Windows Flashcards
What does the following Windows command do:
net use
Lists network shares that the workstation is using, giving information about other systems on the network
What does the following Windows command do:
net group
Adds, displays, or modifies global groups in domains.
CAN ONLY BE USE ON DOMAIN CONTROLLERS.
What does the following Windows command do:
net user
Adds or modifies user accounts, or displays user account information.
What does the following Windows command do:
net config
Allows configuration of servers and workstations services on Windows computers.
What does the following command do in Windows:
sc config
Modifies the value of a service’s entries in the registry and in the Service Control Manager database.
What does the following command do in Windows:
sc create
Creates a subkey and entries for the service in the registry and in the Service Control Manager database.
What does the following command do in Windows:
sc delete
Deletes a service subkey from the registry.
What is the Security Identifier (SID)?
Identifies a user, group or computer account
What is the Resource Identifier (RID)?
Portion of the SID identifying a specific user, group or computer
What number does the Admin user SID end with?
500
What number does a regular user SID end with?
1000
What is SAM Database?
File where all local encrypted passwords are stored.
Which directory is the SAM Database located in?
C:\Windows\System32\Config\
What is nbtstat command used for?
Displays protocol statistics and current TCP/IP connections
What does this command do?
C:\nbtstat -n
Displays local information
What does this command do?
C:\nbtstat -A [IP Address]
Displays remote information
What does this command do?
C:\nbtstat -c
Displays cached information
What does Windows use for network authentication?
Kerberos
What are two main weaknesses of LM Hashing?
- Password splitting in multiple sections if password is longer than 7 characters
- If one section is blank, hash will always be the same (AAD3B435B51404EE)
What is Ntds.dit in Windows?
Database file on a domain controller that stores passwords.
Located:
%SystemRoot%\NTDS\Ntds.dit
OR
%SystemRoot%System32\Ntds.dit
What is the 4 step exchange for Kerberos authentication?
- Client asks Key Distribution Center (KDC) for a ticket
- Server responds with Ticket Granting Ticket (TGT)
- If client can decrypt it, the TGT is sent back to the server requesting a Ticket Granting Service (TGS) service ticket
- Server sends TGS service ticket which client uses to access resources
What is the simple explanation of Windows Registries?
Collection of settings and configurations that make Windows run - Made up of keys and values.
What is the purpose of the following registry keys: HKEY_LOCAL_MACHINE (HKCU)
information on hardware and software
What is the purpose of the following registry keys: HKEY_CLASSES_ROOT (HKCR)
Information on file associates and OLE classes
What is the purpose of the following registry keys: HKEY_CURRENT_USER (HKCU)
Profile information for the current user including preferences
What is the purpose of the following registry keys: HKEY_USERS (HKU)
Specific user configuration information for all currently active users
What is the purpose of the following registry keys: HKEY_CURRENT_CONFIG (HKCC)
Pointer to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\HardwareProfiles\Current
What is the MMC in Windows?
Microsoft Management Console - To Administer the system
What does the following command do?
schtasks change
Changes one or more of the following properties of a task
What does the following command do?
schtasks create
Schedules a new task.
What does the following command do?
schtasks delete
Deletes a scheduled task.
What does the following command do?
schtasks end
Stops a program started by a task.
What does the following command do?
schtasks query
Displays tasks scheduled to run on the computer.
What does the following command do?
schtasks run
Starts a scheduled task immediately. The run operation ignores the schedule, but uses the program file location, user account, and password saved in the task to run the task immediately.
A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?
Netsh firewall show config
What does GINA stand for?
Graphical Identification and Authentication
What is happening here?
net use \targetipc$ “” /u:””
Null session is being created on Windows using RPC.
What is WMI and how do you use it?
Windows Management Instrumentation - infrastructure for management data and operations on Windows-based operating systems
Command: wmic
What does the sc command stand for?
Service Controller
What does the following command do:
sc qc
Queries the configuration information for a service.