Windows Flashcards
What does the following Windows command do:
net use
Lists network shares that the workstation is using, giving information about other systems on the network
What does the following Windows command do:
net group
Adds, displays, or modifies global groups in domains.
CAN ONLY BE USE ON DOMAIN CONTROLLERS.
What does the following Windows command do:
net user
Adds or modifies user accounts, or displays user account information.
What does the following Windows command do:
net config
Allows configuration of servers and workstations services on Windows computers.
What does the following command do in Windows:
sc config
Modifies the value of a service’s entries in the registry and in the Service Control Manager database.
What does the following command do in Windows:
sc create
Creates a subkey and entries for the service in the registry and in the Service Control Manager database.
What does the following command do in Windows:
sc delete
Deletes a service subkey from the registry.
What is the Security Identifier (SID)?
Identifies a user, group or computer account
What is the Resource Identifier (RID)?
Portion of the SID identifying a specific user, group or computer
What number does the Admin user SID end with?
500
What number does a regular user SID end with?
1000
What is SAM Database?
File where all local encrypted passwords are stored.
Which directory is the SAM Database located in?
C:\Windows\System32\Config\
What is nbtstat command used for?
Displays protocol statistics and current TCP/IP connections
What does this command do?
C:\nbtstat -n
Displays local information
What does this command do?
C:\nbtstat -A [IP Address]
Displays remote information
What does this command do?
C:\nbtstat -c
Displays cached information
What does Windows use for network authentication?
Kerberos
What are two main weaknesses of LM Hashing?
- Password splitting in multiple sections if password is longer than 7 characters
- If one section is blank, hash will always be the same (AAD3B435B51404EE)
What is Ntds.dit in Windows?
Database file on a domain controller that stores passwords.
Located:
%SystemRoot%\NTDS\Ntds.dit
OR
%SystemRoot%System32\Ntds.dit
What is the 4 step exchange for Kerberos authentication?
- Client asks Key Distribution Center (KDC) for a ticket
- Server responds with Ticket Granting Ticket (TGT)
- If client can decrypt it, the TGT is sent back to the server requesting a Ticket Granting Service (TGS) service ticket
- Server sends TGS service ticket which client uses to access resources
What is the simple explanation of Windows Registries?
Collection of settings and configurations that make Windows run - Made up of keys and values.
What is the purpose of the following registry keys: HKEY_LOCAL_MACHINE (HKCU)
information on hardware and software
What is the purpose of the following registry keys: HKEY_CLASSES_ROOT (HKCR)
Information on file associates and OLE classes