Bilgisayar Teknolojileri

Windows Komutları

Komut Komutun Kullanımı
dir dir /od to find the most recently modified files on the hard drive
ping ping -a and ping –t to determine hostnames and whether or not the host is alive
tracert tracert –d for determining how your system is communicating with a remote host
find dir c:\ /s /b | find “SSN” to search your local hard drive for sensitive text such as “SSN”
findstr findstr /s /i confidential *.* to search the current directory and all subdirectories for sensitive text such as “confidential”
nslookup nslookup –type=ANY domain_name to display all DNS records for a specific domain
nbtstat nbtstat –A remote_host_IP_address to display a remote system’s NetBIOS name table, computer name, domain name, MAC address and possibly the currently logged on user
  1. net view hostname to display shares on a remote system
  2. net accounts to display local user account policies for passwords, etc.
  3. net share to display local shares
  4. net user to display local user names.

When used with the /add switch and a username and password, you can add users to the local system (works great once you’ve obtained a remote command prompt using Metasploit during your security testing!)

netsh netsh interface ip set address name=”Local Area Connection” static ip_address network_mask default_gateway for quickly setting a static IP address on your default network interface
netsh interface ip set address “Local Area Connection” dhcp for quickly obtaining IP configuration information via DHCP
netstat netstat –a –o to determine TCP and UDP connections currently in use along with the process ID that owns each connection. Use to find out which application is talking to whom
sc sc stop service_name to stop a Windows service
sc start service_name to start a Windows service
taskkill taskkill /pid and taskkill /im for killing hung processes, such as a security scanner that you’ve maxed out or potential malware loaded in memory
tasklist tasklist /svc shows services associated with each Windows process
tasklist /n dll_name shows all processes using a specified DLL
tasklist /fi /m “imagename eq process” shows the DLLs loaded into the specified Windows process
wmic Windows Management Interface Command-line (WMIC), literally an entire control system in and of itself, allows you to control both local and remote systems. Commands of interest for security include:

  1. wmic /output:c:\temp\stuff.html process list /format:htable for displaying all currently running processes in an HTML tableÂ
  2. wmic /record:c:\temp\investigate.xml process list full for recording your commands. Write them to a file for an investigative trail that includes the date, time, user name, command entered and output of the command.Â
  3. wmic useraccount list full for displaying a list of users on the local machineÂ
  4. wmic /user:userID /password:password /node:hostname share list full for displaying a list of shares on the remote machine (administrator access required)
  5. wmic qfe list full for displaying a list of patches and service packs installed on the local machine


28 Mart 2008 - Posted by | Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP | , , , , ,

Henüz yorum yapılmamış.

Bir Cevap Yazın

Aşağıya bilgilerinizi girin veya oturum açmak için bir simgeye tıklayın: Logosu hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap / Değiştir )

Twitter resmi

Twitter hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap / Değiştir )

Facebook fotoğrafı

Facebook hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap / Değiştir )

Google+ fotoğrafı

Google+ hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap / Değiştir )

Connecting to %s

%d blogcu bunu beğendi: