Hide your Foot Prints

Simply running traffic on any network is trouble if your working your scans on a enterprise level i suggest you to change your mac address and ip and even hostname .And to use the internet or browse any site that can trace back to you. You could have just about done nothin but certain actions on the internet are considered more hostile from a  security personnel's view.

• Change your IP address and Hostname
• Change your MAC address
• Anonymize 

1.Changing ip and hostname guess you people know atleast that much :P .

2.Changing the mac address

Go to Control Panel\Network and Internet\Network Connections

• select adapter settings
• go to properties of the adapter where the mac is to be altered

• click on configure button below the connect using textbox.
• in the new frame being opened go to the advanced tab
• in the property menu select 'Network Address'
• in the value text box just type about anything and that will become your current mac address
• you'll have to restart the system or the just the adapter is enough for the change

Note: you cannot change the mac address of a WiFi adapter but you can bridge it to a Ethernet port and change its mac address.

3.Anonymize 

 It is necessary that no one traces back to us using anonymizers like TOR keep us safe from being detected. They use onion routing Technology so by the time your in and out of a network they would still be trying to find the region where your getting access from. TOR and other such anonymizers make the net slow due to the levels of encryption each packet uses . but for our purpose that speed is all that is required for transmitting plain text over the network.
other anonymizers are ultrasurf. But still they don't work as good as TOR

TOR : https://torproject.org/download/download

UltraSurf: http://ultrasurf.us/download/u.zip

Target Machine

The First Step to do when one has decided to hack a machine is to understand  its structure. I'll explain you the basic things that i look for when taking over a windows network.

1. IP address
2. Hostname
3. Operating System (OS)
4. Open Ports
5. Connected Devices
6. Network Hierarchy

1&2. IP address and Hostname
IP address If the machine is connected with your system then using an IP scanner you must be able to find the IP of the target system. 

AngryIPscanner : http://www.angryip.org/w/Download

The Hostname comes up along with the IP address.

IF on a shared or if the target machine is a client system under a server this would help you guess the servers name.

3.Operating System

The next would be to use nmap for scanning the target for vulnerabilities 

nmap: http://nmap.org/dist/nmap-6.01-setup.exe

This shows the result of an nmap scan on the IP address 192.168.40.79 using a OS fingerprint scan using the command " nmap -O targetIP ".

now this helps you to categorize your attack strategy now that we know wt OS is running on the system.

4.Open Ports

Using the nmap predefined scan you can scan the states all the ports i suggest you to scan only the common ports since the other could take a lot of time. Using the intense scan option or the command "nmap -p 1-10000 -T4 -A -v targetIP " to scan the ports from 1- 10000.

This scan gives a complete detail on how can the target can be approached for a take over.

5.Connected Devices

It is good to look for connected devices over the network one can easily escalate those privileges. Consider the user using a shared storage then he has to give his credentials to access the storage this can be exploited by sniffing the data over the network.

6. Network Hierarchy

Its best when we know the structure of the network this could help in escalating privileges. Using commands like tracert to trace-route is used to identify the structure of the current model

This allows you to further work on connected modules you can also choose other targets to enhance your range of attack or to gain access to more information repositories.

at command in CMD promt

The AT command schedules commands and programs to run on a computer at

a specified time and date. The Schedule service must be running to use

the AT command.

AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]]

AT [\\computername] time [/INTERACTIVE]

[ /EVERY:date[,...] | /NEXT:date[,...]] "command"

\\computername Specifies a remote computer. Commands are scheduled on the

local computer if this parameter is omitted.

id Is an identification number assigned to a scheduled

command.

/delete Cancels a scheduled command. If id is omitted, all the

scheduled commands on the computer are canceled.

/yes Used with cancel all jobs command when no further

confirmation is desired.

time Specifies the time when command is to run.

/interactive Allows the job to interact with the desktop of the user

who is logged on at the time the job runs.

/every:date[,...] Runs the command on each specified day(s) of the week or

month. If date is omitted, the current day of the month

is assumed.

/next:date[,...] Runs the specified command on the next occurrence of the

day (for example, next Thursday). If date is omitted, the

current day of the month is assumed.

"command" Is the Windows NT command, or batch program to be run.

examples:

to delete all the scheduled tasks

at /delete /yes

to start a process at 6:30 on a remote system

at \\sysname 6:30 /interactive "command_name"

u can also type the system ip instead of sysname

at \\83.0.0.5 6:30 /interactive "calc"

Remote Shutdown windows

To shutdown a system in your network you can use the shutdown command on your command prompt window .

Use the command " shutdown -i " to bring the remote shutdown window .

Or use the following command to shutdown a remote computer

" shutdown -s -f -m [hostname] -t 00 -c [any comment ] "

The help menu for the shutdown option in windows is

Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f]

[/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]]

No args Display help. This is the same as typing /?.

/? Display help. This is the same as not typing any options.

/i Display the graphical user interface (GUI).

This must be the first option.

/l Log off. This cannot be used with /m or /d options.

/s Shutdown the computer.

/r Shutdown and restart the computer.

/g Shutdown and restart the computer. After the system is

rebooted, restart any registered applications.

/a Abort a system shutdown.

This can only be used during the time-out period.

/p Turn off the local computer with no time-out or warning.

Can be used with /d and /f options.

/h Hibernate the local computer.

Can be used with the /f option.

/e Document the reason for an unexpected shutdown of a computer.

/m \\computer Specify the target computer.

/t xxx Set the time-out period before shutdown to xxx seconds.

The valid range is 0-315360000 (10 years), with a default of 30.

If the timeout period is greater than 0, the /f parameter is

implied.

/c "comment" Comment on the reason for the restart or shutdown.

Maximum of 512 characters allowed.

/f Force running applications to close without forewarning users.

The /f parameter is implied when a value greater than 0 is

specified for the /t parameter.

/d [p|u:]xx:yy Provide the reason for the restart or shutdown.

p indicates that the restart or shutdown is planned.

u indicates that the reason is user defined.

If neither p nor u is specified the restart or shutdown is

unplanned.

xx is the major reason number (positive integer less than 256).

yy is the minor reason number (positive integer less than 65536).