The video provides a comprehensive walkthrough of the Windows Command Line Room on TryHackMe, aimed at teaching essential Windows command-line skills for system and network management.

Certified Security Blue Team Level 1 Study Notes

CompTIA Security+ SY0-601 Study Notes

Overview

  • Objective: Learn foundational Windows commands to manage system information, networking, and processes.
  • Topics Covered:
    • System information retrieval.
    • Networking configuration and diagnostics.
    • Monitoring and troubleshooting network connections.

Tasks and Commands

1. Retrieving System Information

  • Commands:
    • systeminfo:
      • Displays detailed information about the system, including OS version, processor, BIOS, and network configurations.
    • ver:
      • Provides the Windows version in a concise format.
    • Use Cases:
      • Check system specs.
      • Identify if the machine is virtualized (look for Hyper-V indicators in systeminfo output).
    • Examples:
      • OS Version: Found under OS Version in systeminfo.
      • Hostname: Found under Host Name in systeminfo.

2. Networking Commands

  1. Inspect Network Configuration:
    • ipconfig:
      • Displays IP address, subnet mask, and default gateway.
    • ipconfig /all:
      • Provides detailed information, including DHCP and DNS servers.
    • Example:
      • Default Gateway: Found under Ethernet adapter in ipconfig /all.
  2. Domain Name Lookup:
    • nslookup <domain>:
      • Queries the DNS server to retrieve the IP address of a domain.
    • Example:
      • Query TryHackMe’s IP:
nslookup tryhackme.com

Check Connectivity:

  • ping <domain>:
    • Sends ICMP packets to test if a host is reachable.
    • Note: Some hosts may block ICMP responses, leading to timeouts even if reachable.

Tracing Network Paths:

  • tracert <domain>:
    • Identifies the route packets take to reach a destination.
    • Useful for diagnosing network issues, such as dropped packets or unreachable hosts.

3. Monitoring Network Connections

  1. Netstat Overview:
    • Displays active and listening network connections, including associated processes and ports.
    • Common Flags:
      • -a: Shows all connections and listening ports.
      • -b: Displays processes associated with each connection.
      • -o: Includes process IDs.
      • -n: Shows numerical addresses instead of resolving names.
    • Example:
      • Identify a listening process:
netstat -aon
  1. Analyzing Output:
    • Local Address: The machine’s IP address and port.
    • Foreign Address: The remote host’s IP address and port.
    • Process ID: Useful for linking connections to specific processes.
  2. Practical Use Case:
    • Identify malicious activity:
      • Look for unfamiliar listening ports or connections to suspicious foreign addresses.
      • Use the process ID to correlate with running tasks.

Practical Exercises

  1. Finding System Information:
    • Question: What is the OS version?
      • Use systeminfo or ver.
    • Question: What is the hostname?
      • Found under Host Name in systeminfo.
  2. Networking:
    • Question: What is the gateway IP?
      • Use ipconfig /all and check the Default Gateway.
  3. Network Monitoring:
    • Question: Which process is listening on port 3389?
      • Use netstat -b and identify TermService as the process on port 3389 (RDP service).

Key Takeaways

  • System Management:
    • The systeminfo and ver commands are powerful tools for gathering system specifications quickly.
  • Network Diagnostics:
    • Tools like ipconfig, nslookup, and ping help troubleshoot network connectivity issues.
  • Security Insights:
    • Use netstat to monitor network activity and identify potential malicious processes.

Let me know if you need more details or assistance with specific commands!

Windows Command Line Basics | TryHackMe Room Answers

What is the OS version of the Windows VM?
10.0.20348.2655
What is the hostname of the Windows VM?
WINSRV2022-CORE

Which command can we use to look up the server’s physical address (MAC address)?
ipconfig /all
What is the name of the process listening on port 3389?
TermService
What is the IP address of your gateway?
10.10.0.1

What are the file’s contents in C:\Treasure\Hunt?
THM{CLI_POWER}

What command would you use to find the running processes related to notepad.exe?
tasklist /FI “imagename eq notepad.exe”
What command can you use to kill the process with PID 1516?
taskkill /PID 1516

The command shutdown /s can shut down a system. What is the command you can use to restart a system?
shutdown /r
What command can you use to abort a scheduled system shutdown?
shutdown /a

Video Walkthrough

, ,
Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles