System/Kernel
ps c:\inetpub\streamio.htb\admin> systeminfo ; Get-ComputerInfo
host name: DC
os name: Microsoft Windows Server 2019 Standard
os version: 10.0.17763 N/A Build 17763
os manufacturer: Microsoft Corporation
os configuration: Primary Domain Controller
os build type: Multiprocessor Free
registered owner: Windows User
registered organization:
product id: 00429-00521-62775-AA153
original install date: 2/22/2022, 1:32:35 AM
system boot time: 11/13/2023, 9:18:41 PM
system manufacturer: VMware, Inc.
system model: VMware7,1
system type: x64-based PC
processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel ~2295 Mhz
bios version: VMware, Inc. VMW71.00V.16707776.B64.2008070230, 8/7/2020
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume2
system locale: en-us;English (United States)
input locale: en-us;English (United States)
time zone: (UTC-08:00) Pacific Time (US & Canada)
total physical memory: 4,095 MB
available physical memory: 2,649 MB
virtual memory: Max Size: 5,055 MB
virtual memory: Available: 3,483 MB
virtual memory: In Use: 1,572 MB
page file location(s): C:\pagefile.sys
domain: streamIO.htb
logon server: N/A
hotfix(s): N/A
network card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
connection name: Ethernet0 2
dhcp enabled: No
IP address(es)
[01]: 10.10.11.158
[02]: fe80::59b8:1082:6853:8e9
[03]: dead:beef::59b8:1082:6853:8e9
[04]: dead:beef::243
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
windowsbuildlabex : 17763.1.amd64fre.rs5_release.180914-1434
windowscurrentversion : 6.3
windowseditionid : ServerStandard
windowsinstallationtype : Server
windowsinstalldatefromregistry : 2/22/2022 9:32:35 AM
windowsproductid : 00429-00521-62775-AA153
windowsproductname : Windows Server 2019 Standard
windowsregisteredorganization :
windowsregisteredowner : Windows User
windowssystemroot : C:\Windows
windowsversion : 1809
osserverlevel : FullServer
timezone : (UTC-08:00) Pacific Time (US & Canada)
powerplatformrole : Desktop
deviceguardsmartstatus : OffMicrosoft Windows Server 2019 Standard
10.0.17763 N/A Build 17763
x64
Networks
PS C:\inetpub\streamio.htb\admin> ipconfig /all ; arp -a
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC
Primary Dns Suffix . . . . . . . : streamIO.htb
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : streamIO.htb
htb
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . : htb
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-B9-37-18
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : dead:beef::243(Preferred)
Lease Obtained. . . . . . . . . . : Monday, November 13, 2023 9:18:59 PM
Lease Expires . . . . . . . . . . : Tuesday, November 14, 2023 11:19:00 AM
IPv6 Address. . . . . . . . . . . : dead:beef::59b8:1082:6853:8e9(Preferred)
Link-local IPv6 Address . . . . . : fe80::59b8:1082:6853:8e9%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.11.158(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::250:56ff:feb9:d784%12
10.10.10.2
DHCPv6 IAID . . . . . . . . . . . : 117461078
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-E4-BB-99-00-50-56-B9-37-18
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
htb
Interface: 10.10.11.158 --- 0xc
Internet Address Physical Address Type
10.10.10.2 00-50-56-b9-d7-84 dynamic
10.10.11.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static dead:beef::59b8:1082:6853:8e9
PS C:\inetpub\streamio.htb\admin> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 892
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 892
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 3612
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 2652
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 492
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1144
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1596
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49674 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49685 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:49695 0.0.0.0:0 LISTENING 2876
TCP 0.0.0.0:58528 0.0.0.0:0 LISTENING 2796
TCP 10.10.11.158:53 0.0.0.0:0 LISTENING 2876
TCP 10.10.11.158:139 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 2876
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:88 [::]:0 LISTENING 632
TCP [::]:135 [::]:0 LISTENING 892
TCP [::]:389 [::]:0 LISTENING 632
TCP [::]:443 [::]:0 LISTENING 4
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:464 [::]:0 LISTENING 632
TCP [::]:593 [::]:0 LISTENING 892
TCP [::]:636 [::]:0 LISTENING 632
TCP [::]:1433 [::]:0 LISTENING 3612
TCP [::]:3268 [::]:0 LISTENING 632
TCP [::]:3269 [::]:0 LISTENING 632
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:9389 [::]:0 LISTENING 2652
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 492
TCP [::]:49665 [::]:0 LISTENING 1144
TCP [::]:49666 [::]:0 LISTENING 1596
TCP [::]:49667 [::]:0 LISTENING 632
TCP [::]:49673 [::]:0 LISTENING 632
TCP [::]:49674 [::]:0 LISTENING 632
TCP [::]:49685 [::]:0 LISTENING 620
TCP [::]:49695 [::]:0 LISTENING 2876
TCP [::]:58528 [::]:0 LISTENING 2796
TCP [::1]:53 [::]:0 LISTENING 2876
TCP [dead:beef::243]:53 [::]:0 LISTENING 2876
TCP [dead:beef::59b8:1082:6853:8e9]:53 [::]:0 LISTENING 2876
TCP [fe80::59b8:1082:6853:8e9%12]:53 [::]:0 LISTENING 28760.0.0.0:1433
Users & Groups
ps c:\inetpub\streamio.htb\admin> NET user ; NET users /DOMAIN
User accounts for \\DC
-------------------------------------------------------------------------------
Administrator Guest JDgodd
krbtgt Martin nikk37
yoshihide
The command completed successfully.
User accounts for \\DC
-------------------------------------------------------------------------------
Administrator Guest JDgodd
krbtgt Martin nikk37
yoshihide
The command completed successfully.
ps c:\inetpub\streamio.htb\admin> ls C:\Users
directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 2/22/2022 2:48 AM .NET v4.5
d----- 2/22/2022 2:48 AM .NET v4.5 Classic
d----- 2/26/2022 10:20 AM Administrator
d----- 5/9/2022 5:38 PM Martin
d----- 2/26/2022 9:48 AM nikk37
d-r--- 2/22/2022 1:33 AM Public nikk37
JDgodd
Martin
ps c:\inetpub\streamio.htb\admin> NET localgroup ; NET groups /DOMAIN
Aliases for \\DC
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Account Operators
*Administrators
*Allowed RODC Password Replication Group
*Backup Operators
*Cert Publishers
*Certificate Service DCOM Access
*Cryptographic Operators
*Denied RODC Password Replication Group
*Distributed COM Users
*DnsAdmins
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Incoming Forest Trust Builders
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Pre-Windows 2000 Compatible Access
*Print Operators
*RAS and IAS Servers
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Server Operators
*SQLServer2005SQLBrowserUser$DC
*Storage Replica Administrators
*Terminal Server License Servers
*Users
*Windows Authorization Access Group
The command completed successfully.
Group Accounts for \\DC
-------------------------------------------------------------------------------
*Cloneable Domain Controllers
*CORE STAFF
*DnsUpdateProxy
*Domain Admins
*Domain Computers
*Domain Controllers
*Domain Guests
*Domain Users
*Enterprise Admins
*Enterprise Key Admins
*Enterprise Read-only Domain Controllers
*Group Policy Creator Owners
*Key Admins
*Protected Users
*Read-only Domain Controllers
*Schema Admins
The command completed successfully.SQLServer2005SQLBrowserUser$DC
CORE STAFF
Processes
PS C:\inetpub\streamio.htb\admin> ps
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
76 5 2264 3668 0.00 1448 0 cmd
79 5 2300 3932 0.03 1936 0 cmd
129 8 6444 11016 0.30 2232 0 conhost
532 19 2288 5432 376 0 csrss
171 13 1696 4816 484 1 csrss
394 33 16944 23848 2796 0 dfsrs
178 11 2396 7660 2936 0 dfssvc
256 14 3980 13548 3800 0 dllhost
10380 7392 130808 128408 2876 0 dns
526 22 23436 42264 1012 1 dwm
48 6 1528 3964 2612 0 fontdrvhost
48 6 1700 4232 2620 1 fontdrvhost
0 0 56 8 0 0 Idle
135 12 1972 5768 2888 0 ismserv
469 27 11000 48964 4888 1 LogonUI
1932 164 77804 70072 632 0 lsass
698 30 38484 48912 2652 0 Microsoft.ActiveDirectory.WebServices
225 13 3212 10396 3928 0 msdtc
283 23 8520 22420 0.05 5852 0 php-cgi
672 27 63796 73724 1.59 1264 0 powershell
0 13 436 12340 88 0 Registry
596 14 5864 13440 620 0 services
53 3 500 1140 292 0 smss
728 31 49780 60092 3572 0 sqlceip
812 57 439544 321232 3612 0 sqlservr
139 9 1864 7792 2960 0 sqlwriter
274 13 3756 11260 60 0 svchost
188 11 1844 8268 476 0 svchost
119 14 3132 7224 756 0 svchost
135 7 1224 5888 768 0 svchost
206 12 1740 7308 800 0 svchost
86 5 908 3888 832 0 svchost
739 16 5296 14524 856 0 svchost
626 19 3936 10456 892 0 svchost
233 10 1728 6940 932 0 svchost
211 9 2352 7824 1064 0 svchost
247 14 3272 9304 1112 0 svchost
353 13 11896 16260 1144 0 svchost
401 32 10640 18680 1256 0 svchost
370 19 5260 13468 1268 0 svchost
301 18 4140 14972 1360 0 svchost
237 12 2564 11724 1400 0 svchost
430 9 2720 9036 1416 0 svchost
118 7 1212 5692 1432 0 svchost
322 10 2452 8564 1532 0 svchost
133 9 1336 5872 1540 0 svchost
363 18 4984 14572 1596 0 svchost
316 13 2120 9020 1636 0 svchost
182 11 1992 8184 1712 0 svchost
140 9 1548 6852 1824 0 svchost
154 8 2048 7436 1844 0 svchost
219 12 2264 9396 1952 0 svchost
179 9 1728 8384 1992 0 svchost
415 16 13552 22980 2040 0 svchost
462 18 3448 12032 2132 0 svchost
168 10 2104 13056 2172 0 svchost
246 15 5380 12708 2348 0 svchost
207 11 2324 8532 2484 0 svchost
173 12 3940 11204 2644 0 svchost
112 7 1152 5484 2696 0 svchost
126 7 1256 5728 2712 0 svchost
181 22 2520 10008 2736 0 svchost
412 20 19932 33316 2812 0 svchost
239 13 2888 11196 2856 0 svchost
324 14 4640 12216 2868 0 svchost
135 9 1644 6692 2900 0 svchost
138 8 1508 6244 2992 0 svchost
165 9 3060 7788 3088 0 svchost
220 12 2076 7584 3108 0 svchost
254 10 5864 11476 3852 0 svchost
407 26 3684 13312 4788 0 svchost
149 9 1776 6848 4900 0 svchost
189 15 6052 10264 5232 0 svchost
318 16 16148 17776 5308 0 svchost
328 20 9608 16540 5476 0 svchost
229 12 2644 12388 5612 0 svchost
394 19 27196 44372 5668 0 svchost
169 11 2380 13280 5716 0 svchost
1561 0 192 108 4 0 System
213 16 2492 10684 3536 0 vds
174 11 2928 11160 3064 0 VGAuthService
137 9 1700 7444 648 1 vm3dservice
148 8 1704 7228 2096 0 vm3dservice
141 10 1796 7692 3144 1 vm3dservice
405 22 11328 23704 2276 0 vmtoolsd
285 27 8336 18308 0.11 3424 0 w3wp
173 11 1496 6912 492 0 wininit
244 12 2736 18616 548 1 winlogon
402 20 26300 37264 3700 0 WmiPrvSE sqlservr
sqlceip
sqlwriter
Services
ps c:\inetpub\streamio.htb\admin> Get-Service | Where-Object {$_.Status -eq "Running"}
get-service : Cannot open Service Control Manager on computer '.'. This operation might require other privileges.
at line:1 char:1
+ Get-Service | Where-Object {$_.Status -eq "Running"}
+ ~~~~~~~~~~~
+ categoryinfo : NotSpecified: (:) [Get-Service], InvalidOperationException
+ fullyqualifiederrorid : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetServiceCommand
ps c:\inetpub\streamio.htb\admin> cmd /c sc query
[sc] openscmanager failed 5:
Access is denied.Tasks
PS C:\inetpub\streamio.htb\admin> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
PS C:\inetpub\streamio.htb\admin> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Server Initial Configuration Task N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 11/15/2023 3:05:34 AM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 11/14/2023 12:00:00 PM Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Scan 11/19/2023 6:51:22 AM Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Device 11/15/2023 4:15:58 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
DXGIAdapterCache N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
StorageCardEncryption Task N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 11/14/2023 6:26:07 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates N/A Disabled
ScanForUpdatesAsUser N/A Disabled
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Disabled
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 11/14/2023 11:19:12 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start 11/14/2023 9:17:37 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Ready
Recovery-Check N/A Disabled Firewall & AV
ps c:\inetpub\streamio.htb\admin> netsh firewall show config
domain profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
service configuration for domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
allowed programs configuration for domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
port configuration for domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
standard profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
service configuration for standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable Yes Network Discovery
allowed programs configuration for standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
enable inbound firefox (c:\Program Files (x86)\Mozilla Firefox) / C:\Program Files (x86)\Mozilla Firefox\firefox.exe
port configuration for standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
log configuration:
-------------------------------------------------------------------
file location = c:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
important: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .No FW
ps c:\inetpub\streamio.htb\admin> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
amengineversion : 0.0.0.0
amproductversion : 4.18.2203.5
amrunningmode : Not running
amserviceenabled : False
amserviceversion : 0.0.0.0
antispywareenabled : False
antispywaresignatureage : 4294967295
antispywaresignaturelastupdated :
antispywaresignatureversion : 0.0.0.0
antivirusenabled : False
antivirussignatureage : 4294967295
antivirussignaturelastupdated :
antivirussignatureversion : 0.0.0.0
behaviormonitorenabled : False
computerid : A56256A7-790A-4EF9-91B1-60039E7B5BEB
computerstate : 0
defendersignaturesoutofdate : False
devicecontroldefaultenforcement : N/A
devicecontrolpolicieslastupdated : 12/31/1600 4:00:00 PM
devicecontrolstate : N/A
fullscanage : 4294967295
fullscanendtime :
fullscanoverdue : False
fullscanrequired : False
fullscansignatureversion :
fullscanstarttime :
ioavprotectionenabled : False
istamperprotected : False
isvirtualmachine : True
lastfullscansource : 0
lastquickscansource : 0
nisenabled : False
nisengineversion : 0.0.0.0
nissignatureage : 4294967295
nissignaturelastupdated :
nissignatureversion : 0.0.0.0
onaccessprotectionenabled : False
productstatus : 1
quickscanage : 4294967295
quickscanendtime :
quickscanoverdue : False
quickscansignatureversion :
quickscanstarttime :
realtimeprotectionenabled : False
realtimescandirection : 0
rebootrequired : False
tamperprotectionsource : N/A
tdtmode : N/A
tdtstatus : N/A
tdttelemetry : N/A
pscomputername :
exclusionpath : {N/A: Must be and administrator to view exclusions}No AV
Session Architecture
PS C:\inetpub\streamio.htb\admin> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
ps c:\inetpub\streamio.htb\admin> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is A381-2B63
directory of c:\Windows\Microsoft.NET\Framework
09/14/2018 11:19 PM <DIR> .
09/14/2018 11:19 PM <DIR> ..
09/14/2018 11:19 PM <DIR> v1.0.3705
09/14/2018 11:19 PM <DIR> v1.1.4322
09/14/2018 11:19 PM <DIR> v2.0.50727
11/13/2023 09:29 PM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 7,178,162,176 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
smsvchostpath reg_sz c:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
installpath reg_sz c:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
installpath reg_sz c:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.7.03190