of bob218
There are two structures for Windows networks, the server-client model and the peer-to-peer model. The server-client model is called > Domain and peer-to-peer is called > Worksgroup.
Windows Domain: In the Windows domain model, all users are connected to a domain controller and when users are logged in they actually authenticate against the domain controller. The domain controller has control of the network, for example it can disable accounts, security policies, password length or when it needs to be changed, etc.
An example of a domain type network is…a school or university where you can access your account from any computer. To configure a domain network, you must have at least one Windows server for the domain controller. If you want to know if a machine is part of a domain or workgroup you can visit:
Control Panel > System and Security > SystemActive Directory (AD): This is used as a central database to maintain all the configurations and users.
Domain Controllers: DC controls all aspects of security between a user and a domain. It is common to have at least two machines configured as domain controllers for emergency failure. Any Windows computer can be configured as DC. You can check for domain controllers with this cmd:
echo %logonserver%Server Message Block (SMB): SMB is a network communication protocol that provides shared access to files, printers, and serial ports on a network. Linux-based networks that need to be integrated with a Windows machine make use of SMB to do so.
Kerberos: Kerberos it’s more recent. Kerberos uses symmetric key encryption and requires three entities to authenticate. The default port for Kerberos is 88. It was not made by Windows, and is used in many unix systems.
How does it work ? When a user accesses the Active Directory domain, Kerberos is used to authenticate, and when the password is entered, it will be one-way encrypted and sent to the Active Directory where it will be compared to the password database. The Key Distribution Center (KDC) responds with a ticket (TGT) to the user machine. Kerberos provides more security than NTLM but is still vulnerable to attack.
These are the most common attacks against Kerberos:
Pass-the-ticket > The process of creating a session key and presenting such a forgery to the resource as credentials.
Golden Ticket > A ticket that grants access to the administrator of the user domain.
Silver Ticket > Acounterfeit ticket that guarantees access to a service.
Credential stuffing and brute force > continuous automated attempts to guess a password.
Declassification of encryption with Skeleton Key Malware > A malware that can bypass Kerberos, but the attack must have Admin access.
DCShadow attack > A new attack in which attackers gain sufficient access within a network to set up their own DC to use in further infiltration.
The main difference between Kerberos and NTLM and is the possibility of stronger encryption and extra third-party verification.
NTLM: NTLM is a challenge-response authentication protocol. It’s an old technology but still, in use, it saves passwords locally in the Windows SAM file. NTLM uses the md4 cipher to hash passwords. This is a weak algorithm that can be cracked easily.
In order to hack an NTLM you need to get the hash. The most common tools to crack a hash are Hashcat, JohnTheRipper, and Ophcrack. The main difference between these is that Hashcat supports GPUs which is much faster than CPU cracking. It is also important to remember that Windows passwords are stored in the SAM file, but this file is encrypted with the system boot key so to have access to the hashes you need both of these files.
# Some valid methods to attack the machine may consist of spear phishing attacks or trick the target system into authenticating with its current login credentials.
# Cracking techniques are based on brute force attacks that consist of attacks that process multiple possible combinations for a target until they find the correct match. Dictionary-based attacks consist of entering every word from a dictionary as if it were a password.
Workgroup: A workgroup is usually designed for a smaller network, where each computer checks its own security policies. Within a network of working groups users can view and share files. A network of working groups has its pros and cons, it is better because there is no single point of failure, and worse because you have to assume that users configure their machines safely.
Account in Windows: A difference between Administrator and System is that it is possible to give permission for a file to System but not to the Administrator. An example of this could be the SAM file, this has all the information of the local accounts, the system has access to this file, but the administrator no. The administrator is a user with the highest privileges.
Normal user, is created and stored as objects in Active Directory and used by us or by programs to access a computer. You can add a new user in Windows with the commands below:
net user Rob mypassword.7853#.! /add
# Add the user to administrator group (making it administrator)
net localgroup administrators Rob /addRegistry: Windows registry is a hierarchical database that is storing settings used by the operating system or other applications. You can edit the registry or view the database with the command:
cmd > regeditDrivers: Drivers on Windows are software that is allowing the operating system to communicate with the hardware. A few examples would be network cards, printers, graphic cards etc. If you want to view all the drivers installed on a machine, type in cmd:
cmd > driverqueryIIS and ASP: Internet Information Services (IIS) is a Windows web server and Activ Server Pages (ASP) is the scripting for IIS, the supported languages are Perl, JS, and VBScript.
DLL and BAT files: Dynamic Link Library is a library that contains instructions(code) that other programs can call upon to do certain things. Bat files in windows are the equivalent to bash scripts in Linux.
PS: I hope this content was useful and thank you for reading:)
💻 Follow me
👏 Give the article 50 claps
📚 Read more articles on Medium
🔗 Connect on social media Github | Kaggle
