The room aims to teach basic concepts required to harden a windows workstation coupled with knowledge of services/software/applications that may result in hacking a computer or data breach.
Learning ObjectivesIdentity & access management network managementApplication management storage & ComputeImportance of updating WindowsCheat sheet for hardening WindowsConnecting to the Machine
We will be using Windows 10 as a development/test machine throughout the room with the following credentials:
- Machine IP:
10.10.200.67
- Username:
Harden
- Password:
harden
You can start the virtual machine in split screen view by clicking Start Machine
. Alternatively, you can connect with the VM using the above credentials through Remote Desktop. Prerequisites
Before starting this room, go through the following already developed rooms for understanding the fundamentals:
- Windows Fundamentals 1 (desktop, the NTFS file system, UAC, the Control Panel)
- Windows Fundamentals 2 (System Configuration, UAC Settings, Resource Monitoring, the Registry)
- Windows Fundamentals 3 (Microsoft tools that help keep the device secure, such as Updates, Windows Security, BitLocker)
Follow along with the steps described in upcoming tasks. Let’s begin.
Task 2 Understanding General Concepts
Question: What is the startup type of App Readiness service in the services panel?
Answer:
1. Open services panel by run services.msc

2. search for a service named App Readiness in the services panel

3. open the service and read the startup type in it

Answer: Manual
Question: Open Registry Editor and find the key “tryhackme”. What is the default value of the key?

Question: Open the Diagnosis folder and go through the various log files. Can you find the flag?
- C:\ProgramData\Microsoft\Diagnosis

2. now copy the flag.txt.txt file to any of user privileged directories like document folder and read the flag

Task 3 Identity & Access Management
Question: Find the name of the Administrator Account of the attached VM.
Answer: Harden
Question: Go to the User Account Control Setting Panel (Control Panel > All Control Panel Items > User Accounts). What is the default level of Notification?
Answer: Always Notify
Question: How many standard accounts are created in the VM?
Answer: 0
Task 4 Network Management
Question: Open Windows Firewall and click on Monitoring in the left pane – which of the following profiles is active? Domain, Private, Public?
Answer: Private
Question: Find the IP address resolved for the website tryhack.me in the Virtual Machine as per the local host file.
Hint: check the etc host file located at C:/Windows/System32/Drivers/etc/hosts
Answer: 192.168.1.140
Question: Open the command prompt and enter arp -a. What is the Physical address for the IP address 255.255.255.255?
Answer: ff-ff-ff-ff-ff-ff
Task 5 Application Management
Question: Windows Defender Antivirus is configured to exclude a particular extension from scanning. What is the extension?
Answer: .ps
Question: A Word document is received from an unknown email address. It is best practice to open it immediately on your personal computer (yay/nay).
Answer: nay
Question: What is the flag you received after executing the Office Hardening Batch file?
Answer: {THM_1101110}
Task 6 Storage Management
Question: A security engineer has misconfigured the attached VM and stored a BitLocker recovery key in the same computer. Can you read the last six digits of the recovery key?
Answer: 377564
Question: How many characters does the BitLocker recovery key have in the attached VM?
Answer: 48
Question: A backup file is placed on the Desktop of the attached VM. What is the extension of that file?
Answer: .bkf
Task 7 Updating Windows
Question: What is the CVE score for the vulnerability CVE ID CVE-2022-32230?
Answer: 7.8
Task 8 Cheat sheet for Hardening Windows
Question: I have completed the room.
Answer: done