Commando VM - My Windows pen-testing Environment
Introduction
Hello all, today I just wanted to give a simple overview of my Windows based Pen-Testing environment, Commando VM, made by the guys over at FireEye. It may seem strange but I use Windows for the majority of all my cybersec work, as almost all business-like engagements are running some sort of Windows, and if you run the same system you can often interect with their system far better. For example native support for mapping smb shares, connecting your machine to a domain and browsing AD with tools like ldp, AD Users and Computers and Powershell modules like DSInternals and PowerView.
So firstly, I am going to go over the install process, the pros and the cons of the all-in-one installer. Then I will show you the base system, and finally I will show you what I have customised to make it more useful.
Install Process
Firstly, you will want to have a Windows vm configured with at least 4 Gb or Ram and a 60 Gb virtual HDD. You should also only install Commando VM in a virtual machine as you can create snapshots and if the installer fails it could break your windows install.
To start off the install process you need to make sure that you have no pending windows updates, which means you may have to update, reboot and then check again.
Once you have all the updates downloaded you can head over to the Commando VM GitHub Page, download the zip and extract it to your downloads folder.
Now open an admin powershell session in the same directory
Running the script
Now that the script is downloaded we need to set the Execution Policy to Bypass and we need to Unblock the file so the installer works correctly.
Unblock-File .\install.ps1 and Set-ExecutionPolicy Unrestricted -f
Now we can run the script with .\install.ps1
Let the script run and make sure you take a snapshot of your vanilla install. Once it is done you should be booted into a desktop with the wallpaper set and the README on the desktop.
Pros and Cons
Pros:
- The all-in-one installer is quite good as it is completly unattended so you can just leave it to run
- The installer makes sure your Windows environment is set-up in the right way before it proceeds.
- You can customize what package are installed by editing the
profile.jsonfile.
Cons:
- The installer take so damn long, 7 hours with 60+ Mbps internet, this is mostly caused by slow mirrors of packages you dont necessarily need like GIMP and Adobe PDF Reader.
What I have changed since install
Adding an anonymous SMB Share
The first thing I added was an anonymously accessable smb share to exfil files from windows machines, I have also used it for making copies of ntds.dit databases when I have compromised a backup operator, or admin account using wpadmin.exe
Firstly you need to create a folder in the C drive called shared
Next we need to open the properties and select, share this folder
Now head over to the security tab and add the guest and anonymous access as read/write
Finally, open local security policy
and drill down to, local policies, security options. Set these options and enable the guest account
Bingo! Now anyone can read and write to that share.
Extra programs
As Commando VM uses the Choco Package Manager we can seach the repo to find just about any program, a few I have installed are:
-
Cherrytree - for notes,
cinst cherrytree -
Ghidra - for Reversing and Malware Analysis,
cinst ghidra -
Immunity Debugger - Here
-
Softerra LDAP Browser - Here
-
NC for Windows - useful for reverse shells, exfil etc. Here
Conclusions
I really like Commando VM and the relativly simple install process combined with package customisation makes this my hands down favorite Windows pen-test platform, (not that there are many) but I will continute to use it for Windows engagements. Also, as Commando VM comes with Kali WSL installed, all you kali tools, like ammass and sqlmap are right here. This is why it is my choice for nearly every windows machine and what you will see me using in future Windows CTF writeups.
Thank you for reading and I hope you found this useful in some way.