SlideShare une entreprise Scribd logo

Windows Command Line Tools Guide

Télécharger en tant que PPTX, PDF
L
love4upratik
Technologie
1  sur  21
Windows Command Line Prepared by-: Pratik Mavani Technical Security Consultant Aptec Distribution - UAE
Overview of commands ,[object Object]
WMIC – A Command line Interpreter for Windows Management Instrumentation
PSTools – A suite of very useful tools put out by the old Sysinternals crew now owned by Microsoft
Reg – Allows command line access to the registry,[object Object]
Allows a user a run a specific program or tools with different user permissions than the current user logon.
Use Shift + “Right Click” on the program and it gives us an option to run as administrator or as a different user.
from cmd-: runas /user:Domandminusername “teamviewer.exe” from cmd -: runas /user:localmachinenamedminusername “teamviewer.exe”
PSTools ,[object Object]
Unzip the tools in a folder.
Access the Command prompt as administrator (Domain Admin for controlling other machines on Domain). Navigate to the folder where you have unzipped your tools and start using it.,[object Object]
PSTools Use /? As argument to get help on specific PS command Save a list of computers to do an inventory of software installed As per the pre-requisites “remote registry” service should be started on remote machine
PSTools Use this to store the command output to a text file locally As per the pre-requisites “remote registry” service should be started on remote machine
Summary of PSTools PSExec- execute processes remotely PSFile- shows files opened remotely PSGetSid- display the SID of a computer or a user PSinfo - list information about a system PSKill- kill processes by name or process ID PSList - list detailed information about processes PSLoggedon - see who's logged on locally and via resource sharing (full source is included) PSLogList - dump event log records PSPasswd- changes account passwords PSService - view and control services PSShutdown - shuts down and optionally reboots a computer PSSuspent- suspends processes PsUptime- shows you how long a system has been running since its last reboot) As per the pre-requisites “remote registry” service should be started on remote machine
WMIC ,[object Object]
Can be used to trace some really good information.
Easy to use.
Yes, it’s in built windows tool but still useful.
Let’s get into it…..,[object Object]
WMIC  /? Switch will give you the help as usual.
WMIC  Using one the WMIC command to find number of networks shares on a machine ,[object Object]

Recommandé

How to-simulate-network-devices
How to-simulate-network-devicesHow to-simulate-network-devices
How to-simulate-network-devicesSusant Sahani
 
Lab 1(muhammad fahad) 2 k16-tct_33
Lab 1(muhammad fahad) 2 k16-tct_33 Lab 1(muhammad fahad) 2 k16-tct_33
Lab 1(muhammad fahad) 2 k16-tct_33 MuhammadFahadSaleem11
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networksAdeel Javaid
 
System Administration: Linux Process
System Administration: Linux ProcessSystem Administration: Linux Process
System Administration: Linux Processlucita cabral
 
Shutdown agent for_v_mware_esx
Shutdown agent for_v_mware_esxShutdown agent for_v_mware_esx
Shutdown agent for_v_mware_esxmoy725
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
MS08 067
MS08 067MS08 067
MS08 067Tim Krabec
 
Boot prom basics
Boot prom basicsBoot prom basics
Boot prom basicsGanesh Kumar Veerla
 

Recommandé

How to-simulate-network-devices
How to-simulate-network-devicesHow to-simulate-network-devices
How to-simulate-network-devicesSusant Sahani
 
Lab 1(muhammad fahad) 2 k16-tct_33
Lab 1(muhammad fahad) 2 k16-tct_33 Lab 1(muhammad fahad) 2 k16-tct_33
Lab 1(muhammad fahad) 2 k16-tct_33 MuhammadFahadSaleem11
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networksAdeel Javaid
 
System Administration: Linux Process
System Administration: Linux ProcessSystem Administration: Linux Process
System Administration: Linux Processlucita cabral
 
Shutdown agent for_v_mware_esx
Shutdown agent for_v_mware_esxShutdown agent for_v_mware_esx
Shutdown agent for_v_mware_esxmoy725
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
MS08 067
MS08 067MS08 067
MS08 067Tim Krabec
 
Boot prom basics
Boot prom basicsBoot prom basics
Boot prom basicsGanesh Kumar Veerla
 
System calls
System callsSystem calls
System callsAfshanKhan51
 
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attDEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attFelipe Prado
 
Technical case study on khatra exe virus
Technical case study on khatra exe virusTechnical case study on khatra exe virus
Technical case study on khatra exe virusdeepa86s
 
Linux host review
Linux host reviewLinux host review
Linux host reviewrglaal
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)Selomon birhane
 
Cara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuCara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuBayu Rosdiansyah
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingseastorm44
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guideShathees Rao
 
Understanding Linux system hang
Understanding Linux system hangUnderstanding Linux system hang
Understanding Linux system hangGang He
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problemGang He
 
Free tools for rapidly deploying software
Free tools for rapidly deploying softwareFree tools for rapidly deploying software
Free tools for rapidly deploying softwareConcentrated Technology
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Linux Run Level
Linux Run LevelLinux Run Level
Linux Run LevelGaurav Mishra
 
Linux : Booting and runlevels
Linux : Booting and runlevelsLinux : Booting and runlevels
Linux : Booting and runlevelsJohn Ombagi
 
PandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemPandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemEnrique Verdes
 
System Init
System InitSystem Init
System Initcntlinux
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel CrashdumpMarian Marinov
 
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...mfrancis
 
Monit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageMonit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageAmit Solanki
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8Nutan Kumar Panda
 

Contenu connexe

Tendances

DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attDEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attFelipe Prado
 
Technical case study on khatra exe virus
Technical case study on khatra exe virusTechnical case study on khatra exe virus
Technical case study on khatra exe virusdeepa86s
 
Linux host review
Linux host reviewLinux host review
Linux host reviewrglaal
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)Selomon birhane
 
Cara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuCara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuBayu Rosdiansyah
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingseastorm44
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guideShathees Rao
 
Understanding Linux system hang
Understanding Linux system hangUnderstanding Linux system hang
Understanding Linux system hangGang He
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problemGang He
 
Free tools for rapidly deploying software
Free tools for rapidly deploying softwareFree tools for rapidly deploying software
Free tools for rapidly deploying softwareConcentrated Technology
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Linux : Booting and runlevels
Linux : Booting and runlevelsLinux : Booting and runlevels
Linux : Booting and runlevelsJohn Ombagi
 
PandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemPandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemEnrique Verdes
 
System Init
System InitSystem Init
System Initcntlinux
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel CrashdumpMarian Marinov
 
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...mfrancis
 
Monit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageMonit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageAmit Solanki
 

Tendances (20)

System calls
System callsSystem calls
System calls
 
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash attDEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
DEFCON 23 - Gerard Laygui - forensic artifacts pass the hash att
 
Technical case study on khatra exe virus
Technical case study on khatra exe virusTechnical case study on khatra exe virus
Technical case study on khatra exe virus
 
Linux host review
Linux host reviewLinux host review
Linux host review
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)
 
Cara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuCara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcu
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testing
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guide
 
Understanding Linux system hang
Understanding Linux system hangUnderstanding Linux system hang
Understanding Linux system hang
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problem
 
Free tools for rapidly deploying software
Free tools for rapidly deploying softwareFree tools for rapidly deploying software
Free tools for rapidly deploying software
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
 
Linux Run Level
Linux Run LevelLinux Run Level
Linux Run Level
 
Linux : Booting and runlevels
Linux : Booting and runlevelsLinux : Booting and runlevels
Linux : Booting and runlevels
 
PandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring SystemPandoraFMS: Free Monitoring System
PandoraFMS: Free Monitoring System
 
System Init
System InitSystem Init
System Init
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_Analysis
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel Crashdump
 
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
 
Monit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & UsageMonit - Introduction, Configuration & Usage
Monit - Introduction, Configuration & Usage
 

Similaire à Windows Command Line Tools Guide

Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administrationConcentrated Technology
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxwaizuq
 
Synack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware PersistenceSynack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware PersistenceIvan Einstein
 
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Andrew Case
 
First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]Phil Huggins FBCS CITP
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Addmi 03-addm prerequisites
Addmi 03-addm prerequisitesAddmi 03-addm prerequisites
Addmi 03-addm prerequisitesodanyboy
 
OpenNMS - My Notes
OpenNMS - My NotesOpenNMS - My Notes
OpenNMS - My Notesashrawi92
 
2600 v03 n07 (july 1986)
2600 v03 n07 (july 1986)2600 v03 n07 (july 1986)
2600 v03 n07 (july 1986)Felipe Prado
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniquesSymantec Security Response
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 

Similaire à Windows Command Line Tools Guide (20)

Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windows
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptx
 
Synack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware PersistenceSynack Shakacon OSX Malware Persistence
Synack Shakacon OSX Malware Persistence
 
Best free tools for w d a
Best free tools for w d aBest free tools for w d a
Best free tools for w d a
 
Best free tools for win database admin
Best free tools for win database adminBest free tools for win database admin
Best free tools for win database admin
 
Hta w22
Hta w22Hta w22
Hta w22
 
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
 
First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]First Responders Course - Session 7 - Incident Scope Assessment [2004]
First Responders Course - Session 7 - Incident Scope Assessment [2004]
 
PowerShell Remoting
PowerShell RemotingPowerShell Remoting
PowerShell Remoting
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
Addmi 03-addm prerequisites
Addmi 03-addm prerequisitesAddmi 03-addm prerequisites
Addmi 03-addm prerequisites
 
OpenNMS - My Notes
OpenNMS - My NotesOpenNMS - My Notes
OpenNMS - My Notes
 
2600 v03 n07 (july 1986)
2600 v03 n07 (july 1986)2600 v03 n07 (july 1986)
2600 v03 n07 (july 1986)
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniques
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K Trojan
 
2.Accessing the Pi
2.Accessing the Pi2.Accessing the Pi
2.Accessing the Pi
 

Dernier

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Dernier (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Windows Command Line Tools Guide

  • 1. Windows Command Line Prepared by-: Pratik Mavani Technical Security Consultant Aptec Distribution - UAE
  • 2.
  • 3. WMIC – A Command line Interpreter for Windows Management Instrumentation
  • 4. PSTools – A suite of very useful tools put out by the old Sysinternals crew now owned by Microsoft
  • 5.
  • 6. Allows a user a run a specific program or tools with different user permissions than the current user logon.
  • 7. Use Shift + “Right Click” on the program and it gives us an option to run as administrator or as a different user.
  • 8. from cmd-: runas /user:Domandminusername “teamviewer.exe” from cmd -: runas /user:localmachinenamedminusername “teamviewer.exe”
  • 9.
  • 10. Unzip the tools in a folder.
  • 11.
  • 12. PSTools Use /? As argument to get help on specific PS command Save a list of computers to do an inventory of software installed As per the pre-requisites “remote registry” service should be started on remote machine
  • 13. PSTools Use this to store the command output to a text file locally As per the pre-requisites “remote registry” service should be started on remote machine
  • 14. Summary of PSTools PSExec- execute processes remotely PSFile- shows files opened remotely PSGetSid- display the SID of a computer or a user PSinfo - list information about a system PSKill- kill processes by name or process ID PSList - list detailed information about processes PSLoggedon - see who's logged on locally and via resource sharing (full source is included) PSLogList - dump event log records PSPasswd- changes account passwords PSService - view and control services PSShutdown - shuts down and optionally reboots a computer PSSuspent- suspends processes PsUptime- shows you how long a system has been running since its last reboot) As per the pre-requisites “remote registry” service should be started on remote machine
  • 15.
  • 16. Can be used to trace some really good information.
  • 17. Easy to use.
  • 18. Yes, it’s in built windows tool but still useful.
  • 19.
  • 20. WMIC  /? Switch will give you the help as usual.
  • 21.
  • 22.
  • 23.
  • 24. If you receive an attack alert on your IPS and the remedy information suggests that a particular security patch/service pack should be installed. So to find out whether that is installed on victim machine or not, just reach WMIC use the command“/node:victim_ipaddress qfe list”
  • 25.
  • 26. In such cases take remote shell of that machine through Psexec remotemachine_IP cmd.exe  Use command like “REG Query” to fetch information from registry
  • 27.
  • 28. Below is the snipped of the file
  • 29. To get more information I will run the following command on the remote cmd -:REG QUERY HKLMoftwareicrosoftindowsurrentVersionninstallittorrent I WAS REALLY NOT AWARE OF THIS COMMAND TILL I ATTENDED A SECURITY CONFERENCE ONLINE, THIS COMMAND CAN FETCH YOU TONS OF INFORMATION IF USED PROPERLY.
  • 30.
  • 31. Check what are the current process running on that machine (Remotely with WMIC)
  • 32. Is any P2P client running on the machine ? If yes kill the process (WMIC/PSTools) and uninstall the software
  • 33. If not, check the uninstalled list ? (WMIC) Has the user uninstalled the software recently.
  • 34. If there is no trace of P2P software client, do netstat on the remote shell of machine and check where is traffic going.
  • 35. Determine outgoing traffic is going to legitimate domains (by “who is”) .
  • 36. If not, and you feel it is affected by Botnet/malware, collect the event logs(PSTools) kill the processes remotely and shutdown the machine (WMIC / PS) till its re-installed.
  • 37.
  • 40. If you think a particular services is doing some remote connection, try to get more infoWMIC process get Name,ExecutablePath,CommandLine,ProcessID /param:list (when you get the information list for all services, and if you are checking for e.g. services.exe is the name of process but executable path is c:indowsi789r8.exe ) (it’s time to shout ooooopppppssss)
  • 41.
  • 42.
  • 43. A simple attack vector throgh WMIC Re route DNS of a machine in two steps WMIC /node:remote_ip nicconfig list brief (note down the index number from the output) WMIC /node:remote_ip nicconfig where index=9 call SetDNSServerSearchOrder (“1.1.1.1”,”2.2.2.2”) You need patience of a saint after issuing this command…… Waaaaiiittt……..till you see the results
  • 44. Downloads and Help Download a WMI Script generator from http://www.robvanderwoude.com/wmigen.php Find More WMIC examples at http://blogs.technet.com/b/jhoward/archive/2005/02/23/378726.aspx Books on Amazon http://www.amazon.com/Understanding-Scripting-Instrumentation-Mission-Critical-Infrastructures/dp/1555582664/ref=sr_1_1?ie=UTF8&s=books&qid=1304833283&sr=8-1