Time
7 hours 47 minutes
Difficulty
Advanced
CEU/CPE
10

Video Description

This lesson focuses on the net suite as pertains to the current machine. Participants learn about the following: Net local group: identifies groups on the local machine Net share: shows us what we are sharing (i.e. users and printers) Net user: user accounts

Video Transcription

00:04
that is a gentleman. Hello, and welcome to the post. Exploitation, persistence and continued access. Course I'm your residents. May Joseph Arian in this video, we're going to be discussing the nets. Um, well, actually discussing part of the net sweet. We'll actually be discussing more of them in the next couple videos. But this video will be specifically the Nets. Sweet as pertains to the current machine.
00:24
As you see, I've got a
00:25
a little sticky note up here. I stick note. Uh, there are a lot of these, and it's easy to get it mixed up, so
00:32
keeping a list of them around is a pretty handy way to go. So first we're gonna be discussing his neck net local group. It's pretty much exactly what it sounds like.
00:42
That local group is for identifying groups on the local machine again. These current net tools are specifically for your host that you're actively on right now. The next couple videos will be discussing the network and things on the other machines around you. So if we look at net local group
01:00
jumping right and we see they're a bunch of aliases and a bunch of group aliases specifically what they're and various things that are
01:10
on this machine. We CVM where is its own group with the administrators, backup operators, cryptographic operators, which is kind of an interesting one. Discriminated, discriminative distributed Tom users certainly hope there's no description discrimination taking place on my machine. Um, well, this is the Internet, and it's always something to be wary of. I suppose
01:30
home users that sort of thing. So having home uses this kind of handy because, you know that means they've got a home group up home users is the list of accounts who are basically accessible through that means remote desktop users is also really anyone because that tells you that in our next stage, the
01:48
second of the three stages, which is backdoor ing and
01:51
persistence, we know that already P is going to be a viable option for this Windows machine, which is always great news. Our DP is your friend.
02:00
So we see all the different groups we see groups that we can hide in network configuration operators. We see groups that we can use to sort of obvious Kate in disguise our presence later on when we actually create an account on this machine is Maleness commands. I do that all the time. And most likely after you get too used to this sort of thing, you'll probably start doing so as well.
02:21
All right, so the next thing we're going to see his net too big.
02:23
Which again? These air. Very self explanatory names. One thing Windows commands have going for them is you never have to guess I African big is kind of
02:31
tricky to figure out right out of the gate. But things like net config or something similar pretty easy.
02:37
So we see net config is the following running service's could be controlled server workstation,
02:44
huh? That means basically nothing on this machine is being served out. The network, which actually is telling us something, believe it or not, from a nets that earlier we saw that they're a bunch of ports open on this machine, that air connecting to other ports on this machine, seeing that this isn't actually serving. Oh, by the way, server and workstation actually
03:02
headers,
03:04
so there would be processes, underserved processes under workstation. Seeing this isn't serving out. Any important service is, you know, those are
03:13
things that aren't actually accessible from the network. They're only things for this machine to control on its own.
03:19
So, generally speaking, if you've got something like this, you don't need to bother and adding it to the log file. But,
03:25
uh, just a rule of thumb when in doubt
03:29
printed
03:30
So we go to our next net, which backed your handy, dandy sticky note is net share. That share tells us what we're sharing
03:38
mount shares.
03:39
So you see, I p c share
03:44
see, the user's is being shared. We see there something's being shared for a printer X p s print dollar, which is hidden print. Basically, uh, that kind of brings me to an important point. I p c share means that the person using this computer read me
03:59
is not a very good society mint, which is it's kind of true home. I'll admit it.
04:04
I'm not great on security practices on my machine that are used for various Random House things, but that's okay. The important thing is that by seeing an ABC share, we see that certain default shares were turned on my PC shares, something that if we were working on actually exploiting, were actually kind of pure wedding and dancing around this network
04:23
I p c share in C share and other dollar sign shares as they're called. Shares that are hidden are very, very useful gain access and we're all sorts of stuff and do all sorts of things to a machine.
04:34
Um,
04:36
if we were examining this from the outside or if we're using that share against a target,
04:41
for example, if we did it in this way
04:45
well,
04:46
not exactly that way. But if we if we did, ah, share checks against this I p,
04:51
we would actually be able to see
04:54
sort of more interesting things and actually be able to see on other machines what they've got open and what might be literally into.
05:01
All right, So
05:02
next night command,
05:04
we're going to kind of try and fly through these because the Net commands air useful but very self explanatory. And there's no reason to burn up too much of your time, just kind of
05:13
gazing at them.
05:15
It's a nice car, and we're gonna be using his net user.
05:17
That user is user accounts. So we see that this person read me
05:23
at least did some small degree of obfuscation. Admittedly, not a whole lot and got rid of the admin account.
05:30
When you see the admin account on a machine, you can pretty much thank your lucky stars because that means most of their defaulter enabled.
05:35
They're not really using a whole lot of security practices, and you're gonna be able to get some useful information out of him.
05:42
Uh, in this case, we see that their various accounts
05:46
uh, not really anything that we could be too certain off.
05:48
But we can say fairly safely that
05:54
Perry being the only named account is probably the account that gets used. Most often.
05:59
We can also cheat. Look, and see that
06:01
user we got in with Our exploit is in the sea. Users Perry. So, yeah, it's probably this Perry fellow. No idea who he is. So we're gonna go ahead and piping that user to our totally not hacking your stuff. I'll
06:16
being disagreeable there we go
06:18
or any clear things out. Now, before we end this video, which I know was going to be a blessedly short video with his little of me talking in any 10 minute span, as you could hope for, we actually are going to cover one more function of net, and this is a part of net that is going to be incredibly useful. And that is the Net helped.
06:35
That help is the obviously the help message or the help command for all of the net suite of tools. So we just do not help. This is what we get out of it. We see all of the different commands that net run
06:48
we see you know their accounts. Computer config continue file Group held blah, blah, blah, blah, blah, blah, blah. Help. Message is good for errors being thrown out. This is a great developer tool. If you never heard of it. And you do, lim, you do Windows development. You're missing out. Check it out.
07:02
Net session could tell you about some interesting things. Some of these will examine some of them. We don't really bother,
07:09
but in general it's good to know them. So one of the things I did a little bit ago when I didn't share
07:15
against another I P didn't work.
07:17
So if we wanted to be super elite uber elite hackers and make everything work exactly what we wanted to, we need to know how it actually happens so we can just do it. Net Help!
07:28
Share
07:30
Easy is that we had enter and we see. Okay,
07:32
so Net Sher Sher Name
07:34
share Name is Dr Colin Path.
07:38
They're a bunch of these different options.
07:41
Fair enough Said Net share is actually an admin tool. More than it is just a display toe.
07:46
It makes the servers resources available to network users.
07:48
So Okay, that means that net share isn't actually something that shows us other computer shares.
07:56
That explains the mistake I made earlier,
07:58
which I choose to call a learning experience because it makes me seem like I always know what I'm doing. And as you know, teachers never make mistakes, Mr. Learning experiences.
08:07
Excuse me anyway, So the important thing is that net share can let you serve things out to the network. Which means if I did something along the lines off, let's look at it. We see Dr Path.
08:22
Okay,
08:22
So if I did a net
08:24
share, see?
08:28
Well, it didn't quite work. Why is that? Oh, what we see,
08:33
we actually need something a little bit more specific than that. We need not share
08:39
sharing. Your stuff
08:41
equals C. How about no make sure you could leave to see how about now?
08:48
Oh,
08:50
and now, Sharon, you know, stuff is on the network, which means that what we just did
08:56
is, ah, post exploitation exploit or a great tool for
09:01
expel of information or just persistence, which again, well, actually discuss doing that as part of our steps later on.
09:07
What is something that I wanted to kind of demonstrate
09:09
by using this simple net share and by actually examining the help file and kind of going through and learning about it, we actually discovered that this Windows machine
09:20
has this great, useful tool that's gonna help us get a bunch of stuff out a little bit later on
09:24
for now. And because this is my home computer, don't really want that to be sitting there.
09:30
So how do we get rid of it? Well, if we look back up here, we see there's a super handy
09:35
delete.
09:35
So we're gonna do a quick and that share,
09:39
delete, and then we're obviously going to do sharing yo stuff,
09:45
and it was deleted and we could do a net share to check
09:48
and yes, gone.
09:50
So the reason why we kind of went on that quick tangent was so that you can see that net help and a lot of the net commands are very, very useful, and not just in the straightforward way, which kind of goes back to something. I want to kind of drive home about all the tools, all the things using. I've done my best to be pretty exhausted about everything I've shown you guys, but that doesn't mean I've actually covered every single detail.
10:09
It's all of these tools and all of these things I've been demonstrating. I recommend you take a few minutes
10:13
after each video between each video on your lunch break. Google, What have you
10:18
just kind of examine and really see what all these tools could do for you?
10:22
Ah, lot of these are tools that I've learned in basic classes over the year. This is, of course, being a fairly basic class itself tools I've learned in basic classes over the years that have let me
10:33
kind of expand on them and go through my own process and kind of create my own process using tools that
10:39
almost anyone has access to. But very few people really utilize, so it's something to definitely drive home and definitely to take home from this and every other lecture you've got,
10:46
which is explore on your own and really learned that the hacker mentality is playing with things and not being afraid to break.
10:54
So until next time I'm your residence. Me, Joseph Perry, this is your post exploitation, hacking, persistence and continued access course.
11:03
And, ah,
11:05
don't forget the help function.

Up Next

Post Exploitation Hacking

In this self-paced online training course, you will cover three main topics: Information Gathering, Backdooring and Covering Steps, how to use system specific tools to get general information, listener shells, metasploit and meterpreter scripting.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor