System/Kernel
c:\WINDOWS\system32> systeminfo
systeminfo
host name: LEGACY
os name: Microsoft Windows XP Professional
os version: 5.1.2600 Service Pack 3 Build 2600
os manufacturer: Microsoft Corporation
os configuration: Standalone Workstation
os build type: Uniprocessor Free
registered owner: user
registered organization: HTB
product id: 55274-643-7213323-23904
original install date: 16/3/2017, 7:32:23 ��
system up time: 0 Days, 0 Hours, 11 Minutes, 38 Seconds
system manufacturer: VMware, Inc.
system model: VMware Virtual Platform
system type: X86-based PC
processor(s): 1 Processor(s) Installed.
[01]: x86 Family 6 Model 85 Stepping 7 GenuineIntel ~2293 Mhz
bios version: INTEL - 6040000
windows directory: C:\WINDOWS
system directory: C:\WINDOWS\system32
boot device: \Device\HarddiskVolume1
system locale: en-us;English (United States)
input locale: en-us;English (United States)
time zone: (GMT+02:00) Athens, Beirut, Istanbul, Minsk
total physical memory: 1.023 MB
available physical memory: 812 MB
virtual memory: Max Size: 2.048 MB
virtual memory: Available: 2.005 MB
virtual memory: In Use: 43 MB
page file location(s): C:\pagefile.sys
domain: HTB
logon server: N/A
hotfix(s): 1 Hotfix(s) Installed.
[01]: Q147222
network card(s): 1 NIC(s) Installed.
[01]: VMware Accelerated AMD PCNet Adapter
connection name: Local Area Connection
dhcp enabled: No
IP address(es)
[01]: 10.10.10.4Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Build 2600
X86-based PC
1 Processor(s)
1 Hotfix(s)
Networks
C:\WINDOWS\system32> netstat -ano
netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 940
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 10.10.10.4:139 0.0.0.0:0 LISTENING 4
TCP 10.10.10.4:1035 10.10.14.2:62000 ESTABLISHED 1024
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING 592
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 704
UDP 0.0.0.0:1025 *:* 1076
UDP 0.0.0.0:4500 *:* 704
UDP 10.10.10.4:123 *:* 1024
UDP 10.10.10.4:137 *:* 4
UDP 10.10.10.4:138 *:* 4
UDP 10.10.10.4:1900 *:* 1132
UDP 127.0.0.1:123 *:* 1024
UDP 127.0.0.1:1026 *:* 1024
UDP 127.0.0.1:1900 *:* 1132127.0.0.1:1027
Users & Groups
c:\WINDOWS\system32> net user
net user
User accounts for \\
-------------------------------------------------------------------------------
Administrator Guest HelpAssistant
john SUPPORT_388945a0
The command completed with one or more errors.Administrator
john
HelpAssistant
SUPPORT_388945a0
c:\WINDOWS\system32> net localgroup
net localgroup
System error 1312 has occurred.
A specified logon session does not exist. It may already have been terminated.Processes
C:\WINDOWS\system32> tasklist /svc
tasklist /svc
Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 560 N/A
csrss.exe 624 N/A
winlogon.exe 648 N/A
services.exe 692 Eventlog, PlugPlay
lsass.exe 704 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 860 DcomLaunch, TermService
svchost.exe 940 RpcSs
svchost.exe 1024 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem, helpsvc, LanmanServer,
lanmanworkstation, Netman, Nla, Schedule,
seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, Themes, TrkWks,
W32Time, winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 1076 Dnscache
svchost.exe 1132 LmHosts, RemoteRegistry, SSDPSRV, WebClient
logonui.exe 1224 N/A
spoolsv.exe 1364 Spooler
VGAuthService.exe 1940 VGAuthService
vmtoolsd.exe 132 VMTools
wmiprvse.exe 472 N/A
alg.exe 592 ALG
cmd.exe 1612 N/A
cmd.exe 1112 N/A
logon.scr 1044 N/A
tasklist.exe 1392 N/A spoolsv.exe
Tasks
c:\WINDOWS\system32> schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
info: There are no scheduled tasks present in the system.Firewall & AV
C:\WINDOWS\system32> netsh firewall show config
netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
3389 TCP Enable Remote Desktop
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable