Microsoft Windows Security Assessment Flashcards

1
Q

Commands to identify domains/work groups and memberships within the network, from outside a windows computer?

A
  • nslookup
  • nmap
  • name -dhcp
  • dig
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Commands to identify domains/work groups and memberships within the network, with access to windows cmd or powershell?

A

CMD
net users %username% #Me
net users #All local users
net localgroup #Groups
net localgroup Administrators #Who is inside Administrators group
whoami /all #Check the privileges

PS
Get -WmiObject -Class Win32_UserAccount
Get -LocalUser | ft Name, Enabled, LastLogon
Get -ChildItem C:\Users -Force | select Name
Get -LocalGroupMember Administrators | ft Name, PrincipalSource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Command to show scans and domain controller names from nmap?

A

net View

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Commands to browse list of available shared network resources collected and distributed by the computer browser service on a Microsoft network?

A

net share
net view
net view \<computer_name> /All</computer_name>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Command to identify and analyse accessible SMB shares?

A

net share
enum4linux <target_ip>
smbclient -L \\\<target_ip></target_ip></target_ip>

smbclients option L lists shares
Remove L option to connect
Try anonymous login, if not, use other credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Identifying user accounts on target systems
and domains using NetBIOS

A

nbtscan <target_ip>
nmap -sV 172.16.1.102 --script nbstat.nse -v</target_ip>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Identifying user accounts on target systems
and domains using SNMP

A

snmpwalk -c public -vl -t <target_ip>
nmap --script "snmp * and not snmp-brute" <target_ip></target_ip></target_ip>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Identifying user accounts on target systems
and domains using LDAP

A

nmap -n -sV –script “ldap * and not brute” <target_ip>
ldapsearch -x -h <IP> -D '<DOMAIN>\<username>' -w <passwords>' -b "DC=<1_SUBDOMAIN></passwords></username></DOMAIN></IP></target_ip>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

3 AD roles?

A
  • Global Catalogue
  • Domain Master Browser
  • Flexible Single Master operations (FSMO)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Global Catalogue?

A

Handles AD queries and logon

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Domain Master Browser?

A
  • used when more than one network in the domain
  • each subnet/domain has a master browser, which share info
  • when browser list is collected and compiled, then transmitted to all master browser again as the enterprise-wide browse list for the domain
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Flexible Single Master Operations (FSMO)?

A
  • FSMO is a specialised domain controller set of tasks used where standard data transfer and update methods are inadequate.
  • AD normally relies on multiple peer DCs, each with a copy of AD database, being synchronised by multi-master replication.
  • The tasks not suited to multi-master replication and are viable only with a single master database are the FSMOs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

5 FSMO roles?

A
  • Schema Master 1 per forest
  • Domain Naming Master 1 per forest
  • Relative ID (RID) Master 1 per domain
  • Primary Domain Controller (PDC) Emulator 1 per domain
  • Infrastructure Master 1 per domain
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Schema Master?

A

Manages read-write copy of AD schema
The AD schema defines attributes that you can apply to objects in AD database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Domain Naming Master?

A

Ensures you don’t have domains with same names in the same forest.
Master of domain names.
Since domains aren’t created often, this role is likely to live on same DC with another role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly