Round 2 Windows 10 Practice Image

Round 2 Windows 10 Practice Image

Round 2 Windows 10 Practice Image Guide

Download Round 2 Win 10 Practice IMAGE

Purpose:

The purpose of this document is to provide information about the Cyberhub Windows 10 image so that coaches and mentors may better help teams that are in need of assistance. Also, this can serve as an outline of some potential items that may be seen during CyberPatriot competitions.

Special Instructions:

  • Extraction Password: Warriors17
  • Turn on the Internet: Make sure to enable the DHCP Service from services.msc.

Vulnerabilities List:

  • 6 TOTAL FOR USERS
    • Disable Guest Account (if possible, only score through GPO)
    • User Deleted sasuke
    • User Deleted ryugi
    • User has insecure password (taiga)
    • Created new user (jeff)
    • Turn on UAC
  • 9 TOTAL FOR “LSP”
    • Updates for other microsoft products ENABLED
    • Autoplay COMPLETELY Disabled (GPEDIT)
    • Limit local use of blank passwords to local console ENABLED
    • Do not require CTRLALTDEL: DISABLED
    • Clear virtual memory pagefile: ENABLED
    • Smartscreen enabled
    • Disable remote
    • RDP network level authentication enabled (GPEDIT)
    • Check apps and files ON (Smartscreen)
  •  5 TOTAL FOR SERVICES 
    • Routing and Remote Access Disabled
    • Net. Tcp  port sharing Disabled
    • DHCP turned ON (turn it off so they don’t get internet) hehexd
    • Firewall service on
    • Firewall turned on
  •  7 TOTAL FOR PROGRAMS/VIRUSES   
    • Program removed (CCLEANER)
    • Program removed (CHROMIUM)
    • Program removed (OPHCRACK (in program files > Windows PC))
    • REMOVED BABYLON
    • Removed converter search bar
    • Removed slimcleaner
    • Removed DriverUpdate
  • 2 TOTAL FOR UPDATES 
    • Update Mozilla Firefox
    • Update Notepad++
  • Removed hidden text file in Program Files called CREDITCARD.TXT

ANSWERS TO FORENSICS:

  1. hoho
  2. MYNAMEISJEFF (decoded using onetimepad)
  3. There was no correct answer for this one; checksums were different for each computer. the important thing was that they used the certutil -hashfile command
  4. 10.0.0.0, 172.16.0.0, 192.168.0.0

Contributed by: Brandon Shin and Silas Shen – Troy High School

Share this Article

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

Search
Generic filters

KB Table of Content

close-link
KB Table of Content
Scroll to Top
X