Learn Windows Command Line Basics | TryHackMe Walkthrough

The post provides a comprehensive walkthrough of the Windows Command Line Room on TryHackMe, aimed at teaching essential Windows command-line skills for system and network management.

Certified Security Blue Team Level 1 Study Notes

CompTIA Security+ SY0-601 Study Notes

Overview

• Objective: Learn foundational Windows commands to manage system information, networking, and processes.

Topics Covered:

• System information retrieval.
• Networking configuration and diagnostics.
• Monitoring and troubleshooting network connections.

Tasks and Commands

1. Retrieving System Information

Commands:

• systeminfo:
• Displays detailed information about the system, including OS version, processor, BIOS, and network configurations.
• ver:
• Provides the Windows version in a concise format.

Use Cases:

• Check system specs.
• Identify if the machine is virtualized (look for Hyper-V indicators in systeminfo output).

Examples:

• OS Version: Found under OS Version in systeminfo.
• Hostname: Found under Host Name in systeminfo.

2. Networking Commands

Inspect Network Configuration:

• ipconfig:
• Displays IP address, subnet mask, and default gateway.
• ipconfig /all:
• Provides detailed information, including DHCP and DNS servers.

Example:

• Default Gateway: Found under Ethernet adapter in ipconfig /all.

Domain Name Lookup:

• nslookup <domain>:
• Queries the DNS server to retrieve the IP address of a domain.

Example:

• Query TryHackMe’s IP:

nslookup tryhackme.com

Check Connectivity:

• ping <domain>:
• Sends ICMP packets to test if a host is reachable.
• Note: Some hosts may block ICMP responses, leading to timeouts even if reachable.

Tracing Network Paths:

• tracert <domain>:
• Identifies the route packets take to reach a destination.
• Useful for diagnosing network issues, such as dropped packets or unreachable hosts.

3. Monitoring Network Connections

Netstat Overview:

• Displays active and listening network connections, including associated processes and ports.

Common Flags:

• -a: Shows all connections and listening ports.
• -b: Displays processes associated with each connection.
• -o: Includes process IDs.
• -n: Shows numerical addresses instead of resolving names.

Example:

• Identify a listening process:

netstat -aon

Analyzing Output:

• Local Address: The machine’s IP address and port.
• Foreign Address: The remote host’s IP address and port.
• Process ID: Useful for linking connections to specific processes.

Practical Use Case:

• Identify malicious activity:
• Look for unfamiliar listening ports or connections to suspicious foreign addresses.
• Use the process ID to correlate with running tasks.

Practical Exercises

Finding System Information:

Question: What is the OS version?

• Use systeminfo or ver.

Question: What is the hostname?

• Found under Host Name in systeminfo.

Networking:

Question: What is the gateway IP?

• Use ipconfig /all and check the Default Gateway.

Network Monitoring:

Question: Which process is listening on port 3389?

• Use netstat -b and identify TermService as the process on port 3389 (RDP service).

Key Takeaways

System Management:

• The systeminfo and ver commands are powerful tools for gathering system specifications quickly.

Network Diagnostics:

• Tools like ipconfig, nslookup, and ping help troubleshoot network connectivity issues.

Security Insights:

• Use netstat to monitor network activity and identify potential malicious processes.

Let me know if you need more details or assistance with specific commands!

Room answers

Room answers can be found here.

Video Walkthrough