Investigating Windows — TryHackMe

Task 1 Investigating Windows

1.Whats the version and year of the windows machine?

Answer:- Windows Server 2016

2.Which user logged in last?

Answer:- administrator

3.When did John log onto the system last?

Answer format: MM/DD/YYYY H:MM:SS AM/PM

Answer:- 03/02/2019 5:48:32 PM

4.What IP does the system connect to when it first starts?

Answer:- 10.34.2.3

5.What two accounts had administrative privileges (other than the Administrator user)?

Answer format: username1, username2

Answer:- Jenny, Guest

6.Whats the name of the scheduled task that is malicous.

Answer:-Clean file system

7.What file was the task trying to run daily?

Answer:-nc.ps1

8.What port did this file listen locally for?

Answer:-1348

9.When did Jenny last logon?

Answer:-Never

10.At what date did the compromise take place?

Answer format: MM/DD/YYYY

Answer:- 03/02/2019

11.At what time did Windows first assign special privileges to a new logon?

Answer format: MM/DD/YYYY HH:MM:SS AM/PM

Answer:-03/02/2019 4:04:49 PM

12.What tool was used to get Windows passwords?

Answer:-Mimikatz

13.What was the attackers external control and command servers IP?

Answer:-76.32.97.132

14.What was the extension name of the shell uploaded via the servers website?

Answer:-.jsp

15.What was the last port the attacker opened?

Answer:- 1337

16.Check for DNS poisoning, what site was targeted?

Answer:- google.com

Certified Ethical hacker