Psexec brute forcing credentials - brute-force

I am currently pen-testing with a Kali software installed machine and a Windows 8 installed Machine.
I am trying to gain access with a psexec_command attack with Metasploit.
Is there maybe a way that I could brute force the credentials for the psexec?

Yes you use a wordlist or generator against -p parameter of psexec.exe after getting a username with wmic.exe or another tool. I don't know of a way to get users in Linux I'm sure there is a tool though. With Linux you can probably do a bruteforce tool in bash using pipes or something.

Related

How to SSH into a Cisco ASA firewall with Windows Powershell?

Would like use powershell to do some monitoring of a VPN tunnel and if outage detected, auto reset the tunnel.
Can Windows powershell SSH into a Cisco ASA firewall for issuing a firewall command?
There is an SSH module. I've only limited experience using it to change ILO passwords on HP servers. However, I'm confident it can be leveraged for more elaborate work.
You can install with:
Install-Module Posh-SSH
Make sure to do this in an elevated console. I'd also point out there are other SSH modules, I can't vouch even this much but you may want to play with them. You can find them with something like:
Find-Module *SSH*
Yes, since Windows 10 v1809, ssh is a built-in tool in Windows. You do not have to install anything else. Just issue:
ssh -l <USERNAME> <DNS/IP>
like on linux.

VSCode: how to ssh remote connect to remote WSL2

Is it possible in VSCode to edit files within WSL2 of a remote PC. (This is like a combination of Remote-WSL and Remote-SSH.) I can connect to that remote PC via ssh and RDP.
The path \\wsl$\ does not seem to be available in my remote-ssh connection.
PCA - me, local, VSCode
^
|
ssh and/or RDP
|
V
PCB - remote, WSL2
(I currently have Windows OpenSSH set up on the remote PC, with the default CMD shell. I tried setting the shell to Bash but then the remote extension wouldn't install.)
Update Setting PC-B's ssh server shell to bash.exe does solve all my problems. I'm not sure why it didn't work before. See my answer below for more details.
Answering my own question I was certain I'd tried this before and it had not worked, but now that I try it again it works. Perhaps I just needed a reboot of Windows and WSL2.
Enable Windows SSH server on PC-B and set the shell to be bash.exe
# Powershell as Administrator
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Set-Service -Name sshd -StartupType 'Automatic'
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\WINDOWS\System32\bash.exe" -PropertyType String -Force
If you want authorized_keys-based login to this PC and your account is an Administrator account, you will need to follow the special instructions here: https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement (I have heard of having to manually fix the administrator_authorized_keys file permission at some point too. https://stackoverflow.com/a/64868357/600360 )
Using Remote-SSH connect VSCode from PC-A to PC-B (using Windows credentials) and tell VSCode that it is a linux server (because you're connecting to bash.exe within WSL2).
If you're behind a proxy server, add the proxy to your ~/.wgetrc.
Voila.
These steps taken from THE EASY WAY how to SSH into Bash and WSL2 on Windows 10 from an external machine where you can find more details.
If you want to connect to remote WSL, you probably should set it up to run own sshd instead of relying on hosting Windows to do the tunneling.
If I have got your problem statement right, the flow seems to be outlined in one of VS Code blog posts. Here I'll mention steps I think you will need to get to your target state.
Firstly, disable sshd on remote Windows so it does not occupy port 22. then, install and start sshd inside PCB:
# from PCB command prompt
# something like that, depending on your choice of distro
sudo apt remove openssh-server && sudo apt install openssh-server
# this would again depend on your chosen distro
sudo /etc/init.d/ssh start # after i do this - windows pops up a firewall prompt to allow me create a rule. you might need to add it manually
then you'd need to either enable password logins via ssh or (preferably) generate a key pair and put your public key into /home/your_name/.ssh/authorized_keys on PCB.
Assuming you have OpenSSH for Windows installed (this seems to be the client Remote SSH relies on), on your PCA follow something like so:
# something along these lines on your PCA
PS C:\WINDOWS\system32>ssh-keygen
# note location of .pub file and copy its contents into remote ./ssh/authorized_keys
# add generated private key to ssh-agent service
PS C:\WINDOWS\system32> Start-Service ssh-agent # if this fails - ensure service is installed and enabled
PS C:\WINDOWS\system32> ssh-add path\to\your\private_key # ensure you have dropped all permission except your own user
Watch out for permissions:
ssh keys are considered secret, so neither client nor server would start unless you drop all permissions from your key material. On linux do chmod 600 .ssh/authorized_keys, and for windows ssh-agent follow instructions from this SE answer.
The above may seem a bit daunting but is in fact very standard SSH setup procedure
easy steps
just update your vscode to the latest version
install Remote Development extension pack
allow WSL2 connection in the settings
if my answer helped you upvoted :D
I know it's been a while since the post, but here is a useful answer that uses Remote -- Tunnels extension.
https://stackoverflow.com/a/75389647
It appears that, for now, you need to manually install the CLI in WSL in order for it to work. The downloads can be found here. Since you are on Windows, I would recommend the x64 CLI download. When you extract the tar.gz file, you will get a file named code. I would recommend moving it to your home directory for ease. To open the tunnel, run ./code tunnel (from wherever you put the code file) to force the new CLI. If you use code tunnel it will still use the Windows version.
Source: https://github.com/microsoft/vscode/issues/171196

Using Putty to SSH ignoring all warnings in Perl [duplicate]

This question already has answers here:
Putty won't cache the keys to access a server when run script in hudson
(11 answers)
Closed 3 years ago.
I'm writing a Perl script to SSH into remote linux and maci machines from a windows. For that I'm running plink (putty link) command using qx. The problem is that when I try to run the plink command it gives a prompt
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is. ...... If you do not trust this host, press Return to abandon the
connection. Store key in cache? (y/n)
I have to automate the process of running a command remotely. So, I somehow want to bypass this warning.
I could think of two ways of doing this but don't know how to accomplish these
Somehow bypass this warning from putty itself through some command line options or other commands
Some Perl way of passing input to plink when prompted
Can anyone suggest how to do this either in one of above ways or some other solutions.
I solved it using pipes to pass Y to plink when prompted - echo Y | plink -ssh <user>#<host> -pw <password> <command>.
For more details refer to this answer. Also note the answer by #clay where he says
For internal servers, the blind echo y | ... trick is probably adequate (and super simple). However, for external servers accessed over the internet, it is much more secure to accept the server host key once rather than blindly accepting every time.
This was the case with me - I was using plink to ssh to internal servers.

Perl - copying directory from other machine to local machine

I'm trying to write a perl script which copies a directory with files from other machine to current machine.
I can use the scp command in shell but it requires a password. Also I don't have the following modules insatlled on my work area (and unfortunately I cant install them):
Net::OpenSSH
Net::SSH::Perl
Net::SCP
Net:: FTP
I do have installed Net::SSH
My mission is to copy the files from other machine to current machine. The main problem is that it requires a password to use scp on shell. Is there any elegant way to solve this problem?
The elegant way is to use public key authentication.
If you really need password authentication, well, besides the ones you listed there are other modules which would allow you to automate it. Check if you have available Net::SSH2, Expect or IO::Pty.
You may also be able to use use some ssh/scp client accepting the password from the command line or from an environment variable* as plink, pscp or lftp.
Another possibility is using the utility sshpass.
(* Note that passing passwords in the command line or in environment variables is a very insecure practice!)

Need to run command on a remote server with no access to remote desktop

As the title describes I need to run a command on a remote server and I do not have access to remote desktop! I head that this should be possible using Powershell, but I can't find any good tutorials on this.
Recommendations?
The easiest way is to use psexec.exe (Part of Microsoft Sysinternals).
You can also use powershell.
I wrote a blogpost about these two alternatives a few days ago:
http://blog.degree.no/2012/03/executing-commands-and-programs-on-a-remote-machine-using-powershell/
When using PSEXEC or PowerShell remoting you can execute a command on a remote machine, but it is not interactive with any currently logged on user. Using PowerShell requires 2.0 to be installed on your machine and remotely AND remoting must be enabled AND you must have admin rights on the remote computer.