What is the default command line interpreter in the Windows environment?
cmd.exe
What is the OS version of the Windows VM?
C:\>systeminfo
Host Name: WIN-SRV-2019
OS Name: Microsoft Windows Server 2019 Datacenter
OS Version: 10.0.20348.2655 N/A Build 17763
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Server
OS Build Type: Multiprocessor Free
10.0.20348.2655
What is the hostname of the Windows VM?
alham@WINSRV2022-CORE C:\Users\user>ver
WINSRV2022-CORE
Which command can we use to look up the server’s physical address (MAC address)?
ipconfig /all
alham@WINSRV2022-CORE C:\Users\user>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WINSRV2022-CORE
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eu-west-1.compute.internal
eu-west-1.ec2-utilities.amazonaws.com
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : eu-west-1.compute.internal
Description . . . . . . . . . . . : Amazon Elastic Network Adapter
Physical Address. . . . . . . . . : 02-75-36-8B-3C-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d9b:8b8f:6409:e143%5(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.151.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Tuesday, December 24, 2024 11:12:18 AM
Lease Expires . . . . . . . . . . : Tuesday, December 24, 2024 12:42:18 PM
Default Gateway . . . . . . . . . : 10.10.0.1
DHCP Server . . . . . . . . . . . : 10.10.0.1
DHCPv6 IAID . . . . . . . . . . . : 84601211
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-B9-B7-EF-00-0C-29-FF-E5-C8
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled
What is the name of the service listening on port 135?
alham@WINSRV2022-CORE C:\Users\user>netstat -ab
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:22 WINSRV2022-CORE:0 LISTENING
[sshd.exe]
TCP 0.0.0.0:135 WINSRV2022-CORE:0 LISTENING RpcSs
[svchost.exe]
TCP 0.0.0.0:445 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:3389 WINSRV2022-CORE:0 LISTENING TermService
[svchost.exe]
TCP 0.0.0.0:5985 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:47001 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:49664 WINSRV2022-CORE:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:49665 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:49666 WINSRV2022-CORE:0 LISTENING EventLog
[svchost.exe]
TCP 0.0.0.0:49667 WINSRV2022-CORE:0 LISTENING Schedule
[svchost.exe]
TCP 0.0.0.0:49668 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP 10.10.151.7:22 ip-10-11-34-174:46794 ESTABLISHED
[sshd.exe]
TCP 10.10.151.7:139 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP [::]:22 WINSRV2022-CORE:0 LISTENING
[sshd.exe]
TCP [::]:135 WINSRV2022-CORE:0 LISTENING RpcSs
[svchost.exe]
TCP [::]:445 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP [::]:3389 WINSRV2022-CORE:0 LISTENING TermService
[svchost.exe]
TCP [::]:5985 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP [::]:47001 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP [::]:49664 WINSRV2022-CORE:0 LISTENING
[lsass.exe]
TCP [::]:49665 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information TCP [::]:49666 WINSRV2022-CORE:0 LISTENING EventLog
[svchost.exe]
TCP [::]:49667 WINSRV2022-CORE:0 LISTENING Schedule
[svchost.exe]
TCP [::]:49668 WINSRV2022-CORE:0 LISTENING Can not obtain ownership information UDP 0.0.0.0:123 *:* W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:* IKEEXT
[svchost.exe]
UDP 0.0.0.0:3389 *:* TermService
[svchost.exe]
UDP 0.0.0.0:4500 *:* IKEEXT
[svchost.exe]
UDP 0.0.0.0:5353 *:* Dnscache
[svchost.exe]
UDP 0.0.0.0:5355 *:* Dnscache
[svchost.exe]
UDP 0.0.0.0:50180 *:* Dnscache
[svchost.exe]
UDP 0.0.0.0:50377 *:* Dnscache
[svchost.exe]
UDP 10.10.151.7:137 *:* Can not obtain ownership information UDP 10.10.151.7:138 *:* Can not obtain ownership information UDP 127.0.0.1:61602 127.0.0.1:61602 iphlpsvc
[svchost.exe]
UDP [::]:123 *:* W32Time
[svchost.exe]
UDP [::]:500 *:* IKEEXT
[svchost.exe]
UDP [::]:3389 *:* TermService
[svchost.exe]
UDP [::]:4500 *:* IKEEXT
[svchost.exe]
UDP [::]:5353 *:* Dnscache
[svchost.exe]
UDP [::]:5355 *:* Dnscache
[svchost.exe]
UDP [::]:50180 *:* Dnscache
[svchost.exe]
UDP [::]:50377 *:* Dnscache
[svchost.exe]
Rpcss
What is the name of the service listening on port 3389?
TermService
What are the file’s contents in C:\Treasure\Hunt?
SRV2022-CORE C:\Users\user>type C:\Treasure\Hunt\flag.txt
THM{CLI_POWER}
THM{CLI_POWER}
What command would you use to find the running processes related to notepad.exe?
tasklist /FI "imagename eq notepad.exe”
What command can you use to kill the process with PID 1516?
taskkill /PID 1516
The command shutdown /s can shut down a system. What is the command you can use to restart a system?
shutdown /r
What command can you use to abort a scheduled system shutdown?
shutdown /a
Leave a comment