REPORT

WINDOWS FUNDAMENTALS

Tier 0

SOURCE OF FINDINGS:
https://academy.hackthebox.com/module/49/
section/454

Compiled by: CALEB MUTAI

KUTRRH

IT-SEC

HTB Windows Fundamentals tier 0

INTRODUCTION TO WINDOWS
After Microsoft introduced Windows OS in 1985, there have been several steps in ranging from
operation, management and security wise. Windows Desktop introduced the Windows File
Manager, Program Manager, and Print Manager programs later on.
1.0 Accessing Windows OS
There are 2 major ways of interacting with Windows;
1. Local Access
2. Remote access

1. Local Access – means of utilizing the computer resources where the primary OS is
installed. The OS directly acquire the resources from the host hardware to run the
process.
2. Romote Access - Means the OS has been installed some hardware in a different location
and can be accessed remotely via VNCs. The primary OS can be accessed through either
SSH, FTP, VPN, or any other means such as through RDPs.

1. REMOTE ACCESS
On linux based OS, Windows can be accessed through preinstalled VNC called Xfreerdp.
Xfreerdp is accessed in the Linux’s CLI.
Xfreerdp /v: <IP address> /u: <username> /p: <logon password>.

1.1 Exploring Directories Using Command Line

Commands and their functions.
dir – We can explore the file system directories and file
tree - Tool that displays the directory structure of a specified path or drive in a tree format.

HTB Windows Fundamentals tier 0

Fig1: tree command in Window’s cmd

2.0 NTFS PERMISSIONS

NTFS permissions are used to manage access to the files and folders that are stored in NTFS file
systems. It has the following levels of controls: -
Read
Write
Full Control
Modify
List Folder Contents
Read and Execute
Traverse Folder

2.1 Share permissions.

To enable the connection of the share of resources like Printers and files, Microsoft came up with
Server Message Block protocol (SMB).

HTB Windows Fundamentals tier 0

2.2 Share permissions in SMB.
Share permissions are categorized into three major permissions such as: -
a. Full control
b. Read
c. Change
To view the share permissions of a directory, we navigate through the following steps:
- Create a folder or open the existing folder.
- right click and navigate to properties.
- click on sharing tab, to activate the ‘share this folder’ this will enable the file to be
accessed in the network.
- Click on the permissions and check the permissions granted for each group and folder.

Fig 2: share permissions

3.0 WINDOWS SERVICES AND PROCESSES

3.1 Services
To get the services that run in the computer we use the following command

HTB Windows Fundamentals tier 0

Get-Service | ? {$_.Status -eq "Running"} | select -First 2 |fl

Fig3: running services in remote windows 10 OS.

3.2 Processes
They run on the background of the computer. The processes that are running at a specific time
can be checked in Task Manager.

3.3 Windows services permissions

Services allow for the management of long-running processes and are a critical part of Windows
operating systems. Sysadmins often overlook them as potential threat vectors that can be used to
load malicious DLLs, execute applications without access to an admin account, escalate
privileges and even maintain persistence. The first step in realizing the importance of service
permissions is simply understanding that they exist and being mindful of them.
To access this service information, we navigate to services, by typing “services.msc” in run.

4.0 INTERACTING WITH THE WINDOWS OPERATING SYSTEM

1. Graphical User Interface - Introduced in the late 1970s, it has been a great way of
interacting with Windows OS and usually Systems administrators use GUI-based systems
for administering Active Directory, configuring IIS, or interacting with databases.
2. Remote Desktop Protocol (RDP) - A proprietary Microsoft protocol which allows a
user to connect to a remote system over a network connection and obtain a graphical user

HTB Windows Fundamentals tier 0

 interface. It can also allow users to access their work computers when traveling or
working from home after connecting to a Virtual Private Network (VPN).
3. Windows Command Line - Command-line interfaces give users greater control over
their systems and can be used to perform a wide variety of day-to-day, administrative,
and troubleshooting tasks. It can be leveraged to introduce automation to perform certain
tasks quickly (such as adding many users to a domain at once). In Windows operating
systems, the main two ways to interact with the system from the command line are via
the Command Prompt (CMD) and PowerShell.
4. CMD - The Command Prompt (cmd.exe) is used to enter and execute commands. The
Command prompt can be opened from the Start Menu, by typing cmd in the run dialogue
box, or by directly launching the binary from C:\Windows\system32\cmd.exe.

5.0 WINDOWS MANAGEMENT INSTRUMENTATION (WMI)

Wmi is a great tool for monitoring the system.
Some of the uses for WMI are:
Status information for local/remote systems.
Configuring security settings on remote machines/applications.
Setting and changing user and group permissions.
Setting/modifying system properties.
Code execution.
Scheduling processes.
Setting up logging.

Example of wmi to retrieve and list the windows OS information is by typing

“wmic os list brief in the power”.

Another great way to manage hardware, software and network is through Microsoft Management
Console (MMC). MMC works with the concept of snap-ins, allowing administrators to create a
customized console with only the administrative tools needed to manage several services. These
snap-ins can be added to manage both local and remote systems.

6.0 WINDOWS SECURITY.

Almost about 70% of the computers around the world use Microsoft Windows OS. This is where
attackers target each and every day. And for this reason, Microsoft came up with security
mechanisms to protect users from this attacks.

HTB Windows Fundamentals tier 0

Windows follows certain security principles. These are the units in the system that can be
authorized or authenticated for a particular action. These actions include users, computers
threads or processes.
The following are Principle that Microsoft came up with to tackle the security issue.
1. Security Identifier (SID)
2. Security Accounts Manager (SAM) and Access Control Entries (ACE)
3. User account Control (UAC)
4. Registry
5. Application whitelisting
6. AppLocker
7. Local Group Policy (LGP)
8. Windows Defender Antivirus

DISCUSSION AND CONCLUSION

Windows operating system (OS) is a complex system with a hierarchical structure for organizing
files and directories. Understanding these components is crucial for managing the system
efficiently and ensuring its security.
In conclusion, understanding the structure of Windows OS files, directories, groups, and security
mechanisms is essential for effectively managing and securing a Windows-based system.
Administrators should be familiar with these concepts to ensure the system's integrity and protect
it from unauthorized access.

HTB Windows Fundamentals tier 0

Fig 4: The badge earned upon completion of the Windows Fundamentals Module
Link: https://academy.hackthebox.com/achievement/badge/75b80abd-d53d-11ee-891c-bea50ffe6cb4

HTB Windows Fundamentals tier 0