Prerequisites for Windows nodes
To connect to a Windows node, you can choose between the SSH and WinRM protocols, each of which may require prior setup.
Note: If you can choose, we advise you to go for SSH, which offers better connection stability than WinRM for long-running (several hours) scripts.
Install Powershell >= 7.2
CTFreak requires a recent version of powershell to correctly retrieve log content (especially error outputs).
For a connection via SSH
Enable the built-in SSH server
As a reminder, Windows (since version 10) includes an optional SSH server.
Don’t forget to enable it so that CTFreak can connect to it.
Use Powershell >= 7.2 as the default shell for SSH connections
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell `
-Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force
Use Unicode UTF-8 for worldwide language support
Go to: Settings > Time & Language > Language & region > Administrative language settings > Administrative tab > Change system locale button
Enable “Beta:Use Unicode UTF-8 for worldwide language support.”
For a connection via WinRM
Regarding the WinRM protocol, CTFreak supports BASIC and NTLM authentication methods, and only via HTTPS.
Here’s an example of how to configure a suitable Windows node with a self-signed certificate:
# Start WinRM service
Enable-PSRemoting -Force
winrm set winrm/config/service '@{AllowUnencrypted="false"}'
# Enable BASIC authentication methods (NTLM should already be enabled).
winrm set winrm/config/service/auth '@{Basic="true"}'
# Create self-signed certificate valid for 1 year (for HTTPS connections to WinRM)
$certParams = @{
CertStoreLocation = 'Cert:\LocalMachine\My'
DnsName = $env:COMPUTERNAME
NotAfter = (Get-Date).AddYears(1)
Provider = 'Microsoft Software Key Storage Provider'
Subject = "CN=$env:COMPUTERNAME"
}
$cert = New-SelfSignedCertificate @certParams
# Create HTTPS listener
$httpsParams = @{
ResourceURI = 'winrm/config/listener'
SelectorSet = @{
Transport = "HTTPS"
Address = "*"
}
ValueSet = @{
CertificateThumbprint = $cert.Thumbprint
Enabled = $true
}
}
New-WSManInstance @httpsParams
# Opens HTTPS listener port 5986 for all profiles
$firewallParams = @{
Action = 'Allow'
Description = 'Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]'
Direction = 'Inbound'
DisplayName = 'Windows Remote Management (HTTPS-In)'
LocalPort = 5986
Profile = 'Any'
Protocol = 'TCP'
}
New-NetFirewallRule @firewallParams
# Check HTTPS listener creation
winrm enumerate winrm/config/Listener