Tryhackme:Intro to Windows

A little history:

Windows history:

On November 20, 1985 Microsoft announced its operating system named Windows which was a graphical operating system shell as a response to growing GUIs (graphical user interfaces). At the moment Windows dominates the word of computers with around 90% market share and it overtook Apple (Mac OS) which was introduced in 1984.

Windows versions:

  1. Windows 1
  2. Windows 2
  3. Windows 2.x
  4. Windows 3.x
  5. Windows 95
  6. Windows 98
  7. Windows NT
  8. Windows XP
  9. Windows Vista
  10. Windows 7
  11. Windows 8.x
  12. Windows 10

Windows server versions:

  1. Windows Server 2003
  2. Windows Server 2008
  3. Windows Server 2012 / 2012 R2
  4. Windows Server 2016
  5. Windows Server 2019

Windows file system and permissions explained:

What is the file system?

It is the method and data structure that an operating system uses to keep track of files on a disk or partition. Without a file system, the information saved in a storage media would be one large body of data with no way to tell where the information begins and ends.

Windows file system structure is:

  • Logical drives (Ex: Local Disk C)
  • Folders (these are the folders that come by default. Ex: Documents, Downloads, Music)
  • Files
  • PerfLogs
  • Program Files
  • Program Files (x86)
  • Users
  • Windows
  1. PerfLogs — Stores the system issues and other reports regarding performance
  2. Program Files and Program Files (x86) — Is the location where programs install unless you change their path (Ex: Choosing to install software on D drive)
  3. Users — In this folder are stored the users created. It also stores users generated data (Ex: Saving a file on your Desktop)
  4. Windows — It’s the folder which basically contains the code to run the operating system and some utility tools (we’ll talk about them later)
  • Users
  • Groups
  • Full control
  • Modify
  • Read & execute
  • List folders content
  • Read
  • Write
  • Special permissions

Understanding the authentication process:

What is authentication?

Authentication is a process for verifying the identity of a person (or an object or a service). When you authenticate a person, the goal is to verify that the person is not an imposter.

Local authentication

Local authentication is done using the Local Security Authority (LSA). LSA is a protected subsystem that keeps track of the security policies and the accounts that are on a computer system. It also maintains information about all aspects of local security on a computer.

  • On-Premise Active Directory (AD)
  • Azure Active Directory (AAD)

Authentication on On-Premise Active Directory

  • NTLM
  • LDAP / LDAPS
  • KERBEROS

NTLM / NTLM 2

NTLM uses a challenge-response sequence of messages between a client and a server system. NTLM provides authentication based on a challenge-response authentication scheme. It does not provide data integrity or data confidentiality protection for the authenticated network connection.

LDAP / LDAPS

The main difference between LDAP and LDAPS is that LDAPS support encryption and therefore the credentials are not sent in plain text across the network.

The procedure is similar to the image below:

KERBEROS

Another way to authenticate is using Kerberos. Kerberos uses symmetric-key cryptography and requires trusted third-party authorization to verify user identities. The authentication process is similar to the one below:

Authentication on Azure Active Directory

  • SAML (Security Assertion Markup Language)
  • OAUTH 2.0
  • OpenID Connect

SAML (Security Assertion Markup Language)

Security Assertion Markup Language (SAML) is a type of Single Sign-On (SSO) standard. It defines a set of rules/protocols that allow users to access web applications with a single login. This is possible because those applications (referred to as “Service Providers”) all trust the systems that verify users’ identities (referred to as “Identity Providers”).

OAUTH 2.0

OAuth 2.0 is a standard that apps use to provide client applications with access.

OAuth 2.0 spec has four important roles:

  • The authorization server, which is the server that issues the access token.
  • The resource owner, normally your application’s end-user, that grants permission to access the resource server with an access token.
  • The client, which is the application that requests the access token, and then passes it to the resource server.
  • The resource server, which accepts the access token and must verify that it is valid. In this case, this is your application.

OpenID Connect

OpenID Connect is an authentication standard built on top of OAuth 2.0. It adds an additional token called an ID token.

Utility tools:

Built-in utility tools

Windows comes with a variety of utility tools. Some of them are:

  • Computer Management
  • Local Security Policy
  • Disk Cleanup
  • Registry Editor
  • Command-line tools
  • Registry Editor (Regedit)

Computer Management

Computer Management contains more tools such as:

  • Task Scheduler
  • Event Viewer
  • Shared Folders
  • Local users & computers
  • Performance Monitor
  • Disk Management
  • Services & Applications

Registry Editor

The Windows registry database stores many important operating system settings. For example, it contains entries with information about what should happen when double-clicking a particular file type or how wide the taskbar should be. Built-in and inserted hardware also stores information in the registry when the driver is installed; this driver is called up every time the system is booted up.

Command-line tools

Windows comes equipped with two command-line tools:

  • CMD
  • Powershell
  • Windows Terminal

Registry Editor

Registry Editor can be considered a database that contains low-level settings for Microsoft Windows settings and applications. The registries are structured as follows:

  • HKEY_CLASSES_ROOT
  • HKEY_CURRENT_USER
  • HKEY_LOCAL_MACHINE
  • HKEY_USERS
  • HKEY_CURRENT_CONFIG

Types of servers:

What is a server?

A server is a piece of hardware or software equipment that provides functionality for other softwares or devices.

Types of servers

Servers can be used for a variety of actions or things. The most common ones are:

  • Domain Controller
  • File server
  • Web server
  • FTP Server
  • Mail Server
  • Database Server
  • Proxy Server
  • Application Server

Users and Groups Management:

Users and Groups Management in Active Directory

Deploy the machine and authenticate using RDP (on Windows) or Remmina/Xfreerdp (on Linux) with the user: Administrator:tryhackme123!

  1. Right-clicking a user > Add to a group

Creating your first GPO:

What is Group Policy Objects?

A GPO or a Group Policy Object is a feature of Active Directory that adds additional controls to user accounts and computers.

Creating our first GPO

To create a GPO we need to go to Tools > Group Policy Management inside the Server Manager.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
jagadeesh

jagadeesh

16 Followers

CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics