Windows Fundamentals (Summarized)

-

GUI: Graphical user interface


The Windows Desktop, aka the graphical user interface or GUI in short, is the screen that welcome you once you log into a windows machine. 


Traditionally, you need to pass the login screen first. The login screen is where you need to enter valid account credentials; usually, a username & password of a preexisting Windows account on that particular system or in the Active Directory environment (if it's a domain-joined machine). 


https://assets.tryhackme.com/additional/win-fun1/win-desktop2.png


The above screenshot is an example of a typical Windows Desktop. Each component that makes up the GUI is explained briefly below.


1.The Desktop

2.Start Menu

3.Search Box (Cortana)

4.Task View

5.Taskbar

6.Toolbars

7.Notification Area


The Desktop


The desktop is where you will have shortcuts to programs, folders, files, etc. These icons will either be well organized in folders sorted alphabetically or scattered randomly with no specific organization on the desktop. In either case, these items are typically placed on the desktop for quick access.


The look and feel of the desktop can be changed to suit your liking. By right-clicking anywhere on the desktop, a context menu will appear. This menu will allow you to change the sizes of the desktop icons, specify how you want to arrange them, copy/paste items to the desktop, and create new items, such as a folder, shortcut, or text document.


https://assets.tryhackme.com/additional/win-fun1/win-desktop-menu.png


Under Display settings, you can make changes to the screen's resolution and orientation. In case you have multiple computer screens, you can make configurations to the multi-screen setup here. 


https://assets.tryhackme.com/additional/win-fun1/win-desktop-setdisplay.png


Note: In a Remote Desktop session, some of the display settings will be disabled. 


https://assets.tryhackme.com/additional/win-fun1/win-display-settings.png


You can also change the wallpaper by selecting Personalize.


https://assets.tryhackme.com/additional/win-fun1/win-desktop-personalize.png


Under Personalize, you can change the background image to the Desktop, change fonts, themes, color scheme, etc. 


https://assets.tryhackme.com/additional/win-fun1/win-personalize-settings.png


The Start Menu


In previous versions of Windows, the word Start was visible at the bottom left corner of the desktop GUI. In modern versions of Windows, such as Windows 10, the word 'Start' doesn't appear anymore, but rather a Windows Logo is shown instead. Even though the look of the Start Menu has changed, its overall purpose is the same. 


The Start Menu provides access to all the apps/programs, files, utility tools, etc., that are most useful. 


Clicking on the Windows logo, the Start Menu will open. The Start Menu is broken up into sections. See below.


https://assets.tryhackme.com/additional/win-fun1/win-start-menu.png


1. This section of the Start Menu provides quick shortcuts to actions that you can perform with your account or login session, such as making changes to your user account, lock your screen, or signing out of your account. Other shortcuts specific to your account are your Documents (document icon) folder and Pictures folder (pictures icon). Lastly, the gear/cog icon will take you to the Settings screen, and the power icon will allow you to Disconnect from a Remote Desktop session, shut down the computer, or restart the computer.


In the below image, you can see what each of the icons represents. To expand this section, click on the icon that resembles a hamburger at the top.  


Remote Desktop? => https://community.windows.com/en-us/stories/work-from-anywhere-with-windows-10-remote-desktop


https://assets.tryhackme.com/additional/win-fun1/win-start-hamburger.png


2. This section will show all Recently added apps/programs at the top and all the installed apps/programs (that are configured to appear in the Start Menu). In this section, you'll also see the apps/programs will be listed in alphabetical order. Each letter will have its own section. See below.


https://assets.tryhackme.com/additional/win-fun1/win-start-programs.png


In the above image, the first box is where the recently added apps/programs will appear. The second box is where all the installed apps/programs will appear. 


Note: In your VM, Google Chrome will not show up as a Recently Added program anymore.


If you have a LONG list of installed apps/programs, you can jump to a particular section in the list by clicking on the letter headings to launch an alphabet grid. See below.


VM: Virtual Machine


https://assets.tryhackme.com/additional/win-fun1/win-start-grid.png


Note: The white letters match the letter headings. 


3. The right side of the Start Menu is where you will find icons for specific apps/programs or utilities. These icons are known as tiles. Some tiles are added to this section by default. If you right-click any of the tiles, you guessed it; a menu will appear to allow you to perform more actions on the selected tile; such as resizing the tile, unpinning from Start Menu, view its Properties, etc. See below.


https://assets.tryhackme.com/additional/win-fun1/win-start-tile.png


Apps/programs can be added to this Start Menu section by right-clicking the app/program and selecting Pin to Start. See below.



https://assets.tryhackme.com/additional/win-fun1/win-start-pin.png

https://assets.tryhackme.com/additional/win-fun1/win-start-pin2.png


The Taskbar


Some of the components are enabled and visible by default. The Toolbar (6), for example, was enabled for demonstration purposes.  


If you're like me and want to disable some of these components, you can right-click on Taskbar to bring up a context menu that will allow you to make changes.


https://assets.tryhackme.com/additional/win-fun1/win-taskbar1.png


Any apps/programs, folders, files, etc., that you open/start will appear in the taskbar. 


https://assets.tryhackme.com/additional/win-fun1/win-taskbar-chrome.png


Hovering over the icon will provide a preview thumbnail, along with a tooltip. This  tooltip is handy if you have many apps/programs open, such as Google Chrome, and you wish to find which instance of Google Chrome is the one you need to bring in to focus. 


When you close any of these items, they will disappear from the taskbar (unless you explicitly pinned it to the taskbar). 


The Notification Area


The Notification Area, which is typically located at the bottom right of the Windows screen, is where the date and time are displayed. Other icons possibly visible in this area is the volume icon, network/wireless icon, to name a few. Icons can be either added or removed from the Notification Area in Taskbar settings.


https://assets.tryhackme.com/additional/win-fun1/win-taskbar-settings.png


From there, scroll down to the Notification Area section to make changes. 


https://assets.tryhackme.com/additional/win-fun1/win-taskbar-notifarea.png


Here are Microsoft's brief documentations for the Start Menu and  Notification Area.


Start Menu: https://support.microsoft.com/en-us/windows/see-what-s-on-the-start-menu-a8ccb400-ad49-962b-d2b1-93f453785a13


Notification Area: https://support.microsoft.com/en-us/windows/customize-the-taskbar-notification-area-e159e8d2-9ac5-b2bd-61c5-bb63c1d437c3


Tip: You can right-click any folder, file, app/program, or icon to view more information or perform other actions on the clicked item. 

--------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------

--------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------

--------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------

The Windows operating system has a long history dating back to 1985, and currently, it is the dominant operating system in both home use and corporate networks. Because of this, Windows has always been targeted by hackers and malways writers(developers).

Windows XP was a popular version of Windows and had a long-running. Microsoft announced Windows Vista, which was a complete overhaul of the Windows operating system. There were many issues with Windows Vista. It wasn't received well by Windows users, and it was quickly phased out.

When Microsoft announced the end-of-life date for Windows XP, many customers panicked. Corporations, hospitals, etc., scrambled and tested the next viable Windows version, which was Windows 7, against many other hardware and devices. Vendors had to work against the clock to ensure their products worked with Windows 7 for their customers. If they couldn't, their customers had to break their agreement and find another vendor that upgraded their products to work with Windows 7. It was a nightmare for many, and Microsoft took note of it.

Windows 7, as quickly as it was released soon after, was marked with an end of support date. Windows 8.x came and left and it was short-lived, like Vista. 

Then Windows 10 arrived. https://www.microsoft.com/en-us/windows/features?activetab=NewPopular

Which is the current windows operating system version for desktop computers (2021 is windows 11)

Windows 10 comes in 2 flavors, Home and Pro. You can read the difference between the Home and Pro here. (https://www.microsoft.com/en-us/windows/compare-windows-10-home-vs-pro)

Even though we didn't talk about servers, the current version of the Windows operating system for servers is Windows Server 2019.(https://www.microsoft.com/en-us/windows-server)

Many critics like to bash on Microsoft, but they have made long strides to improve the usability and security with each new version of Windows.

Note: The Windows edition for the attached VM is Windows Server 2019 Standard, as seen in System Information.

Update: As of June 2021, Microsoft announced the retirement dates for Windows 10 here.(https://docs.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro?ranMID=24542&ranEAID=kXQk6*ivFEQ&ranSiteID=kXQk6.ivFEQ-M28j3qbUhtM2JFCT2wmhOA&epi=kXQk6.ivFEQ-M28j3qbUhtM2JFCT2wmhOA&irgwc=1&OCID=AID2000142_aff_7593_1243925&tduid=%28ir__uszrgcddyskfqz3fkk0sohz3wv2xuurc01kgzkod00%29%287593%29%281243925%29%28kXQk6.ivFEQ-M28j3qbUhtM2JFCT2wmhOA%29%28%29&irclickid=_uszrgcddyskfqz3fkk0sohz3wv2xuurc01kgzkod00&ranMID=24542&ranEAID=kXQk6*ivFEQ&ranSiteID=kXQk6.ivFEQ-4cKUPfbv9lM_IR2EX7K_hw&epi=kXQk6.ivFEQ-4cKUPfbv9lM_IR2EX7K_hw&irgwc=1&OCID=AID2000142_aff_7593_1243925&tduid=%28ir__feexvhocigkfqna9kk0sohznb32xutanagupypus00%29%287593%29%281243925%29%28kXQk6.ivFEQ-4cKUPfbv9lM_IR2EX7K_hw%29%28%29&irclickid=_feexvhocigkfqna9kk0sohznb32xutanagupypus00)

"Microsoft will continue to support at least one Windows 10 Semi-Annual Channel until October 14, 2025".

As of October 5th, 2021 - Windows 11 now is the current Windows operating system for end-users. Read more about Windows 11 here.(https://www.microsoft.com/en-us/windows?wa=wsignin1.0)

--------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------

--------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------

--------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------

The file system used in modern versions of Windows is the New Technology File System or simply NTFS 

resource: https://docs.microsoft.com/en-us/windows-server/storage/file-server/ntfs-overview

Before NTFS, there was FAT16/FAT32 (FILE ALLOCATION TABLE) and HPFS (HIGH PERFORMANCE FILE SYSTEM).

You still see FAT partitions in use today. For example, you typically see FAT partitions in USB Devices, MicroSD cards ... etc 

But traditionally not on personal Windows computers/laptops or Windows Servers. 

NTFS is known as a journaling file system. In case of failure, the file system can automatically repair the folders/files on disk using information stored in a log file. This function is not possible with FAT.

NETFS addresses many of the limitation of the previous file systems, such as: 

- Supports files larger than 4GB 
- Set specific permissions on folders and files 
- Folder and file compression 
- Encryption (Encryption File System or EFS) https://docs.microsoft.com/en-us/windows/win32/fileio/file-encryption

If you're running Windows, what is the file system your Windows installation is using? You can check the Properties (right-click) of the drive your operating system is installed on, typically the C drive (C:\).

https://assets.tryhackme.com/additional/win-fun1/win-file-system.gif

You can read Microsoft's official documentation on FAT, HPFS, and NTFS here. => https://docs.microsoft.com/en-us/troubleshoot/windows-client/backup-and-storage/fat-hpfs-and-ntfs-file-systems

Let's speak briefly on some features that are specific to NTFS. 

On NTFS volumes, you can set permissions that grant or deny access to files and folders.

The permissions are:

1- Full control
2- Modify
3- Read & Execute
4- List folder contents 
5- Read 
6- Write

The below image lists the meaning of each permission on how it applies to a file and a folder. ( credit : https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727008(v=technet.10)?redirectedfrom=MSDN )

https://assets.tryhackme.com/additional/win-fun1/ntfs-permissions1.png

How can you view the permissions for a file or folder?

- Right-click the file or folder you want to check for permissions.
- From the context menu, select Properties.
- Within Properties, click on the Security tab.
- In the Group or user names list, select the user, computer, or group whose permissions you want to view.


In the below image, you can see the permissions for the Users group for the Windows folder.

 https://assets.tryhackme.com/additional/win-fun1/windows-folder-permissions.png

 Refer to the Microsoft documentation to get a better understanding of the NTFS permissions for Special Permissions.

 * Another feature of NTFS is Alternate Data Streams (ADS).

Alternate Data Streams (ADS) is a file attribute specific to Windows NTFS

Every file has at least on data steam ($DATA), and ADS allows files to contain more than one stream of data. Natively Window Explorer does not display ADS to the user. 

There are 3rd party executables that can be used to view this data, but PowerShell gives you the ability to view ADS for files. 

Source 1: https://support.microsoft.com/en-us/windows/what-s-changed-in-file-explorer-ef370130-1cca-9dc5-e0df-2f7416fe1cb1

Source 2: https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.1

From a security perspective, malware writers/developers have used ADS to hide data.

Not all its uses are malicious. For example. when you download a file from the internet, there are identifiers written to ADS to identify that the file was downloaded from the internet. 

To learn more about ADS, refer to the following link from MalwareBytes: 

https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/


Bonus: If you wish to interact hands-on with ADS, I suggest exploring Day 21 of Advent of Cyber 2.

https://tryhackme.com/room/adventofcyber2

-----------------------------------------------------------------------------------------------------------------------------
The Windows\System32 Folders
---------------------------------------------
The Windows folder (c:\Windows) is traditionally known as the folder which contains the Windows operating system. 

The folder does not have to reside in the C drive necessarily. It can reside in any other driver and technically can reside in a different folder.

This is where environment variables, more specifically system environment variables, come into play. Even though not discussed yet, the system environment variable for the Windows directory is %windir%

source: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-7.1

Per Microsoft: "Environment variables store information about the operating system environment. This information includes details such as the operating system path, the number of processors used by the operating system, and the location of temporary folders".

There are many folders within the 'Windows' folder. See below.

https://assets.tryhackme.com/additional/win-fun1/windows-folder.png

One of the many folders is System32. 

https://assets.tryhackme.com/additional/win-fun1/windows-system32.png

The System32 folder holds the important files that are critical for the operating system.

You should proceed with extreme caution when interacting with this folder. 

Accidentally deleting any files or folders within System32 can render the Windows OS inoperational.

Note: Many of the tools that will be covered in the Windows Fundamentals series reside within the System32 folder. 

source: https://www.howtogeek.com/346997/what-is-the-system32-directory-and-why-you-shouldnt-delete-it/
-----------------------------------------------------------------------------------------------------------------------------
Thanks for reading! 👨‍💻
Roger

Comments

Post a Comment

Popular posts from this blog

Common Network Commands: Ping

-
Ping Command Overview The `ping` command is a fundamental utility used in network diagnostics. It checks the reachability of a host on an Internet Protocol (IP) network and measures the round-trip time for messages sent from the originating host to a destination computer. The command uses the Internet Control Message Protocol (ICMP) to send echo request packets and listens for echo replies. Origin and Development The `ping` command was developed in 1983 by Mike Muuss as a diagnostic tool for the ARPANET. Since then, it has become a standard utility available on most operating systems, including Linux, Windows, and macOS, making it an essential tool for network administrators and users. Basic Functionality The `ping` command serves several functions: - Tests connectivity to a specified host. - Measures the time taken for packets to travel to the destination and back. - Provides statistics about packet loss and round-trip time. Key Command Syntax 1. Basic Syntax:    ```    ping [options]
Read more

Common Network Commands: Route

-
Route Command Overview The route command is a part of the older net-tools package used in Linux systems for viewing and manipulating the IP routing table. It provides information about how packets are routed through the network and allows for the addition, deletion, and modification of routes. Origin and Development Historically, the route command has been a primary tool for managing network routing in Linux. However, it has largely been replaced by the ip command from the iproute2 package, which offers more advanced features and capabilities. Despite this, route is still commonly used in many Linux distributions for its simplicity and familiarity. Basic Functionality The route command serves several functions: - Displays the current routing table entries. - Shows destination networks, gateways, and associated interfaces. - Allows for the addition, deletion, and modification of routes. Key Command Syntax 1. Display Routing Table:    ```    route -n    ```    The -n option prevents DNS
Read more

John The Ripper

-
John the Ripper  Is one of the most well known, well-loved and versatile hash cracking tools out there. It combines a fast cracking speed, with an extraordinary range of compatible hash types. This room will assume no previous knowledge, so we must first cover some basic terms and concepts before we move into practical hash cracking. A hash is a way of taking a piece of data of any length and  representing it in another form that is a fixed length. This masks the original value of the data. This is done by running the original data through a hashing algorithm. There are many popular hashing algorithms, such as MD4,MD5, SHA1 and NTLM. Lets try and show this with an example: If we take "polo", a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash. Likewise, if we take "polomints", a string of 9 characters- and run it through the same MD5 hashing algorithm, w
Read more