> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/hack-the-box/academy/windows-fundamentals/skills-assessment-windows-fundamentals.md).

# Skills Assessment - Windows Fundamentals

<figure><img src="/files/ZVdI38jwzwdFuYXWbS1e" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/zVw1Pl7VjvdKDCFrYTNv" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/s6O9s4Umbzn6nSUgLGaG" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/WBxxPtjGjbgtTOrLvyUX" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/PHnAXlyNmc1iwFHGTkof" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/CLeQbvBPSpSJLxpRr6Rm" alt=""><figcaption></figcaption></figure>

10.129.201.211

The cheat sheet is a useful command reference for this module.

| **Command**                                                    | **Description**                                                         |
| -------------------------------------------------------------- | ----------------------------------------------------------------------- |
| `xfreerdp /v:<target IP address> /u:htb-student /p:<password>` | RDP to lab target                                                       |
| `Get-WmiObject -Class win32_OperatingSystem`                   | Get information about the operating system                              |
| `dir c:\ /a`                                                   | View all files and directories in the c:\ root directory                |
| `tree <directory>`                                             | Graphically displaying the directory structure of a path                |
| `tree c:\ /f \| more`                                          | Walk through results of the `tree` command page by page                 |
| `icacls <directory>`                                           | View the permissions set on a directory                                 |
| `icacls c:\users /grant joe:f`                                 | Grant a user full permissions to a directory                            |
| `icacls c:\users /remove joe`                                  | Remove a users' permissions on a directory                              |
| `Get-Service`                                                  | `PowerShell` cmdlet to view running services                            |
| `help <command>`                                               | Display the help menu for a specific command                            |
| `get-alias`                                                    | List `PowerShell` aliases                                               |
| `New-Alias -Name "Show-Files" Get-ChildItem`                   | Create a new `PowerShell` alias                                         |
| `Get-Module \| select Name,ExportedCommands \| fl`             | View imported `PowerShell` modules and their associated commands        |
| `Get-ExecutionPolicy -List`                                    | View the `PowerShell` execution policy                                  |
| `Set-ExecutionPolicy Bypass -Scope Process`                    | Set the `PowerShell` execution policy to bypass for the current session |
| `wmic os list brief`                                           | Get information about the operating system with `wmic`                  |
| `Invoke-WmiMethod`                                             | Call methods of `WMI` objects                                           |
| `whoami /user`                                                 | View the current users' SID                                             |
| `reg query <key>`                                              | View information about a registry key                                   |
| `Get-MpComputerStatus`                                         | Check which `Defender` protection settings are enabled                  |
| `sconfig`                                                      | Load Server Configuration menu in Windows Server Core                   |

<figure><img src="/files/1RF9grumbzQurr7rPzkL" alt=""><figcaption></figcaption></figure>

Above, I used the xfreerdp command to remote into the windows machine.

<figure><img src="/files/uiwyaKn1e5Y7sWwf2DUy" alt=""><figcaption></figcaption></figure>

I created the Company data folder. Right click and select properties.

<figure><img src="/files/50dFednIu42oMSWiTaeJ" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/hnHfWVNjLm7kgp7SWPVU" alt=""><figcaption></figcaption></figure>

Selected the sharing tab. Then selected advanced Sharing button

<figure><img src="/files/VyB7M4WAbVCvadyWlEqY" alt=""><figcaption></figcaption></figure>

Select "Share this folder"

<figure><img src="/files/0AxgGABNqKzjIxf14G7i" alt=""><figcaption></figcaption></figure>

Select apply then ok

<figure><img src="/files/Eq2HjWRJCVTy9TcUZIGd" alt=""><figcaption></figcaption></figure>

Close out of that popup menu and then open up the company data folder

<figure><img src="/files/gzIu6oyJYuzmp64WLZFz" alt=""><figcaption></figcaption></figure>

Created a subfolder named "HR"

<figure><img src="/files/yXHFgmJkZuAvZKI9eVyI" alt=""><figcaption></figcaption></figure>

Search up and open "computer management app"

<figure><img src="/files/h5KjG2S9MNIKXqpFOUyd" alt=""><figcaption></figcaption></figure>

Select local users and groups.&#x20;

<figure><img src="/files/fVY9u1vIL2HjW5rpkyCX" alt=""><figcaption></figcaption></figure>

Right click on users and select "new user".

<figure><img src="/files/ZRHhtCtzqqlOQmnKYT4t" alt=""><figcaption></figcaption></figure>

Type in User name and Full name as "Jim" and uncheck "User must change password at next login" per htb's instructions.

<figure><img src="/files/0uGRyMVBdVTNr8ujM0iK" alt=""><figcaption></figcaption></figure>

Create a password and click create&#x20;

<figure><img src="/files/y1JNF41Ti4IUzOsae53H" alt=""><figcaption></figcaption></figure>

Select the Groups folder in the side panel and create a new group called HR

<figure><img src="/files/NyXX5pWSNRGjST5s2GPv" alt=""><figcaption></figcaption></figure>

Double click on HR and select 'add' and input Jim to the HR group

<figure><img src="/files/qfJO2dOlnNHHPKCtQL6z" alt=""><figcaption></figcaption></figure>

You can type the name in the field and select check names to select the actual user&#x20;

<figure><img src="/files/rlYgKaXlpZW44YxdRNiU" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/FocedJZv314Uuyx6fPa8" alt=""><figcaption></figcaption></figure>

Hit Ok, apply ok, all that.

<figure><img src="/files/KR0CbKSbrD5wnc9DMb8F" alt=""><figcaption></figcaption></figure>

Go back to the company data folder and right click, select properties, sharing tab and then advanced sharing.

<figure><img src="/files/n1AIJAgnw0tuV5seXuqL" alt=""><figcaption></figcaption></figure>

Select Permissions button

<figure><img src="/files/t1UZBsgFOLTBO9GNjLdB" alt=""><figcaption></figcaption></figure>

Remove the 'Everyone' group from the permissions

<figure><img src="/files/dGAaTc23AXOxn7kS9eEO" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/xLuRGaRWNwpyGnNujbzV" alt=""><figcaption></figcaption></figure>

Select 'add'

<figure><img src="/files/GOQkJ6QDYVvQkrrSogP9" alt=""><figcaption></figcaption></figure>

Type 'HR' then hit 'check names' then select ok

<figure><img src="/files/7Mjk9W7nvR7iay7rakCw" alt=""><figcaption></figcaption></figure>

Add change and read permission

<figure><img src="/files/oNOXLhxJQ8YN5SEHhIOy" alt=""><figcaption></figcaption></figure>

Hit apply, and then OK. Go to the security tab in the properties&#x20;

<figure><img src="/files/f8VT1Q8KPLkIr5DPexCj" alt=""><figcaption></figcaption></figure>

Select advanced

<figure><img src="/files/8FhAZKrwo97RAnzLhDZP" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/gCVTEuvu6g4I6U6att3i" alt=""><figcaption></figcaption></figure>

Select disable inheritance

<figure><img src="/files/Y13yZ4Mpukoxp3WgCygY" alt=""><figcaption></figcaption></figure>

Select convert inherited permissions into explicit permissions on this object.

<figure><img src="/files/G1mLgl5DBoK6M3uKanW1" alt=""><figcaption></figcaption></figure>

Someone would select **"Convert inherited permissions into explicit permissions on this object"** when disabling inheritance to maintain the same set of permissions that the object currently has but make them independent of the parent object's permissions. Here's why this might be desirable:

1. **Maintain Existing Permissions:** This option ensures that the current permissions applied to the object remain intact. Disabling inheritance without converting the permissions would otherwise result in losing all inherited permissions, which could inadvertently lock users out or disrupt access control.
2. **Customization:** By converting inherited permissions to explicit permissions, you can modify or fine-tune permissions specific to the object without affecting or being affected by the parent object’s permissions.
3. **Preservation of Access Control:** If permissions were inherited from a parent object and those permissions are needed for the object to function properly or for certain users to retain access, converting them to explicit permissions ensures continuity.
4. **Granular Management:** Once permissions are explicit, they can be adjusted for the specific object without altering permissions of other objects that share the parent’s inheritance.

This is particularly useful in environments where permissions need to be adjusted for individual files, folders, or objects without propagating changes across the entire hierarchy.

<figure><img src="/files/hppZGxwS4bohhZbpU9AU" alt=""><figcaption></figcaption></figure>

hit 'apply' then hit add

<figure><img src="/files/duIZxFkziLYMRZQ4q3mO" alt=""><figcaption></figcaption></figure>

Click on 'select a principal'

<figure><img src="/files/vCpdbgpgy9JfYYe3aehg" alt=""><figcaption></figcaption></figure>

Enter HR in the object name field and then select check names

<figure><img src="/files/ZY6OSAzNdP87sOH6sK9u" alt=""><figcaption></figcaption></figure>

Make sure the basic permissions that are selected are: Modify, Read & execute, List folder contents, Read and Write.

<figure><img src="/files/xOc35FgDBoMPPuF9vf7V" alt=""><figcaption></figcaption></figure>

Hit OK

Select OK in this menu as well:

<figure><img src="/files/Wb8c5peMcYeDE06SDsRA" alt=""><figcaption></figcaption></figure>

Verify permissions for HR:

<figure><img src="/files/UmzC8Nqb9zhe3S3f7FrA" alt=""><figcaption></figcaption></figure>

Select 'close'

Go to the HR subfolder, right click on it and select properties:

<figure><img src="/files/xYf7vEzQ4lWY9I0fxHWh" alt=""><figcaption></figcaption></figure>

In the sharing tab select advanced sharing.

<figure><img src="/files/agtVr7MjLGrlPRWIe9nE" alt=""><figcaption></figcaption></figure>

Whoops, actually back out of that and don't right click on the HR folder, instead right click inside of the company data folder:

<figure><img src="/files/SdgpUogss22RP5lThK89" alt=""><figcaption></figcaption></figure>

Select the sharing tab, then the advanced sharing button and then in the new popup for advanced sharing select permissions

<figure><img src="/files/W2iJXrr7HPqGzpRdT0fY" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/xDXXgTuC8oDOUnkJl6Zh" alt=""><figcaption></figcaption></figure>

The SID changes to HR automatically

<figure><img src="/files/DGF5vE47vTJBVFad0jNf" alt=""><figcaption></figcaption></figure>

Go back to the security tab and select advanced

<figure><img src="/files/4dm5tKVLUkqF0pacSqRh" alt=""><figcaption></figcaption></figure>

Enable and disable inheritance again ( I may be wrong about this step)

<figure><img src="/files/1Di3PuEx2Xza7P4nwLVH" alt=""><figcaption></figcaption></figure>

Hit 'add'&#x20;

Select a principle for permission entry pop up menu

<figure><img src="/files/G9tIaYHuT37Pcsd8mcGv" alt=""><figcaption></figcaption></figure>

Enter 'HR' and select okay... I feel like I already did this...

<figure><img src="/files/pFq3pGCGKT6qHw2tIXqx" alt=""><figcaption></figcaption></figure>

But 'modify' and 'write' permissions are missing for the company data folder. I must have only put the permissions for the 'hr' folder and since I disabled the inheritance I have to also modify these permissions back for the parent folder for anyone in the hr group.

<figure><img src="/files/HM4GT3UmMZkUxoyHgFSv" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/yhnJZObfuvPK89lRGdYD" alt=""><figcaption></figcaption></figure>

Hit okay

Then hit apply and okay

<figure><img src="/files/T90GLCp63F2ZUk6RWHIP" alt=""><figcaption></figcaption></figure>

Basically hit okay for every menu to get out of all menus.

For the following question, What is the name of the group that is present in the Company Data Share Permissions ACL by default, I believe the answer to this is "Everyone"&#x20;

<figure><img src="/files/SIXtuZjl4QnWOVlguzqt" alt=""><figcaption></figcaption></figure>

Yolp. I was correct.

<figure><img src="/files/eCmo9MxrJl2XFyGBy47m" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/KBwzQi56mTIJRp9lv2hd" alt=""><figcaption></figcaption></figure>

The question here is What is the name of the tab that allows you to configure NTFS permissions? I believe the answer is "Security" or "Sharing"

<figure><img src="/files/G5nQN1erBtexwDwya9Lo" alt=""><figcaption></figcaption></figure>

It was Security

The third question is What is the name of the service associated with "Windows Update?"

I ran Get-Service in the powershell and got a list of running services:

<figure><img src="/files/fZhSml4ZrvxWnlbHySmA" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/6FsjluCp52tzuKaJT4SI" alt=""><figcaption></figcaption></figure>

Looks Like I may have gotten lucky, since there is a windows update service running called wuauserv. I will enter that into the question field and see.

<figure><img src="/files/YZyMVze7Gl29tLzwjwhm" alt=""><figcaption></figcaption></figure>

Yep, it was correct.

Next question is List the SID associated with the user account Jim you created.

Whelp... I already forgot about that lol.

Luckily, I did that yesterday, having to look up a user account's sid, so I just looked at my notes from yesterday.

So I copied what I did but with Jim's account name:

Get-WmiObject -Class Win32\_Account -Filter "Name='Jim'"

Which returned the output:

<figure><img src="/files/EgGaS0hr3fnQs0wmmdO7" alt=""><figcaption></figcaption></figure>

The SID is S-1-5-21-2614195641-1726409526-3792725429-1006

<figure><img src="/files/bddz1lUdcU0OHcSdF8nd" alt=""><figcaption></figcaption></figure>

The last question is: List the SID associated with the HR security group you created.

That is going to be a little tough because I am not 100% sure what the class name is for groups

I made a stab in the dark and entered this command into the powershell:

Get-WmiObject -Class Win32\_Group -Filter "Name='HR'"

which actually gave me an output instead of an error so I may have gotten lucky here

<figure><img src="/files/HwaV5EMfS5mNDOs4AsBZ" alt=""><figcaption></figcaption></figure>

Here is the HR group SId apparently:

S-1-5-21-2614195641-1726409526-3792725429-1007

Looks like they accepted my answer

<figure><img src="/files/lrmHGwb2pBp8QBTnQZoR" alt=""><figcaption></figcaption></figure>

Well, there is another command that can show this as well:

<figure><img src="/files/atXsK8X0LLhFXW7PLTHR" alt=""><figcaption></figcaption></figure>

wmic useraccount get name,sid

This is technically easier and simpler I suppose.

The same for groups

<figure><img src="/files/RCPZfYO9UBc9RPldVZg6" alt=""><figcaption></figcaption></figure>

The command:

wmic group get name,sid&#x20;
