# Commando VM - My Windows pen-testing Environment

## Introduction

Hello all, today I just wanted to give a simple overview of my Windows based Pen-Testing environment, Commando VM, made by the guys over at FireEye. It may seem strange but I use Windows for the majority of all my cybersec work, as almost all business-like engagements are running some sort of Windows, and if you run the same system you can often interect with their system far better. For example native support for mapping smb shares, connecting your machine to a domain and browsing AD with tools like ldp, AD Users and Computers and Powershell modules like DSInternals and PowerView.

So firstly, I am going to go over the install process, the pros and the cons of the all-in-one installer. Then I will show you the base system, and finally I will show you what I have customised to make it more useful.

## Install Process

Firstly, you will want to have a Windows vm configured with at least 4 Gb or Ram and a 60 Gb virtual HDD. You should also only install Commando VM in a virtual machine as you can create snapshots and if the installer fails it could break your windows install.

To start off the install process you need to make sure that you have no pending windows updates, which means you may have to update, reboot and then check again.

Now open an admin powershell session in the same directory

### Running the script

Now that the script is downloaded we need to set the Execution Policy to Bypass and we need to Unblock the file so the installer works correctly. Unblock-File .\install.ps1 and Set-ExecutionPolicy Unrestricted -f

Now we can run the script with .\install.ps1

Let the script run and make sure you take a snapshot of your vanilla install. Once it is done you should be booted into a desktop with the wallpaper set and the README on the desktop.

## Pros and Cons

Pros:

1. The all-in-one installer is quite good as it is completly unattended so you can just leave it to run
2. The installer makes sure your Windows environment is set-up in the right way before it proceeds.
3. You can customize what package are installed by editing the profile.json file.

Cons:

1. The installer take so damn long, 7 hours with 60+ Mbps internet, this is mostly caused by slow mirrors of packages you dont necessarily need like GIMP and Adobe PDF Reader.

## What I have changed since install

### Adding an anonymous SMB Share

The first thing I added was an anonymously accessable smb share to exfil files from windows machines, I have also used it for making copies of ntds.dit databases when I have compromised a backup operator, or admin account using wpadmin.exe

Firstly you need to create a folder in the C drive called shared

Next we need to open the properties and select, share this folder

Finally, open local security policy

and drill down to, local policies, security options. Set these options and enable the guest account

Bingo! Now anyone can read and write to that share.

### Extra programs

As Commando VM uses the Choco Package Manager we can seach the repo to find just about any program, a few I have installed are:

1. Cherrytree - for notes, cinst cherrytree

2. Ghidra - for Reversing and Malware Analysis, cinst ghidra

3. Immunity Debugger - Here

4. Softerra LDAP Browser - Here

5. NC for Windows - useful for reverse shells, exfil etc. Here

## Conclusions

I really like Commando VM and the relativly simple install process combined with package customisation makes this my hands down favorite Windows pen-test platform, (not that there are many) but I will continute to use it for Windows engagements. Also, as Commando VM comes with Kali WSL installed, all you kali tools, like ammass and sqlmap are right here. This is why it is my choice for nearly every windows machine and what you will see me using in future Windows CTF writeups.

Thank you for reading and I hope you found this useful in some way.

Categories:

Updated: