Lab

Step 1-2

Setup and login

Step 3: Deleting Malicious Files

• Powershell ISE
  • Run as admin
  • Get-ChildItem -Path C:\ -Include *.ogg*,*.flac*,*.mp4* -Recurse -ErrorAction SilentlyContinue
    • Get-ChildItem finds files and folders inside of specified location
    • -Path specifies location
    • -Include specifies files we are searching for
    • -Recurse includes subdirectories
    • -ErrorAction specifies what to do in case of error
    • Silently continue to ignore errors

SUBMIT: Take a screenshot that shows the output of a command to demonstrate the files have been removed.

• Get-ChildItem -Path C:\ -Include *.ogg*,*.flac*,*.mp4* -Recurse -ErrorAction SilentlyContinue | foreach { Remove-Item -Path $_.FullName }
  • foreach loops
  • $_.FullName means full path

SUBMIT: Once you’ve done this, re-run the command from step 1b. Take a screenshot of the results of this command, and submit it as part of your lab.

Step 4: Password Policies

• Local password policy -> Account Policy -> password policies

SUBMIT: After setting your password policies appropriately, open up a command prompt and run the command “net accounts”. Take a screenshot of the results and submit them as part of your lab.

Step 5: File Storage

• net share shows file shares
• disable file sharing

SUBMIT: Once you’ve done this, run the ‘net share’ command again from a command prompt. Take a screenshot of the results and submit it as part of your lab.

What does the screenshot output show?
This shows that Ookie is not sharing.

• Network and Sharing Center -> All Networks
  • Password protected sharing on

What does the screenshot output show?
It shows that only accounts with passwords can view shared content.

Step 6: Web Server Hardening

• Services
  • Right click -> properties
• Apache24\conf\httpd.conf
  • ServerTokens Prod tells to give less info in server header
  • ServerSignature Off tells not to display version on webpages
• Restart Apache24

SUBMIT: Take a screenshot of the httpd.conf file with the ServerTokens and ServerSignature options set, and submit this as part of your lab.

SUBMIT: Take a screenshot of http://localhost/test/, and submit it as part of your lab.

• Options Indexes FollowSymLinks replace with Options None FollowSymLinks
• Restart Apache24

SUBMIT: Take a screenshot of what you see at http://localhost/test/ now, and submit it as part of your lab.

Step 7: FTP Server

• Find filezilla Step 6
• Click uninstall

SUBMIT: Once you’ve uninstalled FileZilla, re-run the command from Step 1a. Take a screenshot of the results, and submit that as part of your lab.

What does the screenshot output show?
It shows that FileZilla is not running.

Step 8: Viewing Event Logs

• Powershell ISE as admin
  • Get-EventLog -List shows event logs
  • Get-EventLog -LogName Security -Newest 30
    • -LogName is log type
    • -Newest is how many to show

SUBMIT: Take a screenshot of the results of this command, and submit it as part of your lab.

Step 9: Renaming the Guest and Administrator Accounts

• wmic useraccount where name='Administrator' rename 'ExampleName'

SUBMIT: Take a screenshot showing the results of the wmic command you ran, and submit this as part of your lab.

What does the screenshot output show?
It shows that the Administrator was renamed

Step 10: Install Ninite and download Chrome and AVG

SUBMIT: provide a screenshot showing that ninite was installed.

Step 11: Ensure Ookie and Pokie are the only administrators

SUBMIT:

What steps did you take to modify users in the Administrator group?

• WIN+R -> lusrmgr.msc -> groups
  • click on Administrator
  • click on user to remove
  • click remove

Provide a screenshot showing the results of the command:

net localgroup Administrators

What does the screenshot output show?
This shows that only Ookie, Pokie, and Eitan (default admin) are admins.