Key Commands and Techniques in Network Penetration Testing: Insights from The Art of Network Penetration Testing

In network penetration testing, understanding the system environment and being able to execute specific commands can be crucial in gathering information and performing various actions. The book The Art of Network Penetration Testing by Royce Davis offers several techniques for gathering information from both Windows and Linux systems. These commands can help testers assess the system’s state and potentially uncover vulnerabilities. Below are some essential commands and an interesting security bypass technique:

Commands for Gathering Information

For Windows Systems:

• IP Address Information:
  Ipconfig /all
• Environment Variables:
  Set
• List Current Directory:
  Dir /ah
• Copy a File:
  Copy from to
• Search a File for a String:
  Type file | find /I string
• List Running Processes:
  Tasklist /v
• Display a File’s Contents:
  Type file

For Linux Systems:

• IP Address Information:
  Ifconfig
• Environment Variables:
  Export
• List Current Directory:
  Ls –lah
• Copy a File:
  Cp from to
• Search a File for a String:
  Cat file | grep string
• List Running Processes:
  Ps aux
• Display a File’s Contents:
  Cat file

Sticky Keys Exploit

An interesting technique for bypassing the Windows login screen involves the Sticky Keys feature, which can be exploited by replacing the system file sethc.exe with cmd.exe. This allows an attacker to trigger a command prompt by pressing Shift five times before the login screen, granting them administrative access.

To exploit this vulnerability, the following command can be executed to grant full control over the sethc.exe file:

bash
Cmd.exe /C echo Y | c:\windows\system32\calcs.exe c:\windows\system32\sethc.exe /E /G BUILTIN\Administrators:F

This command uses the cacls.exe utility to modify the file’s permissions, changing it from read-only (R) to full-control (F) for the BUILTIN\Administrators group. However, note that modern versions of Windows may have protections in place to prevent this type of exploit.

Conclusion

As network penetration testers, understanding the environment and knowing the key commands for both Windows and Linux systems is fundamental. Additionally, methods like the Sticky Keys exploit, although patched in recent versions of Windows, serve as reminders of the importance of securing user access points.

For more in-depth penetration testing techniques, The Art of Network Penetration Testing by Royce Davis is a valuable resource. The techniques discussed above (pages 95-96) provide testers with powerful tools for assessing system security and identifying potential vulnerabilities.