The room aims to teach basic concepts required to harden a windows workstation coupled with knowledge of services/software/applications that may result in hacking a computer or data breach.
Learning ObjectivesIdentity & access management network managementApplication management storage & ComputeImportance of updating WindowsCheat sheet for hardening WindowsConnecting to the Machine
We will be using Windows 10 as a development/test machine throughout the room with the following credentials:
- Machine IP:
10.10.200.67 - Username:
Harden - Password:
harden
You can start the virtual machine in split screen view by clicking Start Machine. Alternatively, you can connect with the VM using the above credentials through Remote Desktop. Prerequisites
Before starting this room, go through the following already developed rooms for understanding the fundamentals:
- Windows Fundamentals 1 (desktop, the NTFS file system, UAC, the Control Panel)
- Windows Fundamentals 2 (System Configuration, UAC Settings, Resource Monitoring, the Registry)
- Windows Fundamentals 3 (Microsoft tools that help keep the device secure, such as Updates, Windows Security, BitLocker)
Follow along with the steps described in upcoming tasks. Let’s begin.
Task 2 Understanding General Concepts
Question: What is the startup type of App Readiness service in the services panel?
Answer:
1. Open services panel by run services.msc
2. search for a service named App Readiness in the services panel
3. open the service and read the startup type in it
Answer: Manual
Question: Open Registry Editor and find the key “tryhackme”. What is the default value of the key?
Question: Open the Diagnosis folder and go through the various log files. Can you find the flag?
- C:\ProgramData\Microsoft\Diagnosis
2. now copy the flag.txt.txt file to any of user privileged directories like document folder and read the flag
Task 3 Identity & Access Management
Question: Find the name of the Administrator Account of the attached VM.
Answer: Harden
Question: Go to the User Account Control Setting Panel (Control Panel > All Control Panel Items > User Accounts). What is the default level of Notification?
Answer: Always Notify
Question: How many standard accounts are created in the VM?
Answer: 0
Task 4 Network Management
Question: Open Windows Firewall and click on Monitoring in the left pane – which of the following profiles is active? Domain, Private, Public?
Answer: Private
Question: Find the IP address resolved for the website tryhack.me in the Virtual Machine as per the local host file.
Hint: check the etc host file located at C:/Windows/System32/Drivers/etc/hosts
Answer: 192.168.1.140
Question: Open the command prompt and enter arp -a. What is the Physical address for the IP address 255.255.255.255?
Answer: ff-ff-ff-ff-ff-ff
Task 5 Application Management
Question: Windows Defender Antivirus is configured to exclude a particular extension from scanning. What is the extension?
Answer: .ps
Question: A Word document is received from an unknown email address. It is best practice to open it immediately on your personal computer (yay/nay).
Answer: nay
Question: What is the flag you received after executing the Office Hardening Batch file?
Answer: {THM_1101110}
Task 6 Storage Management
Question: A security engineer has misconfigured the attached VM and stored a BitLocker recovery key in the same computer. Can you read the last six digits of the recovery key?
Answer: 377564
Question: How many characters does the BitLocker recovery key have in the attached VM?
Answer: 48
Question: A backup file is placed on the Desktop of the attached VM. What is the extension of that file?
Answer: .bkf
Task 7 Updating Windows
Question: What is the CVE score for the vulnerability CVE ID CVE-2022-32230?
Answer: 7.8
Task 8 Cheat sheet for Hardening Windows
Question: I have completed the room.
Answer: done
