System/Kernel
ps c:\Users\L4mpje> Systeminfo
error: Access denied
ps c:\Users\L4mpje> Get-ComputerInfo
windowsbuildlabex : 14393.2828.amd64fre.rs1_release_inmarket.190216-1457
windowscurrentversion : 6.3
windowseditionid : ServerStandard
windowsinstallationtype : Server
windowsinstalldatefromregistry : 22-2-2019 11:36:53
windowsproductid : 00376-30821-30176-AA445
windowsproductname : Windows Server 2016 Standard
windowsregisteredowner : Windows User
windowssystemroot : C:\Windows
osserverlevel : FullServer
timezone : (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
powerplatformrole : Desktop
deviceguardsmartstatus : Off Windows Server 2016 Standard
Networks
l4mpje@BASTION C:\Users\L4mpje> netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 1668
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 776
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 504
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 972
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 900
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1528
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 1460
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 636
TCP 10.10.10.134:22 10.10.14.11:35274 ESTABLISHED 1668
TCP 10.10.10.134:22 10.10.14.11:46892 ESTABLISHED 1668
TCP 10.10.10.134:22 10.10.14.11:46902 ESTABLISHED 1668
TCP 10.10.10.134:139 0.0.0.0:0 LISTENING 4
TCP [::]:22 [::]:0 LISTENING 1668
TCP [::]:135 [::]:0 LISTENING 776
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 504
TCP [::]:49665 [::]:0 LISTENING 972
TCP [::]:49666 [::]:0 LISTENING 900
TCP [::]:49667 [::]:0 LISTENING 1528
TCP [::]:49668 [::]:0 LISTENING 1460
TCP [::]:49669 [::]:0 LISTENING 628
TCP [::]:49670 [::]:0 LISTENING 636
UDP 0.0.0.0:123 *:* 696
UDP 0.0.0.0:500 *:* 900
UDP 0.0.0.0:4500 *:* 900
UDP 0.0.0.0:5050 *:* 696
UDP 0.0.0.0:5353 *:* 1052
UDP 0.0.0.0:5355 *:* 1052
UDP 10.10.10.134:137 *:* 4
UDP 10.10.10.134:138 *:* 4
UDP 127.0.0.1:49664 *:* 900
UDP [::]:123 *:* 696
UDP [::]:500 *:* 900
UDP [::]:4500 *:* 900
UDP [::]:5353 *:* 1052
UDP [::]:5355 *:* 1052 Users & Groups
l4mpje@bastion c:\Users\L4mpje> net user
User accounts for \\BASTION
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
L4mpje
The command completed successfully. l4mpje@bastion c:\Users\L4mpje> net localgroup
Aliases for \\BASTION
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Certificate Service DCOM Access
*Cryptographic Operators
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Print Operators
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Storage Replica Administrators
*System Managed Accounts Group
*Users
The command completed successfully. Processes
PS C:\Users\L4mpje> ps
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
55 3 1556 2708 0,00 1484 0 cmd
55 3 1576 2720 0,00 2476 0 cmd
55 3 1568 2696 0,00 2644 0 cmd
56 4 1572 2984 0,00 2964 0 cmd
56 4 1584 2992 0,00 3148 0 cmd
57 4 1588 2992 0,00 3292 0 cmd
94 8 1312 5892 2664 0 conhost
95 8 6204 10832 0,08 2684 0 conhost
95 8 6164 10792 0,38 3260 0 conhost
94 8 1308 5880 3396 0 conhost
94 8 1316 5888 3692 0 conhost
96 8 6192 10352 0,34 3748 0 conhost
328 15 1940 4300 388 0 csrss
118 11 1316 3768 512 1 csrss
211 13 3592 12372 2228 0 dllhost
314 19 13140 29140 864 1 dwm
0 0 0 4 0 0 Idle
412 24 10600 41972 2556 1 LogonUI
757 21 4648 12936 636 0 lsass
190 13 2868 9896 2380 0 msdtc
560 65 183684 131568 1784 0 MsMpEng
166 37 4824 8528 2976 0 NisSrv
765 30 87732 96972 1,14 3000 0 powershell
241 9 3076 7492 628 0 services
51 2 388 1220 276 0 smss
414 22 5516 15504 1528 0 spoolsv
57 6 940 4412 1648 0 ssh-agent
116 9 2200 7440 1,33 408 0 sshd
101 12 1600 6648 1668 0 sshd
108 8 1932 7516 2452 0 sshd
116 9 2144 7364 0,33 2840 0 sshd
108 8 1920 7504 3444 0 sshd
108 8 1932 7496 3480 0 sshd
116 9 2144 7368 0,36 3544 0 sshd
61 5 800 3252 2,03 2220 0 ssh-shellhost
61 5 720 3200 0,36 3304 0 ssh-shellhost
61 5 696 3160 0,25 3628 0 ssh-shellhost
420 35 9020 17432 420 0 svchost
772 28 7184 17588 696 0 svchost
464 17 4520 12736 720 0 svchost
438 15 3140 8832 776 0 svchost
1181 46 19780 44200 900 0 svchost
455 27 11120 18560 940 0 svchost
382 15 8740 13724 972 0 svchost
590 38 8124 20368 1052 0 svchost
157 11 1680 6948 1180 0 svchost
140 12 1424 6672 1460 0 svchost
347 19 8792 21960 1576 0 svchost
199 13 2052 8092 1600 0 svchost
132 9 3300 10308 1640 0 svchost
829 0 124 140 4 0 System
140 11 3052 10132 1724 0 VGAuthService
105 7 1384 5672 740 0 vm3dservice
321 21 8980 20908 1676 0 vmtoolsd
92 8 924 4908 504 0 wininit
166 10 2056 12604 564 1 winlogon
323 17 9748 19368 2248 0 WmiPrvSE spoolsv
Tasks
l4mpje@bastion c:\Users\L4mpje> schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
SmartScreenSpecific N/A Ready
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
microsoft compatibility appraiser 27-1-2023 03:23:12 Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily 27-1-2023 03:00:00 Ready
appuriverifierinstall 28-1-2023 03:00:00 Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 26-1-2023 18:00:00 Ready
KernelCeipTask N/A Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
data integrity scan 15-2-2023 10:24:00 Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
device 27-1-2023 04:17:01 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EnableErrorDetailsUpdate N/A Disabled
ErrorDetailsUpdate N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Plug and Play Cleanup N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BackgroundUploadTask N/A Ready
BackupTask N/A Ready
NetworkStateChangeTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
speechmodeldownloadtask 27-1-2023 00:00:00 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Maintenance Install N/A Disabled
MusUx_UpdateInterval N/A Ready
Policy Install N/A Disabled
Reboot N/A Ready
refresh settings 27-1-2023 02:33:20 Ready
Resume On Boot N/A Disabled
schedule scan 27-1-2023 10:58:28 Ready
USO_UxBroker_Display N/A Ready
USO_UxBroker_ReadyToReboot N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
windows defender scheduled scan 27-1-2023 04:46:24 Ready
Windows Defender Verification N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
queuereporting 26-1-2023 19:08:36 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
automatic app update 26-1-2023 19:46:42 Ready
Scheduled Start N/A Ready
sih 27-1-2023 09:54:18 Ready
sihboot N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
XblGameSaveTask N/A Ready
XblGameSaveTaskLogon N/A Ready Firewall & AV
l4mpje@BASTION C:\Users\L4mpje> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable Yes Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Enable 8 Allow inbound echo request
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 . Session Architecture
ps c:\Users\L4mpje> [Environment]::Is64BitProcess
True Installed .NET Frameworks
l4mpje@BASTION C:\Users\L4mpje> dir /A:D C:\Windows\Microsoft.NET\Framework
Volume in drive C has no label.
Volume Serial Number is 1B7D-E692
Directory of C:\Windows\Microsoft.NET\Framework
16-07-2016 14:23 <DIR> .
16-07-2016 14:23 <DIR> ..
16-07-2016 14:23 <DIR> v1.0.3705
16-07-2016 14:23 <DIR> v1.1.4322
16-07-2016 14:23 <DIR> v2.0.50727
26-01-2023 11:35 <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 4.812.972.032 bytes free
l4mpje@BASTION C:\Users\L4mpje> reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x60632
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.6.01586
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x60632
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.6.01586
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x60632
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.6.01586
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x60632
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.6.01586
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0 .NET 4.6.01586