System/Kernel
ps c:\Users\kostas\Desktop> systeminfo
host name: OPTIMUM
os name: Microsoft Windows Server 2012 R2 Standard
os version: 6.3.9600 N/A Build 9600
os manufacturer: Microsoft Corporation
os configuration: Standalone Server
os build type: Multiprocessor Free
registered owner: Windows User
registered organization:
product id: 00252-70000-00000-AA535
original install date: 18/3/2017, 1:51:36 ??
system boot time: 20/1/2023, 10:16:53 ??
system manufacturer: VMware, Inc.
system model: VMware Virtual Platform
system type: x64-based PC
processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
bios version: Phoenix Technologies LTD 6.00, 12/12/2018
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume1
system locale: el;Greek
input locale: en-us;English (United States)
time zone: (UTC+02:00) Athens, Bucharest
total physical memory: 4.095 MB
available physical memory: 3.495 MB
virtual memory: Max Size: 5.503 MB
virtual memory: Available: 4.695 MB
virtual memory: In Use: 808 MB
page file location(s): C:\pagefile.sys
domain: HTB
logon server: \\OPTIMUM
hotfix(s): 31 Hotfix(s) Installed.
[01]: KB2959936
[02]: KB2896496
[03]: KB2919355
[04]: KB2920189
[05]: KB2928120
[06]: KB2931358
[07]: KB2931366
[08]: KB2933826
[09]: KB2938772
[10]: KB2949621
[11]: KB2954879
[12]: KB2958262
[13]: KB2958263
[14]: KB2961072
[15]: KB2965500
[16]: KB2966407
[17]: KB2967917
[18]: KB2971203
[19]: KB2971850
[20]: KB2973351
[21]: KB2973448
[22]: KB2975061
[23]: KB2976627
[24]: KB2977629
[25]: KB2981580
[26]: KB2987107
[27]: KB2989647
[28]: KB2998527
[29]: KB3000850
[30]: KB3003057
[31]: KB3014442
network card(s): 1 NIC(s) Installed.
[01]: Intel(R) 82574L Gigabit Network Connection
connection name: Ethernet0
dhcp enabled: No
IP address(es)
[01]: 10.10.10.8
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.Microsoft Windows Server 2012 R2 Standard
6.3.9600 N/A Build 9600
x64-based PC
A whole LOT of hotfixes
Networks
PS C:\Users\kostas\Desktop> netstat -ano -p tcp
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 2696
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 576
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 388
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 728
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 304
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 480
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 488
TCP 10.10.10.8:139 0.0.0.0:0 LISTENING 4
TCP 10.10.10.8:49166 10.10.14.6:9999 ESTABLISHED 2420These ports were not open during the Recon
135
139
445
5985
Users & Groups
ps c:\Users\kostas\Desktop> net user
User accounts for \\OPTIMUM
-------------------------------------------------------------------------------
Administrator Guest kostas
The command completed successfully.ps c:\Users\kostas\Desktop> net localgroup
Aliases for \\OPTIMUM
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Certificate Service DCOM Access
*Cryptographic Operators
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Print Operators
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Users
*WinRMRemoteWMIUsers__
The command completed successfully.A none default group
WinRMRemoteWMIUsers__
Processes
PS C:\Users\kostas\Desktop> ps
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
57 7 1808 5032 0 0,03 2628 conhost
279 10 1804 3900 42 332 csrss
173 12 1900 8516 48 396 csrss
194 13 3268 10712 0 1412 dllhost
178 16 13384 22968 0 672 dwm
1002 52 27760 60348 0 1,22 2160 explorer
254 20 8756 17284 114 2,47 2696 hfs
0 0 0 4 0 0 Idle
650 18 3620 9024 0 488 lsass
120 14 3916 9260 96 1048 ManagementAgentHost
161 12 2436 7256 0 1588 msdtc
445 30 50452 56796 274 4,27 2420 powershell
189 9 1980 5080 0 480 services
52 3 304 1028 5 228 smss
375 20 3412 9384 0 304 spoolsv
336 14 3108 9648 0 548 svchost
309 15 2684 6536 0 576 svchost
422 16 11792 14240 0 660 svchost
1071 40 14336 26516 0 728 svchost
258 18 8604 14908 0 740 svchost
716 24 5376 10988 0 772 svchost
555 33 7088 15772 0 836 svchost
362 33 9436 11440 0 968 svchost
104 8 1568 4920 0 1216 svchost
597 0 108 284 3 4 System
163 11 1604 6200 0 0,03 668 taskhostex
127 11 4356 10572 68 380 VGAuthService
320 23 7676 17688 90 1032 vmtoolsd
172 17 3424 10712 96 0,30 2612 vmtoolsd
80 8 740 3696 0 388 wininit
150 8 1364 6356 0 424 winlogon
198 11 9244 12628 0 276 WmiPrvSE
275 15 6876 12812 0 1652 WmiPrvSEexplorer is open
Tasks
ps c:\Users\kostas\Desktop> schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
Optimize Start Menu Cache Files-S-1-5-21 N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SmartScreenSpecific N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
microsoft compatibility appraiser 21/1/2023 1:48:20 ?? Ready
ProgramDataUpdater N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UserTask N/A Ready
UserTask-Roam N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 20/1/2023 6:00:00 ?? Ready
KernelCeipTask N/A Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
data integrity scan 18/2/2023 8:37:07 ?? Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Metadata Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SQM data sender N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
BindingWorkItemQueueHandler N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Reboot Required N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
RacTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
RegIdleBackup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SvcRestartTaskLogon N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Interactive N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Idle Maintenance N/A Disabled
Manual Maintenance N/A Ready
regular maintenance 21/1/2023 2:04:34 ?? Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Running
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ResolutionHost N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AUFirmwareInstall N/A Disabled
AUScheduledInstall N/A Disabled
AUSessionConnect N/A Disabled
Scheduled Start N/A Ready
Scheduled Start With Network N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Workplace-Join N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
WSTask N/A Ready Firewall & AV
PS C:\Users\kostas\Desktop> PS C:\Users\kostas\Desktop> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
80 TCP Enable Inbound HFS
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable Yes Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
80 TCP Enable Inbound HFS
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .Installed .NET Frameworks
ps c:\Users\kostas\Desktop> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0