The Penetration testers have created a substitute for the Kali Linux by creating Windows-based penetration testing distribution OS named “Commando VM.” FireEye created it, and this company has added a whole new bunch of hacking tools that are useful for performing Penetration testing and Ethical hacking. Blaine Stancill, Nhan Huynh, and Jacob Barteaux are the researchers of this software. Commando VM Download is also available on this page for virtual machines.
The automated installation scripts of Commando VM terraform the PC with windows into a stage which is applicable for penetration testing. The main reason behind the developing of this software is the Operating System as we know that performing penetration testing is not easy to play if you are using Windows. The Security Researchers gave all their time on modifying their windows for the suitable platform through which they can perform penetration testing.
But FireEye has made it very easy by developing this fantastic software. There are more than 140 tools and features which can be used for red teaming and penetration testing. Commando VM was released over the Github. Github also offers many different tools and hacking utilities which are Wireshark, Nmap, Sysinternals, Hashcat, Burp-Suite, Remote Server Administration Tools and Mimikatz.
What is Commando VM (Complete Mandiant Offensive VM)?
Most of the Penetration testers use their own Windows machines whenever they assess the Active Directory environments. This software was specially designed for performing the internal penetration tests in the form of a go-to platform as we have discussed above the Advantage of using the Windows OS to perform the penetration testing because it contains all of the essential tools and features of active directory and windows.
MyGet, Boxstarter, and Chocolatey are the packages which are required by the Commando VM to install the complete software. These packages also consist of different tools and utilities which supports the penetration testers in performing the penetration testing. There are 140 pools in total, and the important tools are listed below:
- Remote Server Administration Tools
With all of these tools, it is straightforward to perform penetration testing. The main aim of the Commando VM is to be the one only software which can perform the penetration testing using the Windows OS. This software can also be used for the red teamer. There is also blue teamer version of the Commando VM for the blue teamers.
There are also all of the essential tools required by the blue teamers to improve their detection capabilities and to audit their networks. There is also a whole library of offensive tools available in the blue teamer version of the Commando VM. This library makes it a whole lot more comfortable for the Blue teamers to keep up with attack trends and offensive tooling.
How to Install Commando VM on a Virtual Machine
To use the Commando VM, I would recommend you to use it inside a virtual machine. The virtual machine provides you with the ability to return to the clean state preceding towards each engagement. Let’s assume that you already have the experience of configuring and setting up the virtual machine environment. The first step in installing the Commando VM is to create a new VM (Virtual Machine) with the following specifications:
- Memory: 2 GB.
- Disk Space: 60 GB.
The latest version of the Commando VM can be installed on the new version of the Windows. You can install Windows 7 SP1 (Service Pack 1) or any version of the Windows 10. (There are additional features available for Windows which are needed to be installed).
Once you have installed the fresh copy of windows the next step that you have to do is install the specific VM guest tools (For example VMware Tools) to install the additional features (such as Screen Resizing and Copy/Paste). Now you have to perform all of the next installation steps in the Virtual Machine. Have a look at the best virtualization software for creating virtual machines.
These steps are as follows:
- The first thing you have to check is that if your version of windows is updated or not. You can check for the updates in the control panel of your windows and install the latest updates if there are any available and then restart.
- I recommend you to take a screenshot of the VM at the current point to have a clean situation of Windows before installing it.
- You can download the latest version of the Commando VM from Github as I have mentioned before. You can download the compressed version of the Commando VM in your Virtual Machine from Github.
- After downloading the latest version of Commando VM. You have to install it by following these simple steps:
- The first step in establishing the Commando VM is to decompress the compressed file of the setup.
- The second Step that you have to follow is to start a new session of PowerShell with all of the Elevated Privileges. There are also some of the additional software required of the Commando VM. These files are installed automatically by the Commando VM installer. It also modifies some of the settings of your System.
- The third step you have to do is to change the directory location where you decompressed the Commando VM repository.
- The next step you have to do is to change the PowerShell’s execution policy by executing a specific command in the PowerShell and answering it with “Y” as a yes. You have to answer it when the PowerShell prompts the following Command:
- Now the fourth step you have to do is execute the installation script named “install.ps1”. A new prompt will be displayed in which you will have to enter the Current logged in user’s password. This password is required by the Commando VM to log in the software after the reboot automatically.
Once you have completed the manual installation of Commando VM. The next process of installation is fully automated. This automatic installation depends on the speed of your internet connection speed. If you have a good internet connection, then it will take approximately 2 to 3 hours to complete the installation. Your Virtual Machine might restart several times when this automatic installation is running. Once the installation process is completed, the PowerShell prompt will remain open waiting for any command before exiting the software. When the installation has completed the following desktop environment will be displayed on your screen.
After the installation has completed, I will recommend you to restart your Virtual Machine to perform the final configuration changes to take effect. Once your machine has rebooted the Commando VM will be successfully installed. After that, you should power off or exit the Virtual Machine and then take the last screenshot to save the VM state if you want to use it in the future engagements.
Why Commando VM is the best Windows Offensive Distribution
Commando VM gives a straightforward method of setting up a windows penetration testing environment by decreasing the Process of VM deployment and provisioning. FireEye further explains this information in their Blog post.
All the other security teams verbally fight about this technology as it is a beneficial element which is used for the penetration testing conflicts which includes the assessing of Active Directory environments.
The advantages of using Commando VM in Windows OS is that it includes all of the Native support for the Active Directory and Windows, use of tools or features such as Blood Hound and PowerView, using VM as an execution area for C2 frameworks and browsing shares more easily without worrying about the placing of output files.
Commando VM consists of the internal supporting engagements. The developers of this software have created the Active Directory Deployment which is used to showcase the capabilities of Commando VM. There is a possibility that this test environment might be false or phony.
The first thing by which we get started with Commando VM is by performing network scans with the use of Nmap.
After scanning the networks, we try to find the running host machine on a web server of TCP port 8080. It is a port which is used for the everyday Administrative purposes. We can connect to the server via TCP port 8080 over via HTTP by using the Firefox.
After using the Nmap, we are going to use the Burp Suite’s intruder, and then we will try to Brute-force the login. After that, we will navigate our wordlists directory and select an arbitrary password file from within the SecLists in the Desktop folder.
Now once we have configured analyzing the responses and Burp’s Intruder, then we can see that the password=” admin” allows us the access to the Jenkins Console.
Well, you might know that the Jenkin’s server is already installed with a Script Console and it will execute as “NT AUTHORITY\SYSTEM on the Windows by default. We can gain privileged command execution by taking advantage of this Script Console.
After the command execution has been finished, then we have many options available which we can apply on the next step. Now we will look for the sensitive files and investigate the box. We will find a private SSH key and a password file after browsing the user directories.
Now we will use the CredNinja and we will try and validate these credentials against the Domain Controller.
Recommend to read: How to Fix Most Common Windows 10 Problems.
So now we have the credentials and we know that they are valid credentials, so now we can again run the CredNinja to view what the user might have as the local administrative permissions.
At this point, we only have the administrative permissions which are available over the previous or old Jenkin hosts, 192.168.38.104. We don’t have to be worried because we have the valid domain credentials; this means that we can begin the inspection activities against the specific domain. To do that we have to execute /netonely /user:windomain.local\niso.seperky cmd.exe and after entering the password we will have the running and turned up an attested command prompt.
In the previous image, we can see a list of the successful contents of SYSVOL file share on confirming our domain access, or the domain controller. Now we will start share hunting by starting up the PowerShell.
Commando VM Windows Desktop Screenshots
Commando VM Free Download – Windows Hacking Distribution
- Version: 2019
- Developers: FireEye
- Price: Free
- Category: Hacking/Penetration Testing
More related pages you will love to read:
- How to Hack ISP for Free Internet (PPoE/PPPoE Freenet)
- 8 Best Linux Distributions for Hackers and Penetration Testers
- Cybersecurity and Ethical Hacking Terminology, Lingo, Slang and Acronyms
- The Best Hacking Books To Learn Penetration Testing and Hacking
Popular Windows Hacking Tools:
In this guide, we talked about the software which is used to perform penetration testing. I hope you enjoyed our review of Commando VM. It is an absolute beast of an operating system with all the tools you need for penetration testing and red teaming.
In this guide, we further discussed some of the great hacking tools and essential tools which are required for penetration testing. We also there examples and learned there working. We also discussed the whole installation process of this fantastic software. Then we discussed the further two types which are the red teamer and blue teamer. We also discussed the additional files which are required to install with this software. To find out more about Commando-VM visit FireEye’s blog.