CentOS on Windows? Why not?

This post is about installing Linux distribution CentOS on Vmware under Windows. Sometimes a (wo)man needs a CentOS...and you can set it up easily based on this list!

1. Download latest Vmware Player 64 bit version(vmware.org), it's free.
2. Install it on Windows.
3. Go to http://www.osboxes.org/centos/ and download latest CentOS image.
4. Unzip it and edit CentOSXXX_64.vmx file, put this line there: ethernet0.virtualDev = "e1000"
5. Reboot your computer and check the virtualization settings in BIOS: they must be enabled (disabled by default on many computer, names vary per manufacturer).
6. Start Vmware player and open the CentOS virtual machine from the place you have unzipped it.
7. Edit virtual machine settings: at the network adapter the "Bridged" option should be set.
8. Start the virtual machine.
9. Whenever the CentOS is started you have to configure the network manually. As root go to /etc/sysconfig/ and check that the file called 'network' contains this line:

NETWORKING=yes

If not, add it (use nano or vi as editor ).
11. Reboot your virtual machine.
12. Open a console and type : nmcli d -> this command should list your network interfaces.
13. As root go to /etc/sysconfig/network-scripts and check if there is a file like this: ifcfg-YOUR_NETWORK_INTERFACE_NAME (e.g. ifcfg-eno1561651)
If not, create it (touch + name).
14. This file should contain the following lines:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

15. Go to Network settings on the UI (Applications - System Tools - Settings) and you should see a connection like "Wired". Press add profile and with default settings save the profile.

Now you should have a working CentOS with a working internet connection. Try it out with a browser and you will see immediately if the world is available. Enjoy!

How to access a windows system without logging in?

Yes, it is possible. And it's relatively easy. What do you need to do this?

If you managed to get in a Windows system with e.g. password guessing, brute force attack, eavesdropping or using any other technique, it can be important to set up a backdoor there, because if your intrusion is detected later, the user / pw pair you used can be removed or changed and you have lost your way in.
One solution for this is to do a little trick as soon as you got in.

The secret is the following: whenever the Windows asks a login name / pw pair, you can press the shift key a couple of times (five, to be precise) to switch on the socalled Sticky Keys. This option lets you use the SHIFT, CTRL, ALT and Windows Logo keys by pressing one key at a time.

Anyway, you have to realize that an application is run by Windows BEFORE you log in. And you just have to utilize this fact! So once you are in (with e.g. guessed pw), go to system32, find sethc.exe, create a backup for this file and copy cmd.exe to sethc.exe (overwrite). That's it! Next time when you log off and Windows asks for username / pw, you just hit the SHIFT key five times and you will get a command prompt...

Which opens up the system for you without logging in.

Voilá!

What data can you find on the net using just Google?

During a normal, usual penetration testing session the tester can use a broad range of free tools to scan the client's web application, web server, network, users, etc., and eventually he can write some new ones if he has time and experience in scripting. The information gathering (reconnaissance)  phase is all about searching for data. This can be done by actively pinging the client's network and servers or...how else? In a passive way? That sounds much better in some cases...

Every piece of functionality is already coded somewhere by someone, you just have to find it.

Even the searching is automated. By whom? Google, for example. I guess you know this company. Very hard to escape from them. Good work, Larry & Sergey!

So the secret is that Google can help you a lot in the information gathering phase.  You just have to be familiar with some searching operators, commands, which is interpreted by the Google searching engine and you will find your gold mine. You can find a lot of tutorials in the wild about the operators. Read everything carefully, take your time. 

Also, you can find a lot of examples. You can practice based on this and other ideas. You'll be surprised.

You might ask the question: what can you find on the net? 

Well, this question is not OK. 

Better would be: is anything that you can NOT find on the internet?

Google search tricks for penetration testers (ethical hackers) are called google hacks or google dorks. There is even a database for these search phrases! I mean, at least one.

You can find passwords, SSNs, private pictures, hidden webcams, police reports, salary lists, etc, etc. 

Oh. My. God. 

Yes.

 Learn something new every day about google search. Knowledge is power!

--- --- --- ---

Do you have a web page with important data? Do you sleep well?

Professional penetration testing. Mitigate the risk.

--- --- --- ---