AKUMA
  • README 🥷🏽
  • Red Teaming 👹
    • Loading 50% 😒
  • 👿BLUE TEAM
    • YARA rules
  • 📦Containers
    • DOCKER
      • Docker Security & Pentesting
        • Commond Docker error
      • 8 Best Practices for Docker Host Security
  • Windows Hardening 🛡️
    • Windows Active Directory Pentesting
      • Dll Hijacking
      • MSDT - Microsoft Support Diagnostic Tool Vulnerability
      • AD Enumeration TOOL
      • AD Certificate Templates
      • Kerberos Delegation
    • Windows Security Controls
      • Applocker Basics
    • Powershell Cheat sheet
    • AMSI Bypass
  • Linux Hardening 🛡️
    • Page 1
  • Network Services Pentesting
    • Footprinting Cheat sheet
      • 21-FTP
      • 161-SNMP
      • 445-SMB-139
      • 2049-NFS
      • 53-DNS
      • 587-SMTP
      • 143-IMAP/POP3
    • Juicy Curl
  • Pentesting Web
    • 100 Web Vulnerabilities, categorized into various types
    • Deserialization
      • Node.js Deserialization
    • SHODAN DORK
    • Vulnerabilities PAYLOADS
      • Directory Traversal Payload
      • Html-Injection-Read-FIle
      • Html-Injection
      • OS-Command-Injection
      • SQL-Injection-Auth-Bypass
      • PHP-Code-Injection
      • SQL-Injection
      • SSRF Basic
      • SSRF
      • XML-External-Entity
      • XSLT (eXtensible Stylesheet Language Transformations)
      • XSS Cheat Sheet
        • XSS
        • XSS -
        • XSS-polyglots
        • Cloudflare's XSS protection
    • Base Information
      • File-Extension-Inclusion
        • File-Inclusion-Windows
        • File-Inclusion-Linux
        • File-Extension
      • Media-Type-(MIME)
      • Windows-Sensitive-Files
      • Linux-Sensitive-Files
      • Linux-Log-Files
  • Blogs
    • How I Passed HTB Certified Penetration Testing Specialist
    • A comparative analysis of Open Source Web Application vulnerability scanners (Rana Khalil)
    • Sean Metcalfe Path for AD
    • Secure Docker - HackerSploit
  • Projects
    • HOME LAB
      • HOME LAB Blogs | Active Directory
        • Active Directory Lab Setup - 101
        • Active Directory Lab Setup - 102
        • Active Directory Lab Setup [ AD Enumeration ] - 103
        • Active Directory Lab Setup [AD Attacks ] - 104
      • Home Lab | Splunk Setup & Configuration
    • HOSTING A WEBSITE AND HARDENING ITS SECURITY
  • CTF- Writeups/ Solutions
    • HTB - Advanced Labs
      • Fortress
        • Jet
        • Akerva
        • Context
        • Synacktv
        • Faraday
        • AWS
      • Endgames
        • Ascension
        • RPG
        • Hades
        • Xen
        • P.O.O.
    • idekCTF 2024 🚩
    • TFC CTF 2024 🏳
    • DeadSec CTF 2024 🏴
      • Bing2 (web)
      • Mic_check (misc)
      • Windows Server (OSINT)
    • ImaginaryCTF 2024 🚩
      • cartesian-1 [Forensics]
      • packed [FORENSICS]
      • bom [FORENSICS]
      • BANK [MISC]
    • NahamCon CTF 2024 🏳
      • all WARMUPs
      • Base3200
      • The Hacker Webstore
      • iDoor
      • All About Robots
      • Thomas DEVerson
      • Helpful Desk
      • Curly Fries
    • Cyber Apocalypse 2024: Hacker Royale 🏴
      • Unbreakable [MISC]
      • StopDropAndRoll [MISC]
      • Character [MISC]
      • Delulu [pwn]
      • Tutorial [pwn]
      • Maze [Hardware]
      • TimeKORP [web]
  • Tools
    • Content Discovery & Form Manipulation
      • ffuf
      • RustScan
      • Feroxbuster
      • Dirsearch
      • Gobuster
      • Wfuzz
      • Webshell
      • websocket
Powered by GitBook
On this page
  • TEARING DOWN the DOMAIN CONTROLLER
  • Function: WeakenPasswordPolicy
  • Function: StrengthenPasswordPolicy

Active Directory Lab Setup - 102

A step-by-step guide for building your very own Cybersecurity Home Lab using VMware Workstation

TEARING DOWN the DOMAIN CONTROLLER

We executed ./gen_ad.ps1 but we dont know the important part of this Powershell Script. Lets look at our ./gen_ad.ps1 a little bit more.

function WeakenPasswordPolicy(){
    secedit /export /cfg C:\Windows\Tasks\secpol.cfg
    (Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0").replace("MinimumPasswordLength = 7", "MinimumPasswordLength = 1") | Out-File C:\Windows\Tasks\secpol.cfg
    secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY
    rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false
}

function StrengthenPasswordPolicy(){
    secedit /export /cfg C:\Windows\Tasks\secpol.cfg
    (Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1").replace("MinimumPasswordLength = 1", "MinimumPasswordLength = 7") | Out-File C:\Windows\Tasks\secpol.cfg
    secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY
    rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false
}

The provided PowerShell functions WeakenPasswordPolicy and StrengthenPasswordPolicy are designed to modify the local security policy on a Windows machine. These functions specifically adjust the password complexity requirements and minimum password length settings. Here's a detailed explanation of each function:

Function: WeakenPasswordPolicy

The Purpose of this is to weaken the password policy by setting:

  • Password complexity requirement to off (0).

  • Minimum password length to 1 character.

Steps:

  1. Export Current Security Policy:

    powershellCopy codesecedit /export /cfg C:\Windows\Tasks\secpol.cfg

    This command exports the current security policy settings to a configuration file secpol.cfg.

  2. Modify Security Policy Settings:

    powershellCopy code(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0").replace("MinimumPasswordLength = 7", "MinimumPasswordLength = 1") | Out-File C:\Windows\Tasks\secpol.cfg

    This line reads the exported configuration file, replaces the PasswordComplexity setting from 1 (enabled) to 0 (disabled), and changes the MinimumPasswordLength from 7 to 1. The modified content is then written back to secpol.cfg.

  3. Apply Modified Security Policy:

    powershellCopy codesecedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY

    This command applies the modified security policy settings from secpol.cfg to the system.

  4. Remove Temporary Configuration File:

    powershellCopy coderm -force C:\Windows\Tasks\secpol.cfg -confirm:$false

    This line deletes the temporary configuration file secpol.cfg without asking for confirmation.

Function: StrengthenPasswordPolicy

The Purpose to strengthen the password policy by setting:

  • Password complexity requirement to on (1).

  • Minimum password length to 7 characters.

Steps:

  1. Export Current Security Policy:

    powershellCopy codesecedit /export /cfg C:\Windows\Tasks\secpol.cfg

    This command exports the current security policy settings to a configuration file secpol.cfg.

  2. Modify Security Policy Settings:

    powershellCopy code(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1").replace("MinimumPasswordLength = 1", "MinimumPasswordLength = 7") | Out-File C:\Windows\Tasks\secpol.cfg

    This line reads the exported configuration file, replaces the PasswordComplexity setting from 0 (disabled) to 1 (enabled), and changes the MinimumPasswordLength from 1 to 7. The modified content is then written back to secpol.cfg.

  3. Apply Modified Security Policy:

    powershellCopy codesecedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY

    This command applies the modified security policy settings from secpol.cfg to the system.

  4. Remove Temporary Configuration File:

    powershellCopy coderm -force C:\Windows\Tasks\secpol.cfg -confirm:$false

    This line deletes the temporary configuration file secpol.cfg without asking for confirmation.

Summary :

  • WeakenPasswordPolicy reduces security by allowing simpler and shorter passwords.

  • StrengthenPasswordPolicy enhances security by requiring more complex and longer passwords.

Both functions automate the process of exporting, modifying, applying, and cleaning up the local security policy configuration to change password requirements on a Windows system.

PreviousActive Directory Lab Setup - 101NextActive Directory Lab Setup [ AD Enumeration ] - 103

Last updated 3 months ago

Page cover image