Windows Penetration Testing

Disclaimer:

The information contained in these notes on Windows penetration testing is

intended solely for educational and ethical purposes. Unauthorized penetration
testing, hacking, or unauthorized access to computer systems or networks is illegal
and punishable by law. These notes should only be used in a controlled environment
where you have explicit permission to conduct such activities, such as in your own
lab setup or with authorized access.

The author of these notes assumes no responsibility for any misuse of the
information contained herein. Always obtain appropriate authorization and adhere to
ethical standards and all applicable laws when conducting any form of penetration
testing.
 INDEX
Sr. No. Description
1 Introduction to Ethical Hacker & Pentesting 03

2 Setup Labs for WIndows Hacking 03

3 Scanning Networks 05

4 0

5 0

2
SETUP LABS

Why do we need to set-up labs ?

Setting up a lab for penetration testing provides a safe, legal environment to practice
cybersecurity skills. It allows hands-on learning, tool proficiency, and the simulation of
real-world vulnerabilities without risking harm to live systems. Labs are customizable,
enabling controlled, repeatable testing that builds confidence and prepares testers for
real-world scenarios.

A penetration testing lab is a controlled, virtual environment that allows cybersecurity

practitioners to safely practice identifying and exploiting vulnerabilities. By isolating this
environment, testers can simulate attacks on various systems and configurations without
risking legal issues or impacting live networks. Labs are customizable, supporting different
operating systems, software versions, and network setups, enabling users to replicate
real-world scenarios with precision. They foster skill development, allowing testers to
become proficient with tools like Metasploit, Nmap, and Burp Suite, practice attack chains,
and build confidence in applying techniques. Labs are essential for anyone pursuing a
cybersecurity career or preparing for certifications, providing a secure space to experiment,
learn from mistakes, and refine strategies.

Let’s setup a lab

First we need to setup a Victim Machine in the we will going to install a
Metasploitable 3(Windows 8 server).

Steps:
1. Go to this website Github metasploitable3
2. Scroll down to Readme and you will find a To use the prebuilt images provided at
Download create a new local metasploitable workspace: Click on the Download button to
download a Metasploitable 3
How to configure Metasploitable 3 in Window 10 machine step by step guide Vulnera…

3. You will be check redirected to this website

3
4. Click on this:

5. You will be redirected to this:

Installing Kali Linux in vmware or VirtualBox

6. Now you will be Download VMWare or Virtualbox

Download VirtualBox virtualbox

7. Setup a Kali Linux in VirtualBox from this video

Install Kali Linux on Windows 11 for FREE

8. Setup a Kali Linux in VMWare from this video

How to Install Kali Linux 2023.1 on VMWare Workstation Player

4
Scanning Network

What is network scanning?

Network scanning is the process of identifying active hosts, open ports, and services used
by a target application. For an Ethical Hacker aiming to identify system vulnerabilities,
network scanning helps pinpoint potential entry points for attacks. By discovering these
weak points, security teams can take proactive measures to strengthen network defenses
against potential intrusions.

In any organization, networks can range from internal systems connecting devices within
the company to larger, internet-connected infrastructures. Regardless of the network type,
finding exploitable vulnerabilities is essential for assessing its security.

Network scanning serves as a foundational step to locate these vulnerabilities, allowing

ethical hackers and security teams to identify and mitigate risks effectively.

How does it work?

In penetration testing, scanning a network is a fundamental step to gather information

about the target’s internal infrastructure and identify potential vulnerabilities.

When working as a penetration tester for a company or organization, you will usually be
provided with credentials to access their networks. This access may be provided through
VPN credentials or other secure means, especially if you're working remotely. With VPN
access, you’ll be able to connect to the organization’s internal network securely, enabling
you to conduct tests without physically being on-site.

Once connected to the network, your first task is to identify the IP addresses of devices
within the target environment, particularly the target machine. This process often begins
with IP discovery to locate active hosts and endpoints within the network.

5
Why is network scanning important?

Given the high volume of daily cyber threats and the wide range of possible network
vulnerabilities, regular network scanning is crucial for maintaining network health and
protecting against cyberattacks. Network scanning is an essential component of network
security, identifying and addressing potential vulnerabilities and threats before they can be
exploited.

To be effective, network scans should be conducted routinely, even if there’s a slight

impact on performance during the process. These scans generate a comprehensive
network map, offering valuable insights such as:

- An inventory of all devices connected to the network.

- Details on key access points, including open ports.
- Detection of suspicious packets moving through the network.
- Real-time performance metrics displayed on dashboards.
- Reports summarizing overall network health and status.

Network scanning is a proactive approach to safeguard network integrity and support

ongoing security efforts.

Go Down 👇

6
Now,
First, we will check the IP address for Kali Linux. Here’s how to do that:

RedBox is a Kali Linux IPaddress.

Now,
We will discover a Target Machine IP Address:
Cmd: sudo netdiscover -i eth0 (i - for interface)

7
How to discover who owns an IP address?

In kali linux open another terminal and run a command ip addr

In redbox you can see the IPAddress of KaliLinux

Now, We can discover in ranges

Cmd: netdiscover -i -eth0 -r ip address of first three & start from 0
Eg: netdiscover -i eth0 -r 192.168.1.0 (in my ip address 192.168.1 is common)

You can also use a Nmap to Scan a Network.

Cmd: sudo nmap -sn (Your IP) Eg: 192.168.1.*

8
Now will we check of the machine send the packets to target machine or not

cmd: ping ip address

Ok, see 192.168.1.8 is my IP address of Target Machine (Yours can be different)