Friday, August 5, 2022

TryHackMe Write-Ups | Sysinternals Task 2  Install the Sysinternals Suite

Time to get our hands dirty with Sysinternals.

The Sysinternals tool(s) can be downloaded and run from the local system, or the tool(s) can be run from the web.

Regarding local install/run, you can download the entire suite or just the tool(s) you need.

If you wish to download a tool or two but not the entire suite, you can navigate to the Sysinternals Utilities Index page, https://docs.microsoft.com/en-us/sysinternals/downloads/, and download the tool(s). If you know which tool you want to download, then this is fine. The tools are listed in alphabetical order are not separated by categories.

https://assets.tryhackme.com/additional/sysinternals/sysint-util-index.png

Alternatively, you can use the category links to find and download the tool(s). This route is better since there are so many tools you can focus on all the tools of interest instead of the entire index.

For example, let's say you need tools to inspect Windows processes; then, you can navigate to the Process Utilities page, https://docs.microsoft.com/en-us/sysinternals/downloads/process-utilities/, for all the tools that fall under this category.

https://assets.tryhackme.com/additional/sysinternals/sysint-proc-util.png

Notice that you are conveniently supplied with a brief explanation for each tool.

Lastly, you can do the same from the Sysinternals Live URL, https://live.sysinternals.com/. This is the same URL to use if you wish to run the tool from the web. We will look at how to accomplish this in the next section.

If you chose to download from this page, it is similar to the Sysinternals Utilities Index page. The tools are listed in alphabetical order and are not separated by categories.

https://assets.tryhackme.com/additional/sysinternals/sysint-live-index.png

If you wish to download the Sysinternals Suite, you can download the zip file from here.

The suite has a select number of Sysinternal tools. See below for a rundown of the tools included in the suite.

https://assets.tryhackme.com/additional/sysinternals/sysint-suite.png

After you download the zip file, you need to extract the files. After the files are extracted, the extra step, which is by choice, is to add the folder path to the environment variables. By doing so, you can launch the tools via the command line without navigating to the directory the tools reside in.

Environment Variables can be edited from System Properties.

The System Properties can be launched via the command line by running sysdm.cpl. Click on the Advanced tab.

https://assets.tryhackme.com/additional/sysinternals/env-variables.png

Select Path under System Variables and select Edit... then OK.

https://assets.tryhackme.com/additional/sysinternals/env-variables2.png

In the next screen select New and enter the folder path where the Sysinternals Suite was extracted to. Press OK to confirm the changes.

https://assets.tryhackme.com/additional/sysinternals/env-variables3.png

Open a new command prompt (elevated) to confirm that the Sysinternals Suite can be executed from any location.

https://assets.tryhackme.com/additional/sysinternals/env-variables4.png

A local copy of the Sysinternals Suite is located in C:\\Tools\\Sysint.

Alternatively, a PowerShell module can download and install all of the Sysinternals tools.

PowerShell command: Download-SysInternalsTools C:\Tools\Sysint

Now let's look at how to run the Sysinternals tools from the web.

Answer the questions below

What is the last tool listed within the Sysinternals Suite?

How to: If you haven’t extracted it yet then double-click on zip file and scroll to the bottom, on the other hand if you have just go to where you extracted it and scroll to the bottom. They want the name of the tool, not the number indicating what architecture it works with. 

Answer: zoomit

No comments:

Post a Comment

TryHackMe Write-Up | Sysinternals Task 9  Miscellaneous

BgInfo "It automatically displays relevant information about a Windows computer on the desktop's background, such as the computer ...