---
tags: ccdc
---
# Windows Server 2003
> Note: Everything is strategically orchestrated in this document. Do not skip lines or start later portions first.
### *Hold up before you continue!!!
It took me (Rayce) until the second day of the competition to block ports on our Windows Server 2003 images in ALCCDC. The images were using Server 2003 images created before Service Pack 1 (SP1) or Service Pack (SP2). These images do not have `firewall.cpl`, but it does have Internet Connection Firewall (ICF). Reach out to Ty or Rayce to find out how to access ICF in our club infrastructure and also check out this link:
https://www.hivelocity.net/kb/how-to-enable-the-firewall-in-windows-server-2003/
Also, one of our DNS servers did not have an active Server 2003 license, therefore could not be administered in the GUI at the beginning of the competition. There are two ways to fix this issue:
1. Bypass the activation: https://youtu.be/5xk3CuxExtQ (there are other methods)
a. Once you have access to cmd, remove the activation requirement:
https://ait-professional.blogspot.com/2014/09/remove-windows-server-2003-activation.html
3. Find a Valid Server 2003 key on the internet.
In order to backup your DNS configuration and restore it without any downtime, I encourage the valid strategies above.
## Securing 10.11.11.25 - Eden7 - TCP/80
**Disconnect the network interface first!!!**
### Initial Scripts
> Running the first command will close all inbound ports
As soon as you are in the environment, run the following in an administrator command prompt:
```
firewall.cpl # Enable firewall service and close afterwards
netsh firewall reset
netsh firewall add portopening TCP 80 "HTTP IN"
```
Changing all user's password.
```
set pwd=”<PASSWORD>” & cls
start /wait notepad cup.bat & cup.bat
```
**cup.bat script:**
```batch=
@echo off
for /f %%i in ('wmic useraccount get name ^| findstr /r /v /i "^$ Name"') do net user %%i %pwd%
set "pwd="
net user administrator *
net user jwong /add *
net localgroup administrators jwong /add
exit
```
>Note: It absolutely **essential** that you change the IUSR password to the password set in `pwd` in the server manager.
> This service will remain offline until it is changed as this is the user required for anonymous authentication.
**Reconnect Network Interface!!**
```
type %windir%\repair\secsetup.inf | findstr /v "__Members" >> default.inf
secedit /configure /db leedles.sdb /cfg default.inf
```
After running the above commands, enable ICMP by going to the advanced tab in `firewall.cpl`
### Backup and Investigate HTTP Directory
>For IIS Configurations, the default directory is in `C:\inetpub\wwwroot`
Backups can be made by highlighting essential files, right clicking, and sending to a zip file.
>Note: Send archives to the desktop to prevent Red-Team access using the IIS User's anonymous access.
Investigate the contents of suspicous files (files without extensions, txt or csv's, etc)
### Backing Up DNS Records for Ty, Wes, and whoever manages a DNS server as well.
Run the following an administrative command prompt:
```
xcopy /e /i %windir%\System32\dns %windir%\conf
```
> Please take local screenshots of the zones. If these zones disappear at any moment, we will lose points on DNS checks.
## Securing 10.11.11.35 - Earth - TCP/21 (Rayce)
### Initial Scripts
**Disconnect the network interface first!!!**
### Initial Scripts
> Running the first command will close all inbound ports
As soon as you are in the environment, run the following in an administrator command prompt:
```
firewall.cpl # Enable firewall service and close afterwards
netsh firewall reset
netsh firewall add portopening TCP 80 "HTTP IN"
```
>Enable FTP Server rule under advanced > Local Area Connection > Settings... > Services
Changing all user's password.
```
set pwd=”<PASSWORD>” & cls
start /wait notepad cup.bat & cup.bat
```
**cup.bat script:**
```shell=
@echo off
for /f %%i in ('wmic useraccount get name ^| findstr /r /v /i "^$ Name"') do net user %%i %pwd%
set "pwd="
net user administrator *
net user jwong /add *
net localgroup administrators jwong /add
exit
```
>Note: It absolutely **essential** that you change the IUSR password to the password set in `pwd` in the server manager.
> This service will remain offline until it is changed as this is the user required for anonymous authentication.
**Reconnect Network Interface!!**
```
type %windir%\repair\secsetup.inf | findstr /v "__Members" >> default.inf
secedit /configure /db leedles.sdb /cfg default.inf
```
After running the above commands, enable ICMP by going to the advanced tab in `firewall.cpl`
### Backup and Investigate HTTP Directory
>For IIS Configurations, the default directory is in `C:\inetpub\wwwroot`
Backups can be made by highlighting essential files, right clicking, and sending to a zip file.
>Note: Send archives to the desktop to prevent Red-Team access using the IIS User's anonymous access.
Investigate the contents of suspicous files (files without extensions, txt or csv's, etc)
Sign in with Wallet
Connect another wallet