概要
TryHackMe「Windows Command Line」のWalkthroughです。
Task1
Q1.What is the default command line interpreter in the Windows environment?
A.cmd.exe
Task2
Q1.What is the OS version of the Windows VM?
ターゲットマシンにSSH接続するとバージョン情報が表示されました。
A.10.0.20348.2655
Q2.What is the hostname of the Windows VM?
hostnameコマンドで確認できます。
user@WINSRV2022-CORE C:\Users\user>hostname
WINSRV2022-CORE
A.WINSRV2022-CORE
Task3
Q1.Which command can we use to look up the server’s physical address (MAC address)?
Hint.Use ipconfig
ipconfig /allコマンドで確認できます。
user@WINSRV2022-CORE C:\Users\user>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WINSRV2022-CORE
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eu-west-1.compute.internal
eu-west-1.ec2-utilities.amazonaws.com
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : eu-west-1.compute.internal
Description . . . . . . . . . . . : Amazon Elastic Network Adapter
Physical Address. . . . . . . . . : 02-3E-68-F3-2B-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a178:2475:f20b:5eb1%5(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.141.194(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Tuesday, January 21, 2025 6:14:53 AM
Lease Expires . . . . . . . . . . : Tuesday, January 21, 2025 7:14:53 AM
Default Gateway . . . . . . . . . : 10.10.0.1
DHCP Server . . . . . . . . . . . : 10.10.0.1
DHCPv6 IAID . . . . . . . . . . . : 84601211
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-B9-B7-EF-00-0C-29-FF-E5-C8
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled
A.ipconfig /all
Q2.What is the name of the process listening on port 3389?
netstatコマンドで確認できます。
user@WINSRV2022-CORE C:\Users\user>netstat -abon
Can not obtain ownership information
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 988
TermService
A.TermService
Q3.What is the subnet mask?
ipconfigコマンドで確認できます。
user@WINSRV2022-CORE C:\Users\user>ipconfig
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : eu-west-1.compute.internal
Link-local IPv6 Address . . . . . : fe80::a178:2475:f20b:5eb1%5
IPv4 Address. . . . . . . . . . . : 10.10.141.194
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.10.0.1
A.255.255.0.0
Task4
Q1.What are the file’s contents in C:\Treasure\Hunt?
C:\Treasure\Hunt\flag.txtの内容を確認します。
user@WINSRV2022-CORE C:\Treasure\Hunt>more flag.txt
THM{CLI_POWER}
A.THM{CLI_POWER}
Task5
Q1.What command would you use to find the running processes related to notepad.exe?
tasklist /fi <filter>でフィルタリングできます。
A.tasklist /FI "imagename eq notepad.exe"
Q2.What command can you use to kill the process with PID 1516?
A.taskkill /PID 1516
Task6
Q1.The command shutdown /s can shut down a system. What is the command you can use to restart a system?
Hint.shutdown /? | more
/rで再起動できます。
user@WINSRV2022-CORE C:\Treasure\Hunt>shutdown /?
/r Full shutdown and restart the computer.
A.shutdown /r
Q2.What command can you use to abort a scheduled system shutdown?
/aで可能です。
/a Abort a system shutdown.
This can only be used during the time-out period.
Combine with /fw to clear any pending boots to firmware.
A.shutdown /a