Edit Hardcoded Creds

nickvourd · Mar 2, 2024 · ef4c19b · ef4c19b
1 parent 0f95af5
commit ef4c19b
Show file tree

Hide file tree

Showing 8 changed files with 109 additions and 16 deletions.
diff --git a/Lab-Setup-Binary/Checksum-Binaries.txt b/Lab-Setup-Binary/Checksum-Binaries.txt
@@ -1,6 +1,7 @@
-Monitor_AMD64.exe   D7CD130E242A2CEFCC33A8F8529DDDA7
-NCV_AMD64.exe       21A208E615C77D2CA3B2C16C86851A0F
-Service 1.exe       AD78384BB3D30A47E32B7080D24B332C
-Service2.exe        936D5F332168C263C1B43DCF24350438
-Service3.exe        9883769C732076059739DC1F11B91155
-Service4.exe        867A96D7C60FD18109B717E20A416531
+Monitor_AMD64.exe   	D7CD130E242A2CEFCC33A8F8529DDDA7
+NCV_AMD64.exe       	21A208E615C77D2CA3B2C16C86851A0F
+Service 1.exe       	AD78384BB3D30A47E32B7080D24B332C
+Service2.exe        	936D5F332168C263C1B43DCF24350438
+Service3.exe        	9883769C732076059739DC1F11B91155
+Service4.exe        	867A96D7C60FD18109B717E20A416531
+CustomDotNetApp.exe 	9E7CF367A5550FDCA2665D91064D6111
diff --git a/Lab-Setup-Binary/CustomDotNetApp.exe b/Lab-Setup-Binary/CustomDotNetApp.exe
diff --git a/Lab-Setup-Source-Code/CustomDotNetApp.cs b/Lab-Setup-Source-Code/CustomDotNetApp.cs
@@ -1,15 +1,20 @@
 using System;
-using System.Diagnostics;
 using System.IO;
+using System.ServiceProcess;
 
 namespace CustomDotNetApp
 {
-    class Program
+    public partial class Service1 : ServiceBase
     {
-        static void Main(string[] args)
+        public Service1()
         {
-            string username;
-            string password;
+            InitializeComponent();
+        }
+
+        protected override void OnStart(string[] args)
+        {
+            string username = "Adminstrator"; // Set your username
+            string password = "Asa31904#!"; // Set your password
 
             // Check if the provided credentials are correct
             if (Authenticate(username, password))
@@ -20,8 +25,8 @@ static void Main(string[] args)
 
                 using (StreamWriter writer = new StreamWriter(outputFile))
                 {
-                    Process[] processes = Process.GetProcesses();
-                    foreach (Process process in processes)
+                    System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcesses();
+                    foreach (System.Diagnostics.Process process in processes)
                     {
                         writer.WriteLine($"Process Name: {process.ProcessName}, PID: {process.Id}, Memory: {process.WorkingSet64} bytes");
                     }
@@ -36,10 +41,15 @@ static void Main(string[] args)
             }
         }
 
-        static bool Authenticate(string username, string password)
+        protected override void OnStop()
+        {
+            // Clean up any resources if needed
+        }
+
+        private bool Authenticate(string username, string password)
         {
             // Hardcoded authentication (for demonstration purposes only)
-            if (username == "admin" && password == "password123")
+            if (username == "Adminstrator" && password == "Asa31904#!")
             {
                 return true;
             }

diff --git a/Lab-Setup-Source-Code/CustomJavaApp.java b/Lab-Setup-Source-Code/CustomJavaApp.java
@@ -31,6 +31,6 @@ public static void main(String[] args) {
 
     static boolean authenticate(String username, String password) {
         // Hardcoded authentication (for demonstration purposes only)
-        return username.equals("admin") && password.equals("password123");
+        return username.equals("Administrator") && password.equals("Asa31904#!");
     }
 }
diff --git a/Lab-Setup-Source-Code/ProjectInstaller.CustomDotNetApp.Designer.cs b/Lab-Setup-Source-Code/ProjectInstaller.CustomDotNetApp.Designer.cs
diff --git a/Notes/LeakedCredentialsHardcodedCredentials.md b/Notes/LeakedCredentialsHardcodedCredentials.md
@@ -24,3 +24,25 @@ An adversary can leverage hardcoded credentials to escalate to elevated privileg
 ### Manual Lab Setup (.NET App)
 
 :warning: <b>If you are using Windows 10/11 to proceed with this scenario, the local Administrator account needs to be enabled. I have created a PowerShell script named [EnableLocalAdmin.ps1](/Lab-Setup-Scripts/EnableLocalAdmin.ps1), designed to enable the local Administrator account and set a password. Please run this script with elevated privileges.</b>
+
+1)  Open a PowerShell with local Administrator privileges and run the following command to create a new folder:
+
+```
+mkdir "C:\Program Files\CustomDotNetApp\"
+```
+
+2) Download the file [CustomDotNetApp.exe](/Lab-Setup-Binary/CustomDotNetApp.exe) to the 'C:\Program Files\CustomDotNetApp' directory.
+
+3) Install the new Service:
+
+```
+New-Service -Name "Custom Dot Net Service" -BinaryPathName "C:\Program Files\CustomDotNetApp\CustomDotNetApp.exe" -DisplayName "Custom .NET Service" -Description "My Custom .NET Service" -StartupType Automatic
+```
+
+Outcome:
+
+![Hardcoded-Creds-Manual-Lab-Set-Up-DotNetApp](/Pictures/Hardcoded-Creds-Manual-Lab-Set-Up-DotNetApp.png)
+
+4) Verify the new service (services.msc):
+
+![Hardcoded-Creds-Manual-Lab-Set-Up-DotNetApp-Verify-Service](/Pictures/Hardcoded-Creds-Manual-Lab-Set-Up-DotNetApp-2.png)
diff --git a/Pictures/Hardcoded-Creds-Manual-Lab-Set-Up-DotNetApp-2.png b/Pictures/Hardcoded-Creds-Manual-Lab-Set-Up-DotNetApp-2.png
diff --git a/Pictures/Hardcoded-Creds-Manual-Lab-Set-Up-DotNetApp.png b/Pictures/Hardcoded-Creds-Manual-Lab-Set-Up-DotNetApp.png