Investigating Windows — TryHackMe

Task 1 Investigating Windows

1.Whats the version and year of the windows machine?

Answer:- Windows Server 2016

2.Which user logged in last?

Answer:- administrator

3.When did John log onto the system last?

Answer format: MM/DD/YYYY H:MM:SS AM/PM

Answer:- 03/02/2019 5:48:32 PM

4.What IP does the system connect to when it first starts?


5.What two accounts had administrative privileges (other than the Administrator user)?

Answer format: username1, username2

Answer:- Jenny, Guest

6.Whats the name of the scheduled task that is malicous.

Answer:-Clean file system

7.What file was the task trying to run daily?


8.What port did this file listen locally for?


9.When did Jenny last logon?


10.At what date did the compromise take place?

Answer format: MM/DD/YYYY

Answer:- 03/02/2019

11.At what time did Windows first assign special privileges to a new logon?

Answer format: MM/DD/YYYY HH:MM:SS AM/PM

Answer:-03/02/2019 4:04:49 PM

12.What tool was used to get Windows passwords?


13.What was the attackers external control and command servers IP?


14.What was the extension name of the shell uploaded via the servers website?


15.What was the last port the attacker opened?

Answer:- 1337

16.Check for DNS poisoning, what site was targeted?


Certified Ethical hacker