California Cyberhub Support Portal

Round 2 Windows 10 Practice Image

Round 2 Windows 10 Practice Image Guide

Download Round 2 Win 10 Practice IMAGE

Purpose:

The purpose of this document is to provide information about the Cyberhub Windows 10 image so that coaches and mentors may better help teams that are in need of assistance. Also, this can serve as an outline of some potential items that may be seen during CyberPatriot competitions.

Special Instructions:

  • Extraction Password: Warriors17
  • Turn on the Internet: Make sure to enable the DHCP Service from services.msc.

Vulnerabilities List:

  • 6 TOTAL FOR USERS
    • Disable Guest Account (if possible, only score through GPO)
    • User Deleted sasuke
    • User Deleted ryugi
    • User has insecure password (taiga)
    • Created new user (jeff)
    • Turn on UAC
  • 9 TOTAL FOR "LSP"
    • Updates for other microsoft products ENABLED
    • Autoplay COMPLETELY Disabled (GPEDIT)
    • Limit local use of blank passwords to local console ENABLED
    • Do not require CTRLALTDEL: DISABLED
    • Clear virtual memory pagefile: ENABLED
    • Smartscreen enabled
    • Disable remote
    • RDP network level authentication enabled (GPEDIT)
    • Check apps and files ON (Smartscreen)
  •  5 TOTAL FOR SERVICES   
    • Routing and Remote Access Disabled
    • Net. Tcp  port sharing Disabled
    • DHCP turned ON (turn it off so they don’t get internet) hehexd
    • Firewall service on
    • Firewall turned on
  •  7 TOTAL FOR PROGRAMS/VIRUSES   
    • Program removed (CCLEANER)
    • Program removed (CHROMIUM)
    • Program removed (OPHCRACK (in program files > Windows PC))
    • REMOVED BABYLON
    • Removed converter search bar
    • Removed slimcleaner
    • Removed DriverUpdate
  • 2 TOTAL FOR UPDATES    
    • Update Mozilla Firefox
    • Update Notepad++
  • Removed hidden text file in Program Files called CREDITCARD.TXT

 

ANSWERS TO FORENSICS:

  1. hoho
  2. MYNAMEISJEFF (decoded using onetimepad)
  3. There was no correct answer for this one; checksums were different for each computer. the important thing was that they used the certutil -hashfile command
  4. 10.0.0.0, 172.16.0.0, 192.168.0.0

Contributed by: Brandon Shin and Silas Shen - Troy High School

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.