System/Kernel
ps c:\xampp\htdocs\school.flight.htb> systeminfo ; Get-ComputerInfo
host name: G0
os name: Microsoft Windows Server 2019 Standard
os version: 10.0.17763 N/A Build 17763
os manufacturer: Microsoft Corporation
os configuration: Primary Domain Controller
os build type: Multiprocessor Free
registered owner: Windows User
registered organization:
product id: 00429-00521-62775-AA402
original install date: 7/20/2021, 11:21:49 AM
system boot time: 12/11/2023, 7:43:51 AM
system manufacturer: VMware, Inc.
system model: VMware7,1
system type: x64-based PC
processor(s): 2 Processor(s) Installed.
[01]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel ~2295 Mhz
[02]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel ~2295 Mhz
bios version: VMware, Inc. VMW71.00V.16707776.B64.2008070230, 8/7/2020
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume3
system locale: en-us;English (United States)
input locale: it;Italian (Italy)
time zone: (UTC-08:00) Pacific Time (US & Canada)
total physical memory: 4,095 MB
available physical memory: 2,327 MB
virtual memory: Max Size: 5,503 MB
virtual memory: Available: 3,704 MB
virtual memory: In Use: 1,799 MB
page file location(s): C:\pagefile.sys
domain: flight.htb
logon server: N/A
hotfix(s): N/A
network card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
connection name: Ethernet0 2
dhcp enabled: No
IP address(es)
[01]: 10.10.11.187
[02]: fe80::b1d9:efc7:61e1:4d02
[03]: dead:beef::b1d9:efc7:61e1:4d02
[04]: dead:beef::23d
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
windowsbuildlabex : 17763.1.amd64fre.rs5_release.180914-1434
windowscurrentversion : 6.3
windowseditionid : ServerStandard
windowsinstallationtype : Server
windowsinstalldatefromregistry : 7/20/2021 7:21:49 PM
windowsproductid : 00429-00521-62775-AA402
windowsproductname : Windows Server 2019 Standard
windowsregisteredorganization :
windowsregisteredowner : Windows User
windowssystemroot : C:\Windows
windowsversion : 1809
osserverlevel : FullServer
timezone : (UTC-08:00) Pacific Time (US & Canada)
powerplatformrole : Desktop
deviceguardsmartstatus : OffMicrosoft Windows Server 2019 Standard
10.0.17763 N/A Build 17763
1809
x64-based
2 Processor(s)
FullServer
Desktop
Networks
PS C:\xampp\htdocs\school.flight.htb> ipconfig /all ; arp -a
Windows IP Configuration
Host Name . . . . . . . . . . . . : g0
Primary Dns Suffix . . . . . . . : flight.htb
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : flight.htb
htb
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . : htb
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-B9-65-69
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : dead:beef::23d(Preferred)
Lease Obtained. . . . . . . . . . : Monday, December 11, 2023 7:44:12 AM
Lease Expires . . . . . . . . . . : Monday, December 11, 2023 6:14:12 PM
IPv6 Address. . . . . . . . . . . : dead:beef::b1d9:efc7:61e1:4d02(Preferred)
Link-local IPv6 Address . . . . . : fe80::b1d9:efc7:61e1:4d02%6(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.11.187(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : fe80::250:56ff:feb9:d784%6
10.10.10.2
DHCPv6 IAID . . . . . . . . . . . : 369119318
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-88-DA-51-00-0C-29-37-43-59
DNS Servers . . . . . . . . . . . : 1.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
htb
Interface: 10.10.11.187 --- 0x6
Internet Address Physical Address Type
10.10.10.2 00-50-56-b9-d7-84 dynamic
10.10.11.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static PS C:\xampp\htdocs\school.flight.htb> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4728
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 644
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 912
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 644
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4728
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 644
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 912
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 644
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 644
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 644
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 2776
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 520
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1168
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1556
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 644
TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING 644
TCP 0.0.0.0:49674 0.0.0.0:0 LISTENING 644
TCP 0.0.0.0:49682 0.0.0.0:0 LISTENING 636
TCP 0.0.0.0:49690 0.0.0.0:0 LISTENING 2944
TCP 0.0.0.0:49699 0.0.0.0:0 LISTENING 2912
TCP 10.10.11.187:53 0.0.0.0:0 LISTENING 2944
TCP 10.10.11.187:139 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 2944
TCP [::]:80 [::]:0 LISTENING 4728
TCP [::]:88 [::]:0 LISTENING 644
TCP [::]:135 [::]:0 LISTENING 912
TCP [::]:389 [::]:0 LISTENING 644
TCP [::]:443 [::]:0 LISTENING 4728
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:464 [::]:0 LISTENING 644
TCP [::]:593 [::]:0 LISTENING 912
TCP [::]:636 [::]:0 LISTENING 644
TCP [::]:3268 [::]:0 LISTENING 644
TCP [::]:3269 [::]:0 LISTENING 644
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:8000 [::]:0 LISTENING 4
TCP [::]:9389 [::]:0 LISTENING 2776
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 520
TCP [::]:49665 [::]:0 LISTENING 1168
TCP [::]:49666 [::]:0 LISTENING 1556
TCP [::]:49668 [::]:0 LISTENING 644
TCP [::]:49673 [::]:0 LISTENING 644
TCP [::]:49674 [::]:0 LISTENING 644
TCP [::]:49682 [::]:0 LISTENING 636
TCP [::]:49690 [::]:0 LISTENING 2944
TCP [::]:49699 [::]:0 LISTENING 2912
TCP [::1]:53 [::]:0 LISTENING 2944
TCP [dead:beef::23d]:53 [::]:0 LISTENING 2944
TCP [dead:beef::b1d9:efc7:61e1:4d02]:53 [::]:0 LISTENING 2944
TCP [fe80::b1d9:efc7:61e1:4d02%6]:53 [::]:0 LISTENING 29440.0.0.0:443
0.0.0.0:8000
Users & Groups
ps c:\xampp\htdocs\school.flight.htb> dir C:\Users
directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 9/22/2022 12:28 PM .NET v4.5
d----- 9/22/2022 12:28 PM .NET v4.5 Classic
d----- 10/31/2022 11:34 AM Administrator
d----- 9/22/2022 1:08 PM C.Bum
d-r--- 7/20/2021 12:23 PM Public
d----- 10/21/2022 11:50 AM svc_apache
ps c:\xampp\htdocs\school.flight.htb> net users
User accounts for \\G0
-------------------------------------------------------------------------------
Administrator C.Bum D.Truff
G.Lors Guest I.Francis
krbtgt L.Kein M.Gold
O.Possum R.Cold S.Moon
svc_apache V.Stevens W.Walker
The command completed successfully.
ps c:\xampp\htdocs\school.flight.htb> net users /DOMAIN
User accounts for \\G0
-------------------------------------------------------------------------------
Administrator C.Bum D.Truff
G.Lors Guest I.Francis
krbtgt L.Kein M.Gold
O.Possum R.Cold S.Moon
svc_apache V.Stevens W.Walker
The command completed successfully.ps c:\xampp\htdocs\school.flight.htb> net localgroup
Aliases for \\G0
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Access-Denied Assistance Users
*Account Operators
*Administrators
*Allowed RODC Password Replication Group
*Backup Operators
*Cert Publishers
*Certificate Service DCOM Access
*Cryptographic Operators
*Denied RODC Password Replication Group
*Distributed COM Users
*DnsAdmins
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Incoming Forest Trust Builders
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Pre-Windows 2000 Compatible Access
*Print Operators
*RAS and IAS Servers
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Server Operators
*Storage Replica Administrators
*Terminal Server License Servers
*Users
*Windows Authorization Access Group
The command completed successfully.
ps c:\xampp\htdocs\school.flight.htb> net groups /DOMAIN
Group Accounts for \\G0
-------------------------------------------------------------------------------
*Cloneable Domain Controllers
*DnsUpdateProxy
*Domain Admins
*Domain Computers
*Domain Controllers
*Domain Guests
*Domain Users
*Enterprise Admins
*Enterprise Key Admins
*Enterprise Read-only Domain Controllers
*Group Policy Creator Owners
*Key Admins
*Protected Users
*Read-only Domain Controllers
*Schema Admins
*WebDevs
The command completed successfully.Processes
PS C:\xampp\htdocs\school.flight.htb> tasklist /SVC
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 88 N/A
smss.exe 284 N/A
csrss.exe 396 N/A
csrss.exe 500 N/A
wininit.exe 520 N/A
winlogon.exe 568 N/A
services.exe 636 N/A
lsass.exe 644 Kdc, KeyIso, Netlogon, SamSs
svchost.exe 848 PlugPlay
svchost.exe 868 BrokerInfrastructure, DcomLaunch, Power,
SystemEventsBroker
svchost.exe 912 RpcEptMapper, RpcSs
svchost.exe 956 LSM
svchost.exe 60 DsmSvc
dwm.exe 356 N/A
svchost.exe 372 nsi
svchost.exe 724 W32Time
svchost.exe 652 NcbService
svchost.exe 1032 TimeBrokerSvc
svchost.exe 1048 Dhcp
svchost.exe 1136 Dnscache
svchost.exe 1168 EventLog
svchost.exe 1300 NlaSvc
svchost.exe 1324 BFE, mpssvc
svchost.exe 1392 gpsvc
svchost.exe 1400 ProfSvc
svchost.exe 1424 EventSystem
svchost.exe 1452 Themes
svchost.exe 1512 netprofm
svchost.exe 1556 Schedule
svchost.exe 1600 SENS
svchost.exe 1704 Wcmsvc
svchost.exe 1804 WinHttpAutoProxySvc
svchost.exe 1864 ShellHWDetection
svchost.exe 1916 FontCache
svchost.exe 1932 Winmgmt
svchost.exe 2004 UserManager
svchost.exe 2012 iphlpsvc
svchost.exe 2076 LanmanWorkstation
svchost.exe 2396 PolicyAgent
svchost.exe 2584 LanmanServer
fontdrvhost.exe 2748 N/A
fontdrvhost.exe 2756 N/A
Microsoft.ActiveDirectory 2776 ADWS
svchost.exe 2816 AppHostSvc
svchost.exe 2824 CoreMessagingRegistrar
svchost.exe 2832 CryptSvc
dfsrs.exe 2912 DFSR
svchost.exe 2928 DiagTrack
dns.exe 2944 DNS
ismserv.exe 2984 IsmServ
svchost.exe 2992 SstpSvc
svchost.exe 3020 SrmSvc
svchost.exe 3028 SysMain
VGAuthService.exe 3060 VGAuthService
vm3dservice.exe 2112 vm3dservice
vmtoolsd.exe 1736 VMTools
dfssvc.exe 2384 Dfs
svchost.exe 2204 WpnService
MsMpEng.exe 2720 WinDefend
svchost.exe 508 W3SVC, WAS
svchost.exe 2956 WinRM
svchost.exe 3080 tapisrv
vm3dservice.exe 3260 N/A
svchost.exe 3424 RasMan
vdsvds.exe 3580 vds
WmiPrvSE.exe 3788 N/A
dllhost.exe 3812 COMSysApp
msdtc.exe 4404 MSDTC
LogonUI.exe 3968 N/A
svchost.exe 4692 lmhosts
httpd.exe 4728 ApacheHTTPServer
httpd.exe 4844 N/A
svchost.exe 4696 UsoSvc
SecurityHealthService.exe 5828 SecurityHealthService
vm3dservice.exe 1472 N/A
svchost.exe 2888 CDPSvc
svchost.exe 3696 DPS
svchost.exe 2904 UALSVC
svchost.exe 4792 LicenseManager
svchost.exe 1780 DsSvc
svchost.exe 5604 WdiSystemHost
svchost.exe 3924 PcaSvc
svchost.exe 4496 wlidsvc
svchost.exe 1056 ClipSVC
cmd.exe 4688 N/A
conhost.exe 3604 N/A
cmd.exe 2684 N/A
powershell.exe 3484 N/A
tasklist.exe 3348 N/A Tasks
ps c:\xampp\htdocs\school.flight.htb> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
ps c:\xampp\htdocs\school.flight.htb> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Server Initial Configuration Task N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
microsoft compatibility appraiser 12/12/2023 4:18:08 AM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
License Validation N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 12/11/2023 6:00:00 PM Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
data integrity scan 12/20/2023 2:50:58 AM Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
device 12/12/2023 4:52:09 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
DXGIAdapterCache N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
StorageCardEncryption Task N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
refreshcache 12/12/2023 2:41:21 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates N/A Disabled
ScanForUpdatesAsUser N/A Disabled
SmartRetry N/A Disabled
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TempSignedLicenseExchange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Disabled
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LoginCheck N/A Disabled
Registration N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MRT_ERROR_HB N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
windows defender scheduled scan 12/12/2023 4:58:00 AM Ready
Windows Defender Verification N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
queuereporting 12/11/2023 6:25:40 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
scheduled start 12/12/2023 7:43:20 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Ready
Recovery-Check N/A Disabled Firewall & AV
PS C:\xampp\htdocs\school.flight.htb> cmd /c netsh firewall show config
Domain profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
80 TCP Enable Inbound Port 80 for Apache
Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
80 TCP Enable Inbound Port 80 for Apache
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .FW is partially enabled
PS C:\xampp\htdocs\school.flight.htb> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
AMEngineVersion : 1.1.19700.3
AMProductVersion : 4.18.2209.7
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.2209.7
AntispywareEnabled : True
AntispywareSignatureAge : 406
AntispywareSignatureLastUpdated : 10/31/2022 8:33:18 AM
AntispywareSignatureVersion : 1.377.1108.0
AntivirusEnabled : True
AntivirusSignatureAge : 406
AntivirusSignatureLastUpdated : 10/31/2022 8:33:18 AM
AntivirusSignatureVersion : 1.377.1108.0
BehaviorMonitorEnabled : False
ComputerID : A00A4DD9-C506-41A5-B568-B6220FEB9CD1
ComputerState : 0
DefenderSignaturesOutOfDate : True
DeviceControlDefaultEnforcement : Unknown
DeviceControlPoliciesLastUpdated : 12/11/2023 7:45:01 AM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
ProductStatus : 524384
QuickScanAge : 0
QuickScanEndTime : 12/11/2023 8:15:19 AM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.377.1108.0
QuickScanStartTime : 12/11/2023 8:14:52 AM
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : N/A
TDTMode : N/A
TDTStatus : N/A
TDTTelemetry : N/A
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :
ExclusionPath : {N/A: Must be and administrator to view exclusions}AV appears to be partially enabled
Session Architecture
ps c:\xampp\htdocs\school.flight.htb> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\xampp\htdocs\school.flight.htb> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 1DF4-493D
Directory of C:\Windows\Microsoft.NET\Framework
09/14/2018 11:19 PM <DIR> .
09/14/2018 11:19 PM <DIR> ..
09/14/2018 11:19 PM <DIR> v1.0.3705
09/14/2018 11:19 PM <DIR> v1.1.4322
09/14/2018 11:19 PM <DIR> v2.0.50727
12/11/2023 07:54 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 4,871,139,328 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.7.03190