I started HTB Academy a few weeks ago and started some of the Fundamentals Modules. In Windows Fundamentals, one of the questions there is to “Identify one of the Non-standard update service running on host”,but the module did not mention anything about a command line looking for it and I do not know what a non-standard update service is. From what I understand is that it’s something that didn’t come with the OS.
If someone can explain it to me further, that would be lovely.
So, the answer is there on youtube but I do not like the way it was approached since the hint does say to use powershell, and also it didn’t use the ways academy explained. There are many ways that you can get the answer but I did it like HTB thought me. First I wanted to see what services are running and what of those services have something about update: Get-Service |? {$.Status -eq ‘Running’} | ? {$.DisplayName -Match ‘Update’}
Since it is good to type on the web names of services just to make sure what are standard services in windows. Non-standard service in this case was “FoxitReaderUpdateService”. After that I went to the Resource Monitor to see what was the file name and would you guess it is just service name + .exe(FoxitReaderUpdateService.exe)
I decided to modify a little the command that is given in the reading
Get-Service | ? {$_.Status -eq “Running”} | select -First 2 |fl
here i decide to add this { $_.DisplayName -like “update” }
Get-Service | ? { $.DisplayName -like “update” -and $.Status -eq “Running” } | fl
then according to the question “Identify one of the non-standard update services running on the host” I knew I had to search with a name “update” and also with the status “running” then I found 3 services running and decided to copy the first service and paste it on the internet “FoxitReaderUpdateService” > FoxitReaderUpdateService.exe Windows process - What is it? then reading a bit about this service it said something about “Foxit Reader is a popular PDF viewer and editor.” and if you click hint in the question it says something about pdf and editor, then that was the answer.
but every time I sent it, it said wrong answer, I didn’t know I had to write .exe at the end.
the challenge was good but the intrusions are not good.
that’s what I like about hackthebox academy it makes you think a lot.