How to Enable and Monitor Firewall Log in Windows PC

For any network administration it is very important that he should know how to check firewall logs in his network in order to maintain security of system. In this article you will learn more about firewall utility where we have try to describe how can any person check firewall log in his private network.

LETS START!!!

Let have a look where you will learn more about firewall security. Open windows firewall then select advance setting on the left side under control panel home.

Here we are at windows firewall advance setting; explore its property tab present on the right side of window’s frame.

Now you can see the local computer property dialog box has been opened, here select the private profile option.

Here another dialog box will get appear in front of you to configure private profile for firewall.

Only we need to manipulate two things in this profile without disturbing other settings. Change “NO (default)” into “YES” for log dropped packets and log successful connection as shown in given screenshot. At last click on OK.

Now again we are at advance security setting of firewall here bring your cursor down toward monitoring option.  From screenshot you can see window frame for firewall monitoring where it contains general and logging setting.  As we want to read firewall logs therefore now click on the blue link given as file name under logging setting.

GREAT!!! Finally we can read firewall log and can investigate firewall traffic in our network.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Setup VPN Penetration Testing Lab in Server 2008

You just need to follow the basic steps for configuring a remote access virtual private network (VPN) server using Server Manager, the Add Roles Wizard, and the Routing and Remote Access Server Setup Wizard. After you finish configuring a basic remote access VPN server, you can perform additional configuration tasks on client depending on the way you want to use the remote access VPN server.

Start -> Administrative Tools -> Server Manager. Click Add Roles

This wizard helps you install roll on your server, click on next to continue

Check the status of “Network Policy Server” under Role Services and click on next.

Read the requirements and click “Next” to continue.

On the following screen “Select Role Services” for Network Policy and Access Service, place a check mark on Routing and Remote Access Services and make sure “Remote Access Service” and “Routing” are selected as well. Click next to continue.

To install following role services for Network Policy and Access Service click on Install.

This show the summary of Remote Access services and Routing were installed successfully. Once the installation finishes, click close to end the wizard.

Till here I have completed installation of VPN in server.

To complete configuration in Routing and Remote Access follow these step.

Start -> Administrative Tools ->Routing and Remote Access

In the console that opens, right click your server name and right click on “Configure and Enable Routing and Remote Access “this configures Routing and Remote Access on the selected server.

In the Wizard you can enable any of following combinations of services. I will choose Custom Configuration for my server and click on Next.

Next is Routing and Remote Access server setup wizard in which I am going to decide which type of access should be allows to client to access server network.

You can configure the selected services in the Routing and Remote Access console. I am selecting the Check Box VPN access service on this server and click on next to continue

Now you have successfully completed the task of VPN access service in your server, to close this wizard click on finish.

Now you will get the dialog box which shows message that Routing and Remote Access service is ready to use. So click on Start Service.

Once the process is finished, and you are back on the main Server Manager window, routing and remote access should now be up and running.

Once you have successfully configuration of Routing and Remote, the administrator will select the desire user and give privilege to access the server through VPN connection for connecting client from different location.

Start -> Administrative Tools -> Active Directory Users and Computers -> Right Click the properties of an user

Click on the Dial-In tab and under “Network Access Permission” select Allow Access. Click on Apply and Ok to finish. Only selected client will be able to connect with server network through VPN using different network.

This was first phase of VPN configuration on server-side performs by administrator.

SETUP VPN CONNECTION FOR CLIENT ON WINDOWS 7

 Setting up a client connection to a VPN network is very similar to setting up an old-fashioned Dial-Up connection through a phone line. You need to enter a server address (hostname or IP), user and password. Once connected, this system will receive an IP address within the VPN network, so you’ll be able to access it from any other machines also connected to the same VPN network.

Click on the Start -> Control Panel ->Network and Internet -> Network and Sharing Center

Change your network settings click on setup a new connection or network option, this contains different types of network connection options like broadband, dial-up, VPN or set up a router or access point.

Here you can many other options as I told, I will choose connect to a workplace to set a dial-up or VPN connections to your workplace. This option will set the connection to a workplace or say to our server for the client.

Now you will see next wizard for connect to workplace, which will ask for type of connection through which you will connect to your workplace or server.

My option will be use my internet connection (VPN) and the will be established using internet.

Now connecting network you must aware of IP address of workplace or say server. 192.168.0.106 it is the IP of my windows server 2008 r2 having VPN setup and configuration ,so I have mention this IP in Internet Address for connection

Now I had set privilege for user pentest to Allow Access for VPN connection. When you will try to connect it will ask for your credentials for authentication. Client will enter his username and password for establishing connection and click on connect.

When given credential will be found authorized, it will allow client to connect with workplace and provide VPN connection.

This is unshared and secure connection over internet between client and server for sharing data in a transparent medium.

To ensure that you have successful VPN connection open your command promot and type ipconfig this show another IP over LAN.

My IP is 192.168.0.104 under PPP adapter VPN connection, which will be used for login in server to access network and share data, as I am also having my LAN IP 192.168.0.105. This shows my VPN connection is established successfully.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets.

Remote Windows PC Enumeration using PSTools

PS Tools Kit is a collection of 13 tools developed by Mark Russinovich. These tools are command-line tool that lets you execute processes on remote systems and redirect console applications’ output to the local system so that these applications appear to be running locally. All of these are special tools that are compatible with the NT windows version or later. Being a console application, these tools can work on both local computer and remote host. These tools require no manual installation of software on the remote system, and they let you specify alternative credentials to access the remote system. The “Ps” prefix in PsList relates to the fact that the standard UNIX process listing command-line tool is named “ps”, so this prefix has been adopted for all the tools in order to tie them together into a suite of tools named PsTools.

You can download PSTool Kit from –> https://technet.microsoft.com/en-us/sysinternals/pstools.aspx

Listed below are all tools in the said tool kit:

  • PsExec – execute processes remotely
  • PsFile – shows files opened remotely
  • PsGetSid – display the SID of a computer or a user
  • PsInfo – list information about a system
  • PsPing – measure network performance
  • PsKill – kill processes by name or process ID
  • PsList – list detailed information about processes
  • PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
  • PsLogList – dump event log records
  • PsPasswd – changes account passwords
  • PsService – view and control services
  • PsShutdown – shuts down and optionally reboots a computer
  • PsSuspend – suspends processes

Let us now learn how we will use these through command prompt one bye one

Firstly, let us open PSTool Kit and to do so open your command prompt and open PSTool kit using cd command as shown below :

Get SID

Once you have open PSTool kit, run dir command so that you can see the list of al tools.

Now, we run a command that will help us use PSGetsid tool in the Tool Kit. The command is:

PSGetsidc64.exe \\192.168.1.104 -u administrator -p [email protected]

Here,

192.168.1.104 –> our victim’s IP

-u –> denotes username

Administrator –> username

-p –> denotes password

[email protected] –> password

System Information

Executing these commands for system information  of  remote PC.

Next, we will learn about psinfo.exe tool which gives us all the necessary information of the remote PC. To make this tool work type:

psinfo.exe \\192.168.1.104 -u administrator -p [email protected]

Share Folder

After this command has been run, it will give you the information as you can see above.

Moving forward, we will now make psfile tool work by typing the following command:

psfile64.exe \\192.168.1.104  -u administrator -p [email protected]

Process Information

Execution of this command will help us to see every file and directories that are remotely open on the PC of victim.

Our next tool is pslist and to make it work type:

pslist64.exe \\192.168.1.104 -u administrator -p [email protected]

Services

This command lets us see the list of all the files on our remote PC as seen above.

Our next command is Psservice.exe which lets us know about all the services running on our victims’ PC. The command is:

PsService64.exe \\192.168.1.104 -u administrator -p [email protected]

Log List

You can result in the above pic.

One of these tools helps us to see the logs of victim PC. That tool is psloglist.exe and the command to run this tool is:

psloglist.exe \\192.168.1.104 -u administrator -p [email protected]

Change Password

So, like this our command is successful as we have our desired result.

Now, pspasswd64.exe is the most important tool as it lets us to change the password of a PC. And the command to achieve this is:

pspasswd64.exe \\192.168.1.104 -u administrator -p [email protected] administrator forever

Here,

192.168.1.104 –> our victim’s IP

-u –> denotes username

Administrator –> username

-p –> denotes password

[email protected] –> password

Administrator –-> username (which we have to give again to specify that which user’s password we want to change)

This can successfully change the password as shown in above image.

Remote Connect Shell

Another important tool is PsExec64.exe which takes us directly in the shell of victim’s PC. Its command is:

PsExec64.exe \\192.168.1.104 -u administrator -p forever cmd

Shutdown

Lastly our next tool helps us to shutdown remote PC. And for that just type:

psshutdown.exe \\192.168.1.104 -u administrator -p forever

And as shown in the image above the remote PC will shutdown in 20 seconds.

So, these were tools in the PSTool kit and the commands to run them. These tools make our work a lot easy and come in handy.

PS –> If you come across such dialogue box then always click on AGREE or else the above commands will not work. The image of dialogue box is shown below

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

Pentest Lab Setup for Windows Server 2008 R2

To install Windows server 2008 R2 click this link

To install active directory in the windows server, assign static IP address.

Such as        IP Address   :    192.168.0.101

                       Subnet mask   :  255.255.255.0

                     Default Gateway   :  192.168.0.101

                     Preferred DNS Server : 192.168.0.101

                     Click OK

To install Active Directory, Type DCPROMO (Domain Controller Promotion) in Run Command With Run as Administrator. Click OK.

To start the installation click on “Next

Click next to move on

We going to install new domain Controller in new forest please select the option “Create a new domain in new forest” option and click on “Next”

Now we have to provide the name for new domain. It must be FQDN. In our case I used hackingarticles.in as the domain. Please click “Next” after it.

Select forest functional level to Server 2008 R2 to add domain controller of Windows server 2008 R2 or later.

In next window since it’s the first DC we should make it as DNS server too. Leave the default selection and click on “Next

If the wizard cannot create a delegation for the DNS server, it displays a message to indicate that you can create the delegation manually. To continue, click “Yes

In next window it will show up the database location. If you want to change it physical location Click browse and do the changes or click on “Next” to proceed.

Choose a Strong Active Directory Restore Mode Password and click next twice to kick off the configuration.

Next window is giving you a brief of the installation. Click on “Next”

Then it will start the installation of the AD. It will take some time to complete.

When its done you will be notified and required to reboot your PC.

Related Posts Plugin for WordPress, Blogger...