SlideShare uma empresa Scribd logo

Windows Command Line Tools Guide

Transferir como PPTX, PDF
L
love4upratik
Tecnologia
1 de 21
Windows Command Line Prepared by-: Pratik Mavani Technical Security Consultant Aptec Distribution - UAE
Overview of commands ,[object Object]
WMIC – A Command line Interpreter for Windows Management Instrumentation
PSTools – A suite of very useful tools put out by the old Sysinternals crew now owned by Microsoft
Reg – Allows command line access to the registry,[object Object]
Allows a user a run a specific program or tools with different user permissions than the current user logon.
Use Shift + “Right Click” on the program and it gives us an option to run as administrator or as a different user.
from cmd-: runas /user:Domandminusername “teamviewer.exe” from cmd -: runas /user:localmachinenamedminusername “teamviewer.exe”
PSTools ,[object Object]
Unzip the tools in a folder.
Access the Command prompt as administrator (Domain Admin for controlling other machines on Domain). Navigate to the folder where you have unzipped your tools and start using it.,[object Object]
PSTools Use /? As argument to get help on specific PS command Save a list of computers to do an inventory of software installed As per the pre-requisites “remote registry” service should be started on remote machine
PSTools Use this to store the command output to a text file locally As per the pre-requisites “remote registry” service should be started on remote machine
Summary of PSTools PSExec- execute processes remotely PSFile- shows files opened remotely PSGetSid- display the SID of a computer or a user PSinfo - list information about a system PSKill- kill processes by name or process ID PSList - list detailed information about processes PSLoggedon - see who's logged on locally and via resource sharing (full source is included) PSLogList - dump event log records PSPasswd- changes account passwords PSService - view and control services PSShutdown - shuts down and optionally reboots a computer PSSuspent- suspends processes PsUptime- shows you how long a system has been running since its last reboot) As per the pre-requisites “remote registry” service should be started on remote machine
WMIC ,[object Object]
Can be used to trace some really good information.
Easy to use.
Yes, it’s in built windows tool but still useful.
Let’s get into it…..,[object Object]
WMIC  /? Switch will give you the help as usual.
WMIC  Using one the WMIC command to find number of networks shares on a machine ,[object Object]

Recomendados

How to-simulate-network-devices
How to-simulate-network-devicesHow to-simulate-network-devices
How to-simulate-network-devicesSusant Sahani
 
Lab 1(muhammad fahad) 2 k16-tct_33
Lab 1(muhammad fahad) 2 k16-tct_33 Lab 1(muhammad fahad) 2 k16-tct_33
Lab 1(muhammad fahad) 2 k16-tct_33 MuhammadFahadSaleem11
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networksAdeel Javaid
 
System Administration: Linux Process
System Administration: Linux ProcessSystem Administration: Linux Process
System Administration: Linux Processlucita cabral
 
Shutdown agent for_v_mware_esx
Shutdown agent for_v_mware_esxShutdown agent for_v_mware_esx
Shutdown agent for_v_mware_esxmoy725
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
MS08 067
MS08 067MS08 067
MS08 067Tim Krabec
 
Boot prom basics
Boot prom basicsBoot prom basics
Boot prom basicsGanesh Kumar Veerla
 

Recomendados

How to-simulate-network-devices
How to-simulate-network-devicesHow to-simulate-network-devices
How to-simulate-network-devicesSusant Sahani
 
Lab 1(muhammad fahad) 2 k16-tct_33
Lab 1(muhammad fahad) 2 k16-tct_33 Lab 1(muhammad fahad) 2 k16-tct_33
Lab 1(muhammad fahad) 2 k16-tct_33 MuhammadFahadSaleem11
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networksAdeel Javaid
 
System Administration: Linux Process
System Administration: Linux ProcessSystem Administration: Linux Process
System Administration: Linux Processlucita cabral
 
Shutdown agent for_v_mware_esx
Shutdown agent for_v_mware_esxShutdown agent for_v_mware_esx
Shutdown agent for_v_mware_esxmoy725
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
MS08 067
MS08 067MS08 067
MS08 067Tim Krabec
 
Boot prom basics
Boot prom basicsBoot prom basics
Boot prom basicsGanesh Kumar Veerla
 
System calls
System callsSystem calls
System callsAfshanKhan51
 
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attDEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attFelipe Prado
 
Technical case study on khatra exe virus
Technical case study on khatra exe virusTechnical case study on khatra exe virus
Technical case study on khatra exe virusdeepa86s
 
Linux host review
Linux host reviewLinux host review
Linux host reviewrglaal
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)Selomon birhane
 
Cara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuCara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuBayu Rosdiansyah
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingseastorm44
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guideShathees Rao
 
Understanding Linux system hang
Understanding Linux system hangUnderstanding Linux system hang
Understanding Linux system hangGang He
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problemGang He
 
Free tools for rapidly deploying software
Free tools for rapidly deploying softwareFree tools for rapidly deploying software
Free tools for rapidly deploying softwareConcentrated Technology
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Linux Run Level
Linux Run LevelLinux Run Level
Linux Run LevelGaurav Mishra
 
Linux : Booting and runlevels
Linux : Booting and runlevelsLinux : Booting and runlevels
Linux : Booting and runlevelsJohn Ombagi
 
PandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemPandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemEnrique Verdes
 
System Init
System InitSystem Init
System Initcntlinux
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel CrashdumpMarian Marinov
 
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...mfrancis
 
Monit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageMonit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageAmit Solanki
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8Nutan Kumar Panda
 

Mais conteúdo relacionado

Mais procurados

DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attDEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attFelipe Prado
 
Technical case study on khatra exe virus
Technical case study on khatra exe virusTechnical case study on khatra exe virus
Technical case study on khatra exe virusdeepa86s
 
Linux host review
Linux host reviewLinux host review
Linux host reviewrglaal
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)Selomon birhane
 
Cara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuCara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuBayu Rosdiansyah
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingseastorm44
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guideShathees Rao
 
Understanding Linux system hang
Understanding Linux system hangUnderstanding Linux system hang
Understanding Linux system hangGang He
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problemGang He
 
Free tools for rapidly deploying software
Free tools for rapidly deploying softwareFree tools for rapidly deploying software
Free tools for rapidly deploying softwareConcentrated Technology
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Linux : Booting and runlevels
Linux : Booting and runlevelsLinux : Booting and runlevels
Linux : Booting and runlevelsJohn Ombagi
 
PandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemPandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemEnrique Verdes
 
System Init
System InitSystem Init
System Initcntlinux
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel CrashdumpMarian Marinov
 
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...mfrancis
 
Monit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageMonit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageAmit Solanki
 

Mais procurados (20)

System calls
System callsSystem calls
System calls
 
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attDEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
 
Technical case study on khatra exe virus
Technical case study on khatra exe virusTechnical case study on khatra exe virus
Technical case study on khatra exe virus
 
Linux host review
Linux host reviewLinux host review
Linux host review
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)
 
Cara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuCara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcu
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testing
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guide
 
Understanding Linux system hang
Understanding Linux system hangUnderstanding Linux system hang
Understanding Linux system hang
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problem
 
Free tools for rapidly deploying software
Free tools for rapidly deploying softwareFree tools for rapidly deploying software
Free tools for rapidly deploying software
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
 
Linux Run Level
Linux Run LevelLinux Run Level
Linux Run Level
 
Linux : Booting and runlevels
Linux : Booting and runlevelsLinux : Booting and runlevels
Linux : Booting and runlevels
 
PandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemPandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring System
 
System Init
System InitSystem Init
System Init
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_Analysis
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel Crashdump
 
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
 
Monit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageMonit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & Usage
 

Semelhante a Windows Command Line Tools Guide

Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administrationConcentrated Technology
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxwaizuq
 
Synack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware PersistenceSynack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware PersistenceIvan Einstein
 
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Andrew Case
 
First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]Phil Huggins FBCS CITP
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Addmi 03-addm prerequisites
Addmi 03-addm prerequisitesAddmi 03-addm prerequisites
Addmi 03-addm prerequisitesodanyboy
 
OpenNMS - My Notes
OpenNMS - My NotesOpenNMS - My Notes
OpenNMS - My Notesashrawi92
 
2600 v03 n07 (july 1986)
2600 v03 n07 (july 1986)2600 v03 n07 (july 1986)
2600 v03 n07 (july 1986)Felipe Prado
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniquesSymantec Security Response
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 

Semelhante a Windows Command Line Tools Guide (20)

Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windows
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptx
 
Synack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware PersistenceSynack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware Persistence
 
Best free tools for w d a
Best free tools for w d aBest free tools for w d a
Best free tools for w d a
 
Best free tools for win database admin
Best free tools for win database adminBest free tools for win database admin
Best free tools for win database admin
 
Hta w22
Hta w22Hta w22
Hta w22
 
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
 
First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]
 
PowerShell Remoting
PowerShell RemotingPowerShell Remoting
PowerShell Remoting
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
Addmi 03-addm prerequisites
Addmi 03-addm prerequisitesAddmi 03-addm prerequisites
Addmi 03-addm prerequisites
 
OpenNMS - My Notes
OpenNMS - My NotesOpenNMS - My Notes
OpenNMS - My Notes
 
2600 v03 n07 (july 1986)
2600 v03 n07 (july 1986)2600 v03 n07 (july 1986)
2600 v03 n07 (july 1986)
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniques
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K Trojan
 
2.Accessing the Pi
2.Accessing the Pi2.Accessing the Pi
2.Accessing the Pi
 

Último

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Último (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Windows Command Line Tools Guide

  • 1. Windows Command Line Prepared by-: Pratik Mavani Technical Security Consultant Aptec Distribution - UAE
  • 2.
  • 3. WMIC – A Command line Interpreter for Windows Management Instrumentation
  • 4. PSTools – A suite of very useful tools put out by the old Sysinternals crew now owned by Microsoft
  • 5.
  • 6. Allows a user a run a specific program or tools with different user permissions than the current user logon.
  • 7. Use Shift + “Right Click” on the program and it gives us an option to run as administrator or as a different user.
  • 8. from cmd-: runas /user:Domandminusername “teamviewer.exe” from cmd -: runas /user:localmachinenamedminusername “teamviewer.exe”
  • 9.
  • 10. Unzip the tools in a folder.
  • 11.
  • 12. PSTools Use /? As argument to get help on specific PS command Save a list of computers to do an inventory of software installed As per the pre-requisites “remote registry” service should be started on remote machine
  • 13. PSTools Use this to store the command output to a text file locally As per the pre-requisites “remote registry” service should be started on remote machine
  • 14. Summary of PSTools PSExec- execute processes remotely PSFile- shows files opened remotely PSGetSid- display the SID of a computer or a user PSinfo - list information about a system PSKill- kill processes by name or process ID PSList - list detailed information about processes PSLoggedon - see who's logged on locally and via resource sharing (full source is included) PSLogList - dump event log records PSPasswd- changes account passwords PSService - view and control services PSShutdown - shuts down and optionally reboots a computer PSSuspent- suspends processes PsUptime- shows you how long a system has been running since its last reboot) As per the pre-requisites “remote registry” service should be started on remote machine
  • 15.
  • 16. Can be used to trace some really good information.
  • 17. Easy to use.
  • 18. Yes, it’s in built windows tool but still useful.
  • 19.
  • 20. WMIC  /? Switch will give you the help as usual.
  • 21.
  • 22.
  • 23.
  • 24. If you receive an attack alert on your IPS and the remedy information suggests that a particular security patch/service pack should be installed. So to find out whether that is installed on victim machine or not, just reach WMIC use the command“/node:victim_ipaddress qfe list”
  • 25.
  • 26. In such cases take remote shell of that machine through Psexec remotemachine_IP cmd.exe  Use command like “REG Query” to fetch information from registry
  • 27.
  • 28. Below is the snipped of the file
  • 29. To get more information I will run the following command on the remote cmd -:REG QUERY HKLMoftwareicrosoftindowsurrentVersionninstallittorrent I WAS REALLY NOT AWARE OF THIS COMMAND TILL I ATTENDED A SECURITY CONFERENCE ONLINE, THIS COMMAND CAN FETCH YOU TONS OF INFORMATION IF USED PROPERLY.
  • 30.
  • 31. Check what are the current process running on that machine (Remotely with WMIC)
  • 32. Is any P2P client running on the machine ? If yes kill the process (WMIC/PSTools) and uninstall the software
  • 33. If not, check the uninstalled list ? (WMIC) Has the user uninstalled the software recently.
  • 34. If there is no trace of P2P software client, do netstat on the remote shell of machine and check where is traffic going.
  • 35. Determine outgoing traffic is going to legitimate domains (by “who is”) .
  • 36. If not, and you feel it is affected by Botnet/malware, collect the event logs(PSTools) kill the processes remotely and shutdown the machine (WMIC / PS) till its re-installed.
  • 37.
  • 40. If you think a particular services is doing some remote connection, try to get more infoWMIC process get Name,ExecutablePath,CommandLine,ProcessID /param:list (when you get the information list for all services, and if you are checking for e.g. services.exe is the name of process but executable path is c:indowsi789r8.exe ) (it’s time to shout ooooopppppssss)
  • 41.
  • 42.
  • 43. A simple attack vector throgh WMIC Re route DNS of a machine in two steps WMIC /node:remote_ip nicconfig list brief (note down the index number from the output) WMIC /node:remote_ip nicconfig where index=9 call SetDNSServerSearchOrder (“1.1.1.1”,”2.2.2.2”) You need patience of a saint after issuing this command…… Waaaaiiittt……..till you see the results
  • 44. Downloads and Help Download a WMI Script generator from http://www.robvanderwoude.com/wmigen.php Find More WMIC examples at http://blogs.technet.com/b/jhoward/archive/2005/02/23/378726.aspx Books on Amazon http://www.amazon.com/Understanding-Scripting-Instrumentation-Mission-Critical-Infrastructures/dp/1555582664/ref=sr_1_1?ie=UTF8&s=books&qid=1304833283&sr=8-1