimikittenz is to provide user-level (non-admin privileged) sensitive data extraction in order to maximise post exploitation efforts and increase value of information gathered per target.

Mimikatz

Mimikatz

Mimikatz is a well known Windows hacking tool, which is capable to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. Mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

Windows exploit suggester

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

Share this information