.

Windows Command Line Tools For Security And Other Analysis

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu May 29, 2008 1:33 pm

Windows Command Line Tools For Security And Other Analysis

Quick write-up by Larry Seltzer of PC Mag including a shoutout to Ed Skoudis' work and Sysinternals:

Hat tip to Bruce Schneier for pointing me to a couple of tip articles by Ed Skoudis on Windows command line tools, the first group to tell if your system has been hacked, and the second for more general system analysis.

I've written about this stuff myself before, but it's always good to have a refresher. If you use Windows every day, especially if you administer Windows systems, you do yourself a big favor by becoming expert in these tools.

Some examples:

wmic: The Windows Management Instrumentation Console is a command line way to do lots of system management you might normally do with a GUI, such as Device Manager stuff. You can also list all running processes and all startup processes.

net: Network configuration and information commands, like seeing who is connected to what, creating shares, and what groups people belong to.

find: Been around since DOS 2.0 I think, but it's still underutilized. A filter program that you can pass content through to find the interesting stuff.

Consider:
wmic process list brief | find "OUTLOOK"
which shows detail on the Outlook process.


What Skoudis doesn't get into is the fine collection of free tools from Sysinternals, now part of Microsoft. These tools are mostly GUI tools for deep system analysis and performance enhancement, and most of them are available as command line versions too.

My favorites:

Process Explorer: Extensive details on running processes, including constituent processes of services.

Filemon, Regmon: Monitor and report on file and registry activity in the system. These are famous and indispensable tools.

BGInfo: Show system information as part of your desktop background.

And the ultimate place you want to be to be a true wiz is to become proficient in scripting these command line tools with Windows Script Host. True there are other scripting products, but wscript is included in all versions of Windows. In this way you can quickly build programs to do powerful system functions.


Original post with links:
http://blogs.pcmag.com/securitywatch/20 ... ls_for.php

Don
CISSP, MCSE, CSTA, Security+ SME
<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Fri May 30, 2008 1:56 am

Re: Windows Command Line Tools For Security And Other Analysis

When sysinternals originally published these tools, they came with source code but when Microsoft took over sysinternals all the source code dissappered. Now since we've started discussing programming concepts, if anyone needs the source codes to extend these tools or to understand how these tools works, then get them from the wayback machine (http://www.archive.org) or contact me.
There is no rule, law or tradition that apply universally... including this one.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software