In this article, I will be providing a walkthrough to the lovely room provided by TryHackMe known as Windows Fundamentals 2.
It is part of 3 courses covering Windows Fundamentals and it is very enjoyable to go through and part of the Pre Security Learning path.
Prerequisites:
- Access to Internet and logging in to your TryHackMe account
- Access the room found here:
Part 1: Introduction
- At this part, just click on Start Machine colored as green to launch the Windows Machine that we can access.
- From here, you can opt to access the system easily by selecting Start Attack Box located at the top of the page in blue as seen below.
- Another method is using Remote Desktop Connection and OpenVPN.
- Install OpenVPN by following the instructions provided by TryHackMe. This can be found in the room:
- Using the Start Menu search bar, launch RDP (Remote Desktop Connection)
- Connect to the machine by providing the IP address generated and the login credentials
- Either method should allow you to access a desktop similar to the one below.
- Now just select the green button found in the section of Answer the questions below before proceeding to task 2. It should appear as below after being clicked.
Part 2: System Configuration
- The system configuration will be the main tool being used for this exercise and most of the information has been provided and nicely detailed by TryHackMe already.
- In this section, after reading the provided information on the page and trying to experiment with the different features by yourself, the answer for the questions will be as seen below
- What is the name of the service that lists Systems Internals as the manufacturer?
- For this section, I navigated to the Services tab of System Configuration and clicked on Manufacturer to order the list.
- Scroll down and just find the Service with Systems Internals as the manufucturer.
Answer: PsShutdown
2. Whom is the Windows license registered to?
- For this question, navigate to the Tools tab and select About Windows and Launch it
- You can then see the license owner at the bottom of the page.
Answer: Windows User
3. What is the command for Windows Troubleshooting?
- For this question, Just go to Windows Troubleshooting under tools and copy paste the whole command located at the box at the bottom.
Answer: C:\Windows\System32\control.exe /name Microsoft.Troubleshooting
4. What command will open the Control Panel? (The answer is the name of .exe, not the full path)
- For this section, you can scroll through the various commands checking for the one similar to Control Panel.
- Upon examining, you can see System Properties has a command that might be for launching the Control Panel and navigating to the System Properties section of Control Panel.
- Hence from this, we can extract the command to launch the Control Panel
Answer: control.exe
Part 3: Change UAC Settings
- After going through the TryHackMe’s detailed explanation, you can find only one question for this section:
- What is the command to open User Account Control Settings? (The answer is the name of the .exe file, not the full path)
- For this question, navigate to the Tools tab and select Change UAC Settings and the command is found at the bottom
Answer: UserAccountControlSettings.exe
Part 4: Computer Management
- After going through the TryHackMe’s detailed explanation, you can find the questions below:
- What is the command to open Computer Management? (The answer is the name of the .msc file, not the full path)
- For this question, navigate to the Tools tab and select Computer Management and the command is found at the bottom
Answer: compmgmt.msc
2. At what time every day is the GoogleUpdateTaskMachineUA task configured to run?
- After launching the Computer Management tool, navigate to the Task Scheduler then click on the dropdown and select Task Scheduler Library.
- The menu on the right will have the task GoogleUpdateTaskMachineUA and you can see the time it is supposed to run.
Answer: 6:15 AM
3. What is the name of the hidden share?
- Continue and navigate to the Shared Folders category and select Shares.
- The shared folder can be found below.
Answer: sh4r3dF0Ld3r
Part 5: System Information
- After going through the TryHackMe’s detailed explanation, you can find the questions below:
- What is the command to open System Information? (The answer is the name of the .exe file, not the full path)
Answer: msinfo32.exe
2. What is listed under System Name?
- After launching the System Information tool, you can see the System Name as it is below
Answer: THM-WINFUN2
3. Under Environment Variables, what is the value for ComSpec?
- Expand the dropdown menu of Software Environment and select Environment Variables.
- ComSpec is the first variable and you can see it’s value.
Answer: %SystemRoot%\system32\cmd.exe
Part 6: Resource Monitor
- After going through the TryHackMe’s detailed explanation, you can find only one question for this section:
- What is the command to open Resource Monitor? (The answer is the name of the .exe file, not the full path)
Answer: resmon.exe
Part 7: Command Prompt
- After going through the TryHackMe’s detailed explanation, you can find the questions below:
- In System Configuration, what is the full command for Internet Protocol Configuration?
- Go to the Tools tab of System Configuration and scroll down to Internet Protocol Configuration. The command can then be seen below.
Answer: C:\Windows\System32\cmd.exe /k %windir%\system32\ipconfig.exe
2. For the ipconfig command, how do you show detailed information?
- For this section, we can use the help utility in cmd that we learned in this part as:
ipconfig /?
- The command we need appears immediately at the bottom of the screen.
Answer: ipconfig /all
Part 8: Registry Editor
- After going through the TryHackMe’s detailed explanation, you can find only one question for this section:
- What is the command to open the Registry Editor? (The answer is the name of the .exe file, not the full path)
- Go to the Tools tab of System Configuration and scroll down to Registry Editor. The command can then be seen below.
Answer: regedt32.exe
Part 9: Conclusion
- For this section, read the material provided.
- Select the green button found in the section of Answer the questions below. It should appear as below after being clicked.
We can then continue on to TryHackMe Windows Fundamentals 3 found at:
The write-up for this room can also be found published at: