1
00:00:00,570 --> 00:00:07,170
Hi, within this lecture, we're going to deep dive into the windows commands and we need to know what

2
00:00:07,170 --> 00:00:12,960
kind of comments should we run in order to gather information before we try and escalate our privilege

3
00:00:13,320 --> 00:00:15,690
in a given Windows machine.

4
00:00:15,870 --> 00:00:18,120
OK, so we hacked into the machine.

5
00:00:18,480 --> 00:00:22,340
We are inside of the wall right now and we have an interpretation.

6
00:00:22,800 --> 00:00:26,610
As I said before, there are different types of commands.

7
00:00:26,610 --> 00:00:32,520
Are there different kinds of things to do when you have an interpreter session or when you don't have

8
00:00:32,520 --> 00:00:32,860
one?

9
00:00:33,060 --> 00:00:35,750
And we're going to actually see both of them.

10
00:00:35,940 --> 00:00:38,320
So don't worry about it, OK?

11
00:00:38,640 --> 00:00:41,840
So this is going to be exactly like the Linux version.

12
00:00:42,180 --> 00:00:44,190
So we're going to start with a less or.

13
00:00:45,090 --> 00:00:53,130
So if you remember Diyar or else gives you the same result, it gives you the actually available files

14
00:00:53,130 --> 00:00:53,850
and folders.

15
00:00:54,000 --> 00:01:01,710
And the reason why I am able to run this is less on a Windows machine is because, I mean, I'm interpretational,

16
00:01:02,010 --> 00:01:02,610
OK?

17
00:01:03,570 --> 00:01:08,550
Because this isn't a command defined in the Windows operating system.

18
00:01:08,910 --> 00:01:18,090
We are typing Ellas in Interpretor and it translated into D-R R and now it shows us the available files

19
00:01:18,090 --> 00:01:18,810
and folders.

20
00:01:19,170 --> 00:01:23,260
But also you can run dear in the interpretation section as well.

21
00:01:23,400 --> 00:01:25,940
OK, so it supports both of them.

22
00:01:26,100 --> 00:01:29,130
So if we're on there it gives us the same format.

23
00:01:29,640 --> 00:01:37,720
But I believe it's a good practice to exercise this in the actual Windows Shell as well.

24
00:01:38,070 --> 00:01:43,980
So remember, any time you want to go into a window shell, you can just write Shell and you will be

25
00:01:43,980 --> 00:01:47,310
presented with a C over here like a Windows shell.

26
00:01:47,520 --> 00:01:52,710
And if you're on exit, it will get back to the interpretational over here.

27
00:01:53,070 --> 00:02:01,980
So bear in mind that because there are advantages of having them interpretational, but also there advantages

28
00:02:02,010 --> 00:02:03,890
of having a windows shell as well.

29
00:02:03,900 --> 00:02:06,860
So I believe it's best to have both.

30
00:02:07,320 --> 00:02:13,740
But if you're stuck with one, then you're going to know what to do as well after completing this lecture.

31
00:02:14,460 --> 00:02:20,580
So far, so good over here after, of course, we see the available files or folders.

32
00:02:21,060 --> 00:02:26,550
We need to actually go for the other commands like we did in the limbic section.

33
00:02:27,180 --> 00:02:34,000
We need to understand what kind of users are there and what kind of permissions we have.

34
00:02:34,410 --> 00:02:36,420
So you can't run since info.

35
00:02:36,960 --> 00:02:42,420
You're to get some kind of a summary of the target machine over here.

36
00:02:42,630 --> 00:02:45,930
And this info shows us this is Windows seven.

37
00:02:46,440 --> 00:02:53,790
And if you go to Shell and you run system for, you will see that this is not a building command.

38
00:02:54,810 --> 00:02:57,330
And for some reason, we lost our connection.

39
00:02:57,330 --> 00:03:02,640
I believe this is not related to ceasing for comment that I have executed over here.

40
00:03:02,790 --> 00:03:05,600
So I'm going to come out of this one.

41
00:03:06,000 --> 00:03:10,800
OK, let me try to see your options.

42
00:03:11,100 --> 00:03:11,700
Here we go.

43
00:03:11,700 --> 00:03:13,560
We have the output Hidalgo's.

44
00:03:13,740 --> 00:03:20,220
So I'm going to run explode one more time and I'm going to run my HP file on that server.

45
00:03:20,580 --> 00:03:23,910
Remember, this is how we got the shell in the first place.

46
00:03:24,090 --> 00:03:30,110
Now I have a station too, so I'm going to just go into the station to Sessions L.

47
00:03:30,120 --> 00:03:30,950
Yeah, here you go.

48
00:03:30,960 --> 00:03:37,230
This is Section two and yeah, for some reason I cannot go into that.

49
00:03:37,230 --> 00:03:38,820
Let me try with sections too.

50
00:03:38,820 --> 00:03:39,060
Yeah.

51
00:03:39,060 --> 00:03:39,660
Here you go.

52
00:03:40,800 --> 00:03:44,520
So I'm in the back in the interpreter section.

53
00:03:44,520 --> 00:03:51,990
So if I say shout now if I say system in rather than siccing four in a windows shell as you can see

54
00:03:51,990 --> 00:03:56,310
I get the same description but in a much more comprehensive way.

55
00:03:56,610 --> 00:04:04,380
So since info in interpretor ok somehow we couso system info in windows but system info is actually

56
00:04:04,380 --> 00:04:06,660
greater, is actually more comprehensive.

57
00:04:06,660 --> 00:04:11,820
As you can see, you get much more details, routing system info in a Windows show.

58
00:04:12,210 --> 00:04:18,840
So over here, use the operating system name operating system version and registered owner.

59
00:04:18,850 --> 00:04:26,580
So Bubby's seems to be our owner or in this case and over here we have the VMware kind of thing because

60
00:04:26,580 --> 00:04:27,780
it's a virtual machine.

61
00:04:28,080 --> 00:04:30,300
So Windows directory, this is important.

62
00:04:30,300 --> 00:04:34,470
So it's generally in the C Windows and the system directory.

63
00:04:34,470 --> 00:04:35,580
Again, it's important.

64
00:04:35,580 --> 00:04:37,350
It's generally in the C Windows system.

65
00:04:37,350 --> 00:04:38,010
Thirty two.

66
00:04:38,370 --> 00:04:41,190
However, it's nice to see it over here.

67
00:04:41,430 --> 00:04:42,710
So system local.

68
00:04:42,720 --> 00:04:44,340
It's Greek in this case.

69
00:04:44,850 --> 00:04:49,170
And the time zone, it's in Athens or Istanbul.

70
00:04:49,680 --> 00:04:52,710
So over here we have the physical memory.

71
00:04:52,710 --> 00:04:56,430
I believe this is just one gig separate.

72
00:04:56,430 --> 00:04:59,910
The fourth is only for this machine and over here.

73
00:04:59,960 --> 00:05:02,480
We have the virtual memory or something like that.

74
00:05:02,630 --> 00:05:08,360
These are not very important at this point, but again, we get a lot of information just by running

75
00:05:08,360 --> 00:05:10,910
system info on a given Windows show.

76
00:05:11,320 --> 00:05:17,030
OK, so bear in mind that this is one of the first things that you should do when you hack into a Windows

77
00:05:17,030 --> 00:05:17,430
show.

78
00:05:18,170 --> 00:05:26,780
So, again, we can come back and run some things in the interpreter and there are some things in the

79
00:05:26,780 --> 00:05:28,720
sea in the Windows Show.

80
00:05:29,210 --> 00:05:34,480
But as you can see there, they have both advantages situations.

81
00:05:34,910 --> 00:05:36,940
Of course, it's good to have an interpreter.

82
00:05:36,950 --> 00:05:40,720
We can do something like migration from one service the other.

83
00:05:41,720 --> 00:05:44,450
But in Windows Shell, we can do stuff like this.

84
00:05:44,450 --> 00:05:45,890
We can just run hostname.

85
00:05:46,250 --> 00:05:48,500
We can see it's the devil.

86
00:05:48,530 --> 00:05:51,330
OK, is generally not that important.

87
00:05:51,350 --> 00:05:53,900
But again, why not?

88
00:05:54,260 --> 00:05:57,650
So if I wear my we already see that.

89
00:05:58,070 --> 00:06:00,770
I believe we have seen this in the previous picture.

90
00:06:00,770 --> 00:06:03,770
We are something called is Apple.

91
00:06:04,040 --> 00:06:07,700
And we're going to see what kind of things that we can do.

92
00:06:07,700 --> 00:06:16,390
As an example, we don't have etsi password or etsi shadow over here, but we can run away my prayer.

93
00:06:16,640 --> 00:06:18,650
OK, pre-existence for privilege.

94
00:06:19,250 --> 00:06:22,330
And over here we can see the privilege, privileged information.

95
00:06:22,910 --> 00:06:27,230
So in this privileged information, it's very important table actually.

96
00:06:27,230 --> 00:06:30,680
And we're going to leverage this a lot during the section.

97
00:06:31,310 --> 00:06:34,760
We have the privilege names in the first column.

98
00:06:35,180 --> 00:06:40,790
And as you can see, this is, for example, Primary Tolkan privilege, OK, in the right hands.

99
00:06:40,790 --> 00:06:42,290
You can see the description.

100
00:06:42,290 --> 00:06:49,160
And in the States column you can see either we can do this, either we can have this, either we have

101
00:06:49,160 --> 00:06:50,270
this permission or not.

102
00:06:50,930 --> 00:06:55,100
OK, for example, we don't have permission that shuts down the system.

103
00:06:55,490 --> 00:06:58,670
We don't have a permission that generates a security audit.

104
00:06:59,240 --> 00:07:04,880
But yeah, we don't have the remote remove computer from a docking station.

105
00:07:04,880 --> 00:07:08,810
But we have something called bypass reverse checking.

106
00:07:09,050 --> 00:07:13,880
We have impersonate a client after authentication, which is very important.

107
00:07:14,690 --> 00:07:16,820
We going to see it in the potato attacks.

108
00:07:17,450 --> 00:07:24,740
So impersonate privilege and we get to have like I create a global object enabled over here.

109
00:07:25,070 --> 00:07:29,900
We cannot change the time zone, apparently, which is not a big thing.

110
00:07:30,410 --> 00:07:35,180
But anyhow, this table is very important that you should take in all of this.

111
00:07:35,180 --> 00:07:43,080
Who am I think you if you're unseals, it should clear the actual session in a given command prompt

112
00:07:43,100 --> 00:07:48,560
in Windows, its equivalent of clear in Linux, but I believe it doesn't work over here.

113
00:07:49,250 --> 00:07:58,460
So if you run who in my group groups, I mean, you can see the available groups or what kind of groups

114
00:07:58,460 --> 00:08:02,510
are we in or what kind of groups do we belong over here?

115
00:08:03,560 --> 00:08:08,330
And you can see the other groups here as well, apparently.

116
00:08:08,330 --> 00:08:09,080
Let's see.

117
00:08:09,290 --> 00:08:10,480
We have them.

118
00:08:10,550 --> 00:08:12,700
Everyone over here, for example.

119
00:08:12,710 --> 00:08:15,380
Yeah, everyone belongs to does everyone group.

120
00:08:15,980 --> 00:08:17,780
So built in users.

121
00:08:17,990 --> 00:08:27,650
OK, so enables group over here we have the anti-austerity service authority actually stands for the

122
00:08:27,650 --> 00:08:28,820
administrator group.

123
00:08:28,820 --> 00:08:34,880
But in this case I believe this is the alternative service and this is authority authenticated the user

124
00:08:35,150 --> 00:08:37,880
and this is a charity organization.

125
00:08:37,880 --> 00:08:42,830
So we are not an administrator user right now.

126
00:08:42,830 --> 00:08:46,040
We want to be and we can see how it's done.

127
00:08:46,040 --> 00:08:52,040
Don't worry, we're just gathering information in this point, OK, like we did in the Linux section.

128
00:08:53,000 --> 00:08:57,770
So this was all concerning our current user.

129
00:08:57,770 --> 00:09:00,430
We have all run this with who am I?

130
00:09:00,890 --> 00:09:04,040
OK, so rather than where am I?

131
00:09:04,040 --> 00:09:11,930
We can just go for some other users if we actually see some of the users and we have seen it by going

132
00:09:11,930 --> 00:09:20,510
into the users folder before, OK, we can run that user to see the other users as well.

133
00:09:20,510 --> 00:09:24,020
Like we only see the administrator Babis over here.

134
00:09:24,530 --> 00:09:30,980
So if we are a net user, we can see at least the administrator, hopefully.

135
00:09:31,310 --> 00:09:37,310
And if you want to gather and information about a specific user, you can run this net user, Babis,

136
00:09:37,310 --> 00:09:38,180
for example.

137
00:09:38,450 --> 00:09:41,570
So Ababa's is just the user in this machine.

138
00:09:41,570 --> 00:09:43,970
It can be any user, as you can see.

139
00:09:43,970 --> 00:09:46,460
We can see that account is active.

140
00:09:46,460 --> 00:09:48,290
We can never expires.

141
00:09:48,620 --> 00:09:50,720
Password never expires.

142
00:09:51,110 --> 00:09:52,520
So here you go.

143
00:09:52,520 --> 00:09:57,170
So you're gathering information about administrator user over here.

144
00:09:57,560 --> 00:09:59,900
Of course, at this point, we don't even.

145
00:09:59,900 --> 00:10:05,930
So if this information is going to do anything for us for the privilege of escalation, but again,

146
00:10:05,930 --> 00:10:11,930
we are practicing the command prompt over here and we are trying to gather information about the system

147
00:10:11,930 --> 00:10:15,250
that we are in, we can do this as well.

148
00:10:15,500 --> 00:10:17,240
That user administrator.

149
00:10:17,480 --> 00:10:21,170
So administrator is the new route is the route for the windows.

150
00:10:21,200 --> 00:10:23,590
OK, so get used to that term.

151
00:10:23,960 --> 00:10:27,850
And here we have the user commands.

152
00:10:27,860 --> 00:10:29,270
We don't have a user command.

153
00:10:29,270 --> 00:10:31,310
We have a counteractive.

154
00:10:31,310 --> 00:10:32,840
Yes, it never expiries.

155
00:10:32,840 --> 00:10:34,390
Password never expires.

156
00:10:34,700 --> 00:10:38,150
So it's kind of the same with the Babis.

157
00:10:38,480 --> 00:10:42,810
But over here, this is the default administrator user.

158
00:10:43,070 --> 00:10:45,620
OK, this is the administrator itself.

159
00:10:46,250 --> 00:10:47,000
Over here.

160
00:10:47,000 --> 00:10:51,590
We can run it config, IP config rather than if config.

161
00:10:51,890 --> 00:10:54,860
So it gives us the current IP situation.

162
00:10:54,860 --> 00:11:01,220
As you can see, we have 10, ten, five over here and we have the default gateway is ten, ten, ten,

163
00:11:01,220 --> 00:11:01,760
two.

164
00:11:02,270 --> 00:11:08,630
So if you want, you can check for the AARP tables over here as well with AARP Desha.

165
00:11:08,900 --> 00:11:15,530
And you can see if we have anything connected to our network or anything that we are currently interacting

166
00:11:15,530 --> 00:11:15,760
in.

167
00:11:16,040 --> 00:11:20,490
So this is basically the IP and Mac address matching over here.

168
00:11:21,410 --> 00:11:24,860
So does network information gathering.

169
00:11:25,610 --> 00:11:29,990
Most of the time it gets overlooked, but it's actually very important.

170
00:11:30,320 --> 00:11:34,790
Maybe we don't have only one network in the system that we hacked.

171
00:11:35,060 --> 00:11:42,200
May be there is a chance to pivot to into another network and there is much more information over there

172
00:11:42,440 --> 00:11:47,330
or there is a very big vulnerability that we didn't even discover yet.

173
00:11:47,600 --> 00:11:56,330
So it's always a good idea to check for the network information and configure IP config.

174
00:11:56,330 --> 00:12:02,210
And RPA isn't the aren't the only options that you have over here.

175
00:12:02,210 --> 00:12:10,430
You can try to run that site in order to track the connections coming in and going out in order to understand

176
00:12:10,430 --> 00:12:17,510
what kind of services are communicating with or do we have any kind of permanent connection to somewhere

177
00:12:17,510 --> 00:12:17,840
else.

178
00:12:18,510 --> 00:12:26,540
You can always try route and OK, so I believe we have to run route print in this case.

179
00:12:26,540 --> 00:12:27,230
Route print.

180
00:12:27,230 --> 00:12:27,560
Yep.

181
00:12:27,560 --> 00:12:28,210
Here you go.

182
00:12:28,700 --> 00:12:34,640
So as you can see, the route print gives us the current through the network destinations and in that

183
00:12:34,640 --> 00:12:35,120
mask's.

184
00:12:35,420 --> 00:12:39,650
So we don't have any kind of different networks over here.

185
00:12:39,650 --> 00:12:46,850
It's a very simple one computer network and we don't have a complex thing going on.

186
00:12:47,000 --> 00:12:48,500
But again, it's worth a shot.

187
00:12:48,500 --> 00:12:53,000
You can see all the network destinations and that masks and gateways.

188
00:12:53,330 --> 00:12:55,190
Remember what we do over here.

189
00:12:55,190 --> 00:13:01,310
Maybe it won't help us in in any way in the privileged escalation related matters.

190
00:13:01,310 --> 00:13:07,760
But again, there is no one way to go for it when it comes to privacy escalation.

191
00:13:07,970 --> 00:13:12,260
So we have to take everything into consideration when we do this stuff.

192
00:13:12,920 --> 00:13:20,300
So after that, after our footprint, maybe we can continue with network information gathering.

193
00:13:20,570 --> 00:13:22,700
We have covered users, right?

194
00:13:22,700 --> 00:13:28,930
We have covered the basics and now we're covering the network and then we can just run.

195
00:13:28,930 --> 00:13:29,970
And that's that.

196
00:13:30,140 --> 00:13:31,610
That's a and.

197
00:13:31,610 --> 00:13:33,940
Oh, so that's that dash.

198
00:13:34,030 --> 00:13:41,780
And oh, in order to see what kind of connections are we having over here, like TCP passwords.

199
00:13:42,630 --> 00:13:49,190
And there are some interesting things over here, like we have seen some of the ports over there, like

200
00:13:49,610 --> 00:13:57,350
as you can see there are a lot of ports on listening state and within that we have only seen twenty

201
00:13:57,350 --> 00:13:59,270
one and eighty ports, I believe.

202
00:13:59,510 --> 00:14:07,280
So we have something like over here like one three five four four five five five seven.

203
00:14:07,300 --> 00:14:09,110
So we haven't even seen them.

204
00:14:09,530 --> 00:14:12,380
So maybe there are other services over here.

205
00:14:12,740 --> 00:14:14,570
They are vulnerable or not.

206
00:14:14,570 --> 00:14:17,220
I don't know, but it can be helpful.

207
00:14:17,570 --> 00:14:25,580
OK, so nienstedt that you know, again, it's very important thing in order to keep your keep in mind.

208
00:14:25,850 --> 00:14:32,360
So you better take note about this as well and see some other information regarding to your current

209
00:14:32,360 --> 00:14:39,080
server, because if you're doing a pentathlete, maybe you should put that into your report as well.

210
00:14:39,080 --> 00:14:43,880
Maybe there is another vulnerability that hasn't been discovered yet by you.

211
00:14:44,270 --> 00:14:47,030
OK, so you don't want to overlook this.

212
00:14:47,720 --> 00:14:56,420
So over here we have the TCP connections and we see some other ports and so far so good.

213
00:14:56,630 --> 00:14:59,750
I don't think it will be helpful for the privilege escalation.

214
00:15:00,090 --> 00:15:01,630
But again, why not?

215
00:15:02,100 --> 00:15:10,500
So over here, we can run the find comment, as we did in the Linux section, remember, we have tried

216
00:15:10,500 --> 00:15:16,470
to find the passwords and in the Windows, we can do this with fine string as well, fine d'astier.

217
00:15:16,890 --> 00:15:19,220
And the syntax goes like this.

218
00:15:19,230 --> 00:15:29,700
So if you just write Slash Essi and password, for example, and for the extension you can write Stardate

219
00:15:30,330 --> 00:15:39,510
means that anything with that extension, OK, anything, any file name with that extension, of course,

220
00:15:39,870 --> 00:15:47,310
maybe text is not the only extension that we are interested in, but for right now just assume it is.

221
00:15:47,490 --> 00:15:55,590
If we run this, nothing comes back OK, because it tries to find it in this system.

222
00:15:56,010 --> 00:15:57,200
I know that's over here.

223
00:15:57,210 --> 00:16:03,910
So let me try to do that in the system 32 and see if we get something back.

224
00:16:04,620 --> 00:16:05,490
Here you go.

225
00:16:05,490 --> 00:16:06,780
Now it's running.

226
00:16:06,780 --> 00:16:08,760
I believe we're going to get something back.

227
00:16:09,060 --> 00:16:09,620
Here you go.

228
00:16:09,630 --> 00:16:13,500
We have a lot of information over here, like please enter your password.

229
00:16:13,530 --> 00:16:14,940
These are not very helpful.

230
00:16:15,240 --> 00:16:18,570
But again, remember what I said in the Linux section.

231
00:16:19,230 --> 00:16:25,200
OK, it's very important for us to try this, even though we get something like, please enter your

232
00:16:25,200 --> 00:16:27,810
password and hash tables.

233
00:16:28,020 --> 00:16:31,380
But it's not very helpful for us in this case.

234
00:16:31,740 --> 00:16:39,290
But people tend to actually store their passwords in plain old text like text files.

235
00:16:39,630 --> 00:16:45,120
So if you find one, then you can just escalate your privilege.

236
00:16:45,120 --> 00:16:49,620
You can just pivot into something else, maybe work your way up there.

237
00:16:50,370 --> 00:16:57,390
So another thing you should consider over here is to just search for the password one more time, but

238
00:16:57,390 --> 00:16:59,160
for the IRONI files.

239
00:16:59,580 --> 00:17:07,410
So there is nothing in this case, but it can be a case where a password you saved in a file as well,

240
00:17:07,770 --> 00:17:09,540
maybe an example file.

241
00:17:09,780 --> 00:17:18,060
OK, so some software can keep logs in the example files and you can try to find it as well.

242
00:17:18,420 --> 00:17:22,260
Maybe let me just run this like that.

243
00:17:22,500 --> 00:17:23,750
OK, and here you go.

244
00:17:24,300 --> 00:17:29,970
We have a lot of things in regarding to example over here.

245
00:17:29,970 --> 00:17:33,660
Maybe we can try to find something within this mess.

246
00:17:33,840 --> 00:17:38,210
As you can see, a lot of information, but again, it's worth a shot.

247
00:17:38,730 --> 00:17:43,580
So, Texte Ironi, an example, searching for passwords.

248
00:17:44,160 --> 00:17:47,790
So maybe it's logged in an example file or something like that.

249
00:17:47,790 --> 00:17:52,980
You can find a good password that you can use for maybe an NSA connection.

250
00:17:52,980 --> 00:17:53,530
I don't know.

251
00:17:54,570 --> 00:17:59,820
Last but not least, I believe we should learn about the SC queries.

252
00:18:00,180 --> 00:18:05,900
So this is for understanding the status of the services that runs in Windows.

253
00:18:06,090 --> 00:18:12,630
For example, we can run a C query wind event so we can defend stands for the Windows Defender.

254
00:18:12,630 --> 00:18:19,080
And you know, this is like a protection mechanism or antivirus mechanism that is embedded in the windows

255
00:18:19,080 --> 00:18:19,620
itself.

256
00:18:19,770 --> 00:18:27,960
And as you can see, it's running in the state and you can see if it's running or not because it may

257
00:18:27,960 --> 00:18:36,870
actually affect your strategy of privilege, escalation or inspiriting or in any case, OK, you can

258
00:18:36,870 --> 00:18:45,540
also write security type equals to service and you can just see all the services that is running on

259
00:18:45,540 --> 00:18:47,150
this machine.

260
00:18:47,550 --> 00:18:49,460
And again, this is very important.

261
00:18:49,710 --> 00:18:55,110
OK, for example, Windows search, maybe it's not that important, but security center.

262
00:18:55,620 --> 00:19:01,890
So over here we have the windows and we can see the window and we can see other services here as well.

263
00:19:02,760 --> 00:19:10,770
So as security is again and musts in your notebook, OK, you should take in all of that.

264
00:19:11,790 --> 00:19:15,450
For example, you can see the firewall states over here as well.

265
00:19:15,870 --> 00:19:20,310
Aside from the Windows, Defender Windows has its own firewall.

266
00:19:20,610 --> 00:19:25,980
So maybe we can just try to see it's like Netezza firewall show state.

267
00:19:26,220 --> 00:19:32,100
OK, so it gives us the state of the firewall services over here and over there.

268
00:19:32,100 --> 00:19:39,780
We see the operational mode is enabled by the remote admin mode is disabled so we can gather information

269
00:19:39,780 --> 00:19:42,410
about the firewall that we are currently facing.

270
00:19:43,140 --> 00:19:47,570
So no powers are currently open on all network interfaces.

271
00:19:48,150 --> 00:19:50,270
So here you go.

272
00:19:50,910 --> 00:19:58,620
Yeah, it says that Net S.H. Firewall is deprecated just using that S.H. ad firewall firewall instead

273
00:19:58,770 --> 00:19:59,030
of.

274
00:19:59,510 --> 00:20:06,110
So if you experience a problem at this command, you can just use this as well, apparently so.

275
00:20:06,110 --> 00:20:07,080
Here you go.

276
00:20:07,490 --> 00:20:10,220
Now, this is just for information gathering.

277
00:20:10,220 --> 00:20:15,230
As I said before, now we exercise the command prompt commands a little bit.

278
00:20:15,500 --> 00:20:21,310
Now, let's move on to the other lecture's where we actually experience privileged escalation into about.