Prerequisites for Windows nodes

To connect to a Windows node, you can choose between the SSH and WinRM protocols, each of which may require prior setup.

Note: If you can choose, we advise you to go for SSH, which offers better connection stability than WinRM for long-running (several hours) scripts.

Install Powershell >= 7.2

CTFreak requires a recent version of powershell to correctly retrieve log content (especially error outputs).

For a connection via SSH

Enable the built-in SSH server

As a reminder, Windows (since version 10) includes an optional SSH server.

Don’t forget to enable it so that CTFreak can connect to it.

Use Powershell >= 7.2 as the default shell for SSH connections

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell `
-Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force

Use Unicode UTF-8 for worldwide language support

Go to: Settings > Time & Language > Language & region > Administrative language settings > Administrative tab > Change system locale button

Enable “Beta:Use Unicode UTF-8 for worldwide language support.”

For a connection via WinRM

Regarding the WinRM protocol, CTFreak supports BASIC and NTLM authentication methods, and only via HTTPS.

Here’s an example of how to configure a suitable Windows node with a self-signed certificate:

# Start WinRM service
Enable-PSRemoting -Force
winrm set winrm/config/service '@{AllowUnencrypted="false"}'

# Enable BASIC authentication methods (NTLM should already be enabled).
winrm set winrm/config/service/auth '@{Basic="true"}'

# Create self-signed certificate valid for 1 year (for HTTPS connections to WinRM)
$certParams = @{
    CertStoreLocation = 'Cert:\LocalMachine\My'
    DnsName           = $env:COMPUTERNAME
    NotAfter          = (Get-Date).AddYears(1)
    Provider          = 'Microsoft Software Key Storage Provider'
    Subject           = "CN=$env:COMPUTERNAME"
}
$cert = New-SelfSignedCertificate @certParams

# Create HTTPS listener
$httpsParams = @{
    ResourceURI = 'winrm/config/listener'
    SelectorSet = @{
        Transport = "HTTPS"
        Address   = "*"
    }
    ValueSet = @{
        CertificateThumbprint = $cert.Thumbprint
        Enabled               = $true
    }
}
New-WSManInstance @httpsParams

# Opens HTTPS listener port 5986 for all profiles
$firewallParams = @{
    Action      = 'Allow'
    Description = 'Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]'
    Direction   = 'Inbound'
    DisplayName = 'Windows Remote Management (HTTPS-In)'
    LocalPort   = 5986
    Profile     = 'Any'
    Protocol    = 'TCP'
}
New-NetFirewallRule @firewallParams

# Check HTTPS listener creation
winrm enumerate winrm/config/Listener