Windows

Question 1

What does the following Windows command do:
net use

Answer 1

Lists network shares that the workstation is using, giving information about other systems on the network

Question 2

What does the following Windows command do:
net group

Answer 2

Adds, displays, or modifies global groups in domains.
CAN ONLY BE USE ON DOMAIN CONTROLLERS.

Question 3

What does the following Windows command do:
net user

Answer 3

Adds or modifies user accounts, or displays user account information.

Question 4

What does the following Windows command do:
net config

Answer 4

Allows configuration of servers and workstations services on Windows computers.

Question 5

What does the following command do in Windows:
sc config

Answer 5

Modifies the value of a service’s entries in the registry and in the Service Control Manager database.

Question 6

What does the following command do in Windows:
sc create

Answer 6

Creates a subkey and entries for the service in the registry and in the Service Control Manager database.

Question 7

What does the following command do in Windows:
sc delete

Answer 7

Deletes a service subkey from the registry.

Question 8

What is the Security Identifier (SID)?

Answer 8

Identifies a user, group or computer account

Question 9

What is the Resource Identifier (RID)?

Answer 9

Portion of the SID identifying a specific user, group or computer

Question 10

What number does the Admin user SID end with?

Answer 10

500

Question 11

What number does a regular user SID end with?

Answer 11

1000

Question 12

What is SAM Database?

Answer 12

File where all local encrypted passwords are stored.

Question 13

Which directory is the SAM Database located in?

Answer 13

C:\Windows\System32\Config\

Question 14

What is nbtstat command used for?

Answer 14

Displays protocol statistics and current TCP/IP connections

Question 15

What does this command do?

C:\nbtstat -n

Answer 15

Displays local information

Question 16

What does this command do?

C:\nbtstat -A [IP Address]

Answer 16

Displays remote information

Question 17

What does this command do?

C:\nbtstat -c

Answer 17

Displays cached information

Question 18

What does Windows use for network authentication?

Answer 18

Kerberos

Question 19

What are two main weaknesses of LM Hashing?

Answer 19

1. Password splitting in multiple sections if password is longer than 7 characters
2. If one section is blank, hash will always be the same (AAD3B435B51404EE)

Question 20

What is Ntds.dit in Windows?

Answer 20

Database file on a domain controller that stores passwords.

Located:
%SystemRoot%\NTDS\Ntds.dit
OR
%SystemRoot%System32\Ntds.dit

Question 21

What is the 4 step exchange for Kerberos authentication?

Answer 21

1. Client asks Key Distribution Center (KDC) for a ticket
2. Server responds with Ticket Granting Ticket (TGT)
3. If client can decrypt it, the TGT is sent back to the server requesting a Ticket Granting Service (TGS) service ticket
4. Server sends TGS service ticket which client uses to access resources

Question 22

What is the simple explanation of Windows Registries?

Answer 22

Collection of settings and configurations that make Windows run - Made up of keys and values.

Question 23

What is the purpose of the following registry keys: HKEY_LOCAL_MACHINE (HKCU)

Answer 23

information on hardware and software

Question 24

What is the purpose of the following registry keys: HKEY_CLASSES_ROOT (HKCR)

Answer 24

Information on file associates and OLE classes

Question 25

What is the purpose of the following registry keys: HKEY_CURRENT_USER (HKCU)

Answer 25

Profile information for the current user including preferences

Question 26

What is the purpose of the following registry keys: HKEY_USERS (HKU)

Answer 26

Specific user configuration information for all currently active users

Question 27

What is the purpose of the following registry keys: HKEY_CURRENT_CONFIG (HKCC)

Answer 27

Pointer to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\HardwareProfiles\Current

Question 28

What is the MMC in Windows?

Answer 28

Microsoft Management Console - To Administer the system

Question 29

What does the following command do?

schtasks change

Answer 29

Changes one or more of the following properties of a task

Question 30

What does the following command do?

schtasks create

Answer 30

Schedules a new task.

Question 31

What does the following command do?

schtasks delete

Answer 31

Deletes a scheduled task.

Question 32

What does the following command do?

schtasks end

Answer 32

Stops a program started by a task.

Question 33

What does the following command do?

schtasks query

Answer 33

Displays tasks scheduled to run on the computer.

Question 34

What does the following command do?

schtasks run

Answer 34

Starts a scheduled task immediately. The run operation ignores the schedule, but uses the program file location, user account, and password saved in the task to run the task immediately.

Question 35

A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

Answer 35

Netsh firewall show config

Question 36

What does GINA stand for?

Answer 36

Graphical Identification and Authentication

Question 37

What is happening here?

net use \targetipc$ “” /u:””

Answer 37

Null session is being created on Windows using RPC.

Question 38

What is WMI and how do you use it?

Answer 38

Windows Management Instrumentation - infrastructure for management data and operations on Windows-based operating systems
Command: wmic

Question 39

What does the sc command stand for?

Answer 39

Service Controller

Question 40

What does the following command do:

sc qc

Answer 40

Queries the configuration information for a service.