File000174
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
219
On Slideshare
219
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
18
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Module LXI - Windows-Based Command Line Tools
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • IPSecScan • MKBT • Aircrack • Outwit • Joeware Tools • MacMatch • WhosIP • Forfiles • Sdelete This module will familiarize you with:
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow WhosIP MacMatch IPSecScan Forfiles Joeware Tools MKBT Sdelete Outwit Aircrack
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IPSecScan http://www.ntsecurity.nu/ IPSecScan scans single IP address or range of IP address for systems which are ipsec enabled It supports Windows 2000/XP
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools LADS program lists all alternate data streams of an NTFS directory ListDLLs shows the full path names of the loaded modules Source: http://technet.microsoft.com/
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Lsadump2 dumps the contents of the LSA secrets on a machine MBRWiz sets partitions active for booting and can delete or hide partition Source: http://technet.microsoft.com/
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Mirror is a simple command line tool to mirror two directories with sub-structures that will only copy the files that are newer and delete all files in the mirror that are no longer present in the source Make Bootable (MKBT ) is used for installing boot sectors Source: http://www.nu2.nu/
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited NBTScan http://www.unixwiz.net/ NBTScan tool scans IP networks for NETBIOS name information Sends a NETBIOS status query to each host address Displays IP address, NETBIOS computer name, logged-in user name, and MAC address
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Net Fizz http://packetstorm.offensive-security.com/ Net Fizz multithreaded net share scanner for Windows NT Shows hidden shares
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) NetPWAge displays password age for both user and machines NirCmd works without displaying the user’s interface Source: http://www.optimumx.com/ Source: http://www.nirsoft.net/
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) MacMatch searches and identifies files that are last updated, accessed, or created NTFSinfo is an applet which shows names and sizes of all NTFS meta-data files Source: http://www.ntsecurity.nu/ Source: http://technet.microsoft.com/
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited NTLast http://www.foundstone.com/ NTLast identifies and tracks the users who gain access to the system Reports on the status of IIS users Filters out web server logons from the console logons • C:CMDTntlast>ntlast Syntax:
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited PMDump http://www.ntsecurity.nu/ PMDump dumps the process memory contents to a file Lists out the running processes and their PIDs • C:CMDT>pmdump <pid><filename> Syntax:
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Poke is a run-time process examination tool that helps if the process to be examined has some heavy anti-debugging features Poorsniff is a Windows sniffer tool that sniffs the IP addresses that are accessed by the user Source: http://www.toolcrypt.org
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Procinfo displays information about running processes Ptime is an automatic process timer that accurately measures the program execution time in seconds
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Sdelete allows to delete one or more files and/or directories, or to cleanse the free space on a logical disk SetOwner changes the ownership of files/directories to any account
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SQLCmd http://msdn.microsoft.com/ SQLCmd allows to execute sql queries against ODBC data sources Executes sql query by specifying a database, username, and password (if required) Captures output either on screen or in a log file •C:CMDTsqlcmd>sqlcmd [options] Syntax:
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited StreamFind http://technet.microsoft.com/ StreamFind a command line utility for reporting alternate data streams Reports the existence of Streams on an NTFS partition Examines files on an NTFS partition for the presence of non-default data streams •C:CMDTstreamfind>streamfind[drive:][path][filename] [/E][/P][/S][/?] Syntax:
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Strings searches files for ASCII or UNICODE strings TestDisk tool recovers lost partitions and/or makes non-booting disks bootable again
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited UpTime analyzes a single server for reliability and availability information UPX is a free, portable, extendable, and high-performance executable packer for several different executable formats Windows-Based Command Line Tools (cont’d)
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) VNCPwdump is used to dump and decrypt the registry key containing the encrypted VNC password in a few different ways WhosIP easily finds and retrieves the available information about an IP address
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited winarp_mim http://www2.packetstormsecurity.org/ winarp_mim useful for sniffing in a switched network Supports Win9x/Win2K/WinXP • C: CMDT winarp_mim>winarp_mim -a target_a_ip - b target_b_ip [-t delay] [-c count] [-v] Syntax:
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) winarp_sk is a swiss knife tool that forges ARP packets (Ethernet and ARP headers) WinDump is used to watch and detect network traffic in Windows
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Winexit http://keepass.info/ Winexit is used to exit windows from the command line • C:CMDTwinexit>logoff • C: CMDT winexit>reboot • C: CMDT winexit>reboot_force • C: CMDT winexit>shutdown • C: CMDT winexit>shutdown_force Syntax:
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) NetE calls is an Application Program Interfaces(APIs) that returns remote information at each of their valid levels until data is retrieved PSCP application transfers files securely between computers using an SSH connection
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) PSFTP is used for transferring files securely between computers using an SSH connection Pwdump2 can dump password hashes from Active Directory
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) ScanLine is a command-line port scanner for all Windows platforms Strace is a debugging/investigation utility that examines the NT system calls made by a process
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited UnRAR http://www.velocityreviews.com/ Resource Adapters aRchive (RAR) is a program to compress multiple files in an archive UnRAR decompresses RAR archives •C:CMDTunrar>unrar <command> -<switch 1> -<switch N> <archive> <files...> <@listfiles...> <path_to_extract> Syntax:
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Nmap http://nmap.org/ Network Mapper(Nmap) is an open source utility for network exploration or security auditing Uses raw IP packets to determine the available hosts on the network, services they offer etc. • C:CMDTNmap>nmap [Scan Type(s)] [Options] <host or net list> Syntax:
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Rconip is a well-designed remote console for NetWare running over IP Outwit (docprop) utility is a suite of tools based on the Unix tool design principles
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Outwit provides ODBC-based database access and prints the results of an SQL select command run on any database Outwit (readlink) uses the Windows API for resolving shortcuts and provides text- based access to the Windows registry
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Outwit (read log) provides text-based access to the Windows event log Outwit (winclip) provides access to the Windows clipboard from a console or MS-DOS window
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Outwit (winreg) http://dmst.aueb.gr/ Outwit (winreg) provides text-based access to the Windows registry It will not process data types other than the ones described •winreg [-F FS] [-r name] [-ntvci] [key] Syntax :
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited pdftohtml, pdftotext(Xpdf) http://sourceforge.net/ • Converts PDF files into HTML and XML formats Pdftohtml: • Converts Adobe PDF documents to simple text format • It works as a open source viewer for pdf files Pdftotext (Xpdf):
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) Permute is a word list permutation program Plink (puTTy) works as a command- line interface to the PuTTY back ends
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited AccExp is a set of several useful utilities, especially for Active Directory management AdFind is used for active directory queries Windows-Based Command Line Tools (cont’d)
  • 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) AdMod tool can modify, delete, rename, move, and undelete an objects in Active Directories ATSN converts IP addresses to subnet/site information
  • 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) AUTH tool is used for testing authentication of the user id ChangePW tool is used to change the passwords using command line prompt
  • 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (CPAU) http://www.joeware.net/ CAPU command line tool for starting process in alternate security context Allows to create job files and encode the ID, password, and command line in a file • CPAU -u user [-p password] -ex "WhatToRun" [switches] Syntax :
  • 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools http://www.joeware.net/ ClientTest is a GUI tool that verifies TCP/IP socket communication • clienttest [No Switches] Syntax : ELDLL holds basic resource information for customized event logging • ELDLLInstall sourcename eventlog [OPTIONS] Syntax :
  • 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) ELDLLEx is a DLL that contains basic resource information for customized logging ExchMbx is a command line tool for exchanging mailbox
  • 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (Expire) http://www.joeware.net/ Expire tool flags accounts and alter passwords on their next logon • Expire filename [minimum password age] Syntax :
  • 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) FindExpAcc locates accounts that are expired and accounts holding expired passwords FindNBT scans a subnet looking for Windows PCs
  • 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (FindPDC) http://www.joeware.net/ FindPDC locates PDC of domain • FindPDC domain count Syntax :
  • 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) GCChk locates active directory consistency issues and picks up missing GUIDs GetUserInfo extracts the user’s information from a domain
  • 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) LG manages built-in, local, and domain local groups MemberOf displays user’s group memberships
  • 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (NetSess) http://www.joeware.net/ NetSess enumerates Net BIOS sessions on a specified local or remote machine • netsess [servername] [clientname] [switches] Syntax :
  • 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) OldCmp is used to find and clean old computer accounts that have not been utilized Quiet silently launches a process
  • 49. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SecData displays security info about users/computers SecTok displays parts of the process token of the current process Windows-Based Command Line Tools (cont’d)
  • 50. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (SeInteractiveLogonRight) http://www.joeware.net/ • seinteractivelogonright<[DOMAIN]Account> [TargetMachine] Syntax : SeInteractiveLogonRight configures the system and approves specific user/groups to logon locally
  • 51. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Windows-Based Command Line Tools (cont’d) SidToName resolves SIDs to user friendly names ShrFlgs configures share flags
  • 52. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (SNU) http://www.joeware.net/ SNU is a network share connection tool which is mainly utilized for monitoring scripts • SNU servernamesharename (/ADD | /DEL) Syntax :
  • 53. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (SvcUtl) http://www.joeware.net/ SvcUtl displays service information Unlock displays current locked and unlocked accounts
  • 54. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (UserDump) http://www.joeware.net/ • userdump [machine] Syntax : UserDump dumps basic user information from NT Based system
  • 55. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (UserName) http://www.joeware.net/ UserName displays current user ID in multiple formats • UserName [switches] Syntax :
  • 56. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (W2KLockDesktop) http://www.joeware.net/ W2KLockDesktop locks desktop immediately No local security requirements is needed to run this tool • w2klockdesktop Syntax :
  • 57. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Joeware Tools (WriteProt) http://www.joeware.net/ WriteProt tool is used to write protect disk volumes in Windows XP and Windows Server 2003 • WriteProt [switches] Synopsis:
  • 58. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cb, Cliptext • Copies input to the clipboard • Captures output from another program • Syntax: dir /b /on | cb Cb: • Copies text from file to clipboard and vice-versa • Syntax: • ClipText from file.ext [/DOS] [/append] • ClipText to file.ext [/DOS] [/append] ClipText:
  • 59. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot : Cb, Cliptext Cb ClipText
  • 60. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cmdline, Contig • Lists all the process on the system • Follows chronological order for listing processes • Syntax: Cmdline [-pid][-u][-?] Cmdline: • Optimizes usage by making file contiguous in the memory • Syntax: contig [-v] [-a] [-q] [-s] [filename] -v Verbose -a Analyze fragmentation -q Quiet mode -s Recurse subdirectories Contig:
  • 61. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot : Cmdline, Contig Cmdline Contig
  • 62. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited cURL http://curl.haxx.se/ cURL is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE) curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user and password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, and proxy tunneling
  • 63. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Devcon http://support.microsoft.com/ Devcon acts as an alternative to the device manager Provides unavailable information in the device manager • devcon.exe [-r][-m:<machine>]<command>[<arg>…] -r reboots the machine when command completes <machine> is the name of the target machine <command> is the command to perform <arg>… arguments, if required by the command Syntax:
  • 64. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot : Devcon
  • 65. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dig http://serghei.net/ Dig investigates and digs into DNS(Domain Name System) • dig [@global-server] [domain] [q-type] [q- class] {q-opt}{global-d- opt}host [@local-server] {local-d-opt}[host [@local-server]{local-d- opt} […] ] Syntax:
  • 66. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Diskmap http://sourceforge.net/ • diskmap/<disk number> /d<disk number> shows number of the disk to map /h shows hexadecimal output Syntax: Diskmap tool depicts disk attributes and geometry from the registry Reads and displays disk partitions and logical drives
  • 67. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dispchg http://www.arminhanisch.de/ Dispchg scans and alters video modes from display driver option -help, -list, -current, -set mode, -change [-freak] makes output easier for filters • DispChg <option> [-freak] Syntax:
  • 68. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dumpwin, dWhich http://www.governmentsecurity.org/ • Provides information of the system where it is executed • Syntax: dumpwin (options) options are: -I, -d, -s, -m, -h, -t, -p, -v, -g, -u, -n Dumpwin: • Maps the full executable path of the file • Syntax: dWhich filename [.ext] [.ext] extension of the file is optional and applicable with .bat, .btm, .cmd, .com, or .exe file extensions dWhich:
  • 69. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot: Dumpwin, dWhich dWhich Dumpwin
  • 70. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Efsdump, Efsview http://technet.microsoft.com/ • Lists users that can access encrypted file • Accepts wildcards to get encrypted program • Syntax: efsdump [-s] <file or directory> -S Recurse subdirectories Efsdump: • Shows users having decryption or recovery keys for encrypted directories or files • Syntax: efsview <filename> Efsview:
  • 71. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot: Efsdump, Efsview Efsdump Efsview
  • 72. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Eldump http://www.ibt.ku.dk/ • eldump [options] Syntax: • -f filename in which dump text is written • -s server for which to dump the eventlog • -l log name to be dumped like system, applications • -t tab separated output Options: Eldump tool dumps the contents of a NT event log Dumping is made as text
  • 73. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot: Eldump
  • 74. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Enum, Eval http://sourceforge.net/ • Enumerates information with help of null sessions • Retrieves user, machine and share lists,name lists, group and member lists, password, and LSA policy • Syntax: enum <-UMNSPGLdc> <-u username> <-p password><-f dictfile> <hostname|ip> -u get user list -m get machine list -s get share list -p get password policy information Enum: • Quickly evaluates mathematical expressions • Syntax: eval expression expression valid math equation with parenthesis precedence Eval:
  • 75. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshots: Enum, Eval Enum Eval
  • 76. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Ethernetchange http://www.aecom.yu.edu/ Ethernetchange alters the Ethernet address of the network adapters in Windows • etherchange Syntax:
  • 77. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Eventsave http://www.heysoft.de/ Eventsave tool saves and clears event logs into files Syntax: EventSave [Path][/CRemoteMachine|/A][-ANSI][/Mn] Path Location of files /c Save logs on remote machine Remote Machine Save log of the remote machine /A Saves event logs of all the NT machines ANSI ANSI character set /Mn Size of the target file in MB
  • 78. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Filecase, Fileupload • Renames directory/ file to uppercase or lowercase • Syntax: filecase [/s][/h][/p][/q][/d][/l|/u]filespec.. Filecase: /s Processes subdirectories /h Process hidden files/directories /q Quiet mode /p Prompts for each file/directory to be renamed (Yes/No/All/Quit) /d Renames directories and files /l Convert to lowercase /u Convert to uppercase • Uploads file to a Web or a FTP server • Syntax: upload [path]file.ext><url>[<login>][<password>][/passive][/validate][ /post][/proxy][/delete][/noappend][/quiet] [path]file.ext name of the file to upload url destination url Login and password for authentication FileUpload: [path]file.ext name of the file to upload url destination url Login and password for authentication
  • 79. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot : Filecase, FileUpload Filecase FileUpload
  • 80. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ForceDisconnect, Format144 • Forcefully disconnects network volumes irrespective of open files • Syntax: forcedisconnect ForceDisconnect: • Formats 1.44 MB floppy diskette • Syntax: format144 Format144:
  • 81. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot : ForceDisconnect, Format144 Format144 Force Disconnect
  • 82. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Fpipe http://www.secureroot.com/ Fpipe redirects source port and generates TCP or UDP stream Syntax: FPipe [-hvu?] [-lrs <port>] [-i IP] IP -?/-h - Shows this help text -i - Listening interface IP address -l - Listening port number -r - Remote port number -u - UDP mode -s - Outbound source port number -v - Verbose mode -c - Maximum TCP connections
  • 83. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Fport http://www.foundstone.com/ Fport lists all open TCP/IP and UDP ports and maps them to the owning application Syntax: fport
  • 84. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Fsum http://www.slavasoft.com/ Fsum generates and verifies file checksum calculations Syntax: fsum.exe [<OPTIONS>] [<FILES>] -c Checksum against given list -d Set working directory -jf Prints failed lines -jm Use MD5 format -js Use SFV format
  • 85. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited GetLocale, Global • Maps locale and code page information of the system • Syntax: getlocale [ <options> ] GetLocale: none Get complete LCID /user = Get user language setting /pri Get primary language ID /sub = Get only sublanguage ID /cp Get output codepage number /1024 = Multiply sublanguage ID by 1024 • Recursively calls any utility or program • Syntax: global [/h] [/p] [/q] [/i] command [args ...] Global: /h Process hidden/system directories /p Prompt for each directory to be processed (Yes/No/All/Quit) /q Quiet mode. Does not display each directory name before processed /i Ignore exit codes. Default is to exit if command returns non-zero
  • 86. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot: GetLocale, Global GetLocale Global
  • 87. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited GNU Httptunnel http://www.nocrew.org/ GNU Httptunnel is used to create bidirectional virtual data path tunneled in HTTP requests The requests can be sent via an HTTP proxy if required It can be used to bypass firewalls
  • 88. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Gplist, Gsar • Describes about applied group policies • Syntax: gplist Gplist: • Performs general search and replace on files • Syntax: gsar [options] [infile(s)] [outfile] Gsar: Options: -s<string> Search string -i Ignores cases -r[string] Replace string -o Overwrite existing input file
  • 89. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot : Gplist, Gsar Gplist Gsar
  • 90. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Guid2obj http://support.microsoft.com/ Guid2obj alters GUID to a distinguished name Syntax: guid2obj [{]Guid[}] [/server:ServerName] [/site[:SiteName]] [/?] [{]Guid[}] specifies a GUID, optionally with surrounding braces /server:ServerName binds to the server ServerName /site[:SiteName] binds to a domain controller on the site SiteName /? Help screen
  • 91. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Handle http://support.microsoft.com/ • Maps process handle information • Syntax: handle [[-a][-u]|[- c<handle>]|[-s]][- <processname>|<pid>][name] Handle: -a Dumps handle information -c Closes the handle -s Print count of open handles -u Show user name -p Scan named processes -name Search for object with a particular name
  • 92. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 3Scan http://sourceforge.net/ 3Scan detector for open HTTP/CONNECT/SOCKS4/FTP/Telnet proxy Checks accessibility of given HTTP or SMTP server via given proxy Does not scan port and IP ranges
  • 93. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited AGREP http://www.tgries.de/ AGREP searches the input filenames for records containing strings which either exactly or approximately match a pattern Each record found is copied to the standard output Approximate matching allows locating records that consist of patterns with several errors including substitutions, insertions, and deletions
  • 94. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Aircrack http://aircrack-ng.org/ Aircrack is an 802.11 WEP key cracker Implements Fluhrer – Mantin – Shamir attacks Instantly recovers the WEP key when sufficient encrypted packets have been obtained
  • 95. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ARPFlash http://osflash.org/ ARPFlash is a pcap-based network discovery tool Utilizes ARP messages to identify live hosts within a given IP-range Does not require administrative privileges for operations
  • 96. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ASPNetUserPass http://www.nirsoft.net/ ASPNetUserPass tool displays the password of the ASPNet user on the computer When the user runs the file in command prompt, it simply displays the password of ASPNet user if it is stored on the system
  • 97. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited AtNow http://www.nirsoft.net/ AtNow schedules programs and commands to execute in the near feature The commands are executed within 70 seconds or less from the moments it is executed, by default Syntax: C:/>atnow [ComputerName] [Delay] [/interactive] “command” [Parameters]
  • 98. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BBIE http://www.nu2.nu/ Bart’s Boot Image Extractor (BBIE) tool extracts all boot images from a bootable CD-ROM or ISO image file Follows El Torito Bootable CD-ROM Format Specification v1.0
  • 99. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BFI http://www.nu2.nu/ Builds Floppy Image(BFI) tool builds FAT floppy images Programmed to be used on bootable CD-ROMs Supported floppy sizes vary from 720 KB to 2.88 MB
  • 100. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Renamer http://www.den4b.com/ Renamer performs mass renaming of files based on a UNIX-style regular expression Syntax: Bkren [-s] “searchexpression” “replaceexpression”
  • 101. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BootPart http://www.winimage.com/ BootPart adds additional partitions to the Windows NT multi boot menu Compatible with Windows NT/2000/XP Requires administrative privileges User can also add an OS/2 multiboot or a Linux partition
  • 102. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BuiltIn Account Manager http://www.optimumx.com/ BuiltIn Account Manager displays or manages the built-in administrator or guest account without knowing the user account name Requires administrative privileges
  • 103. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited bzip2 http://www.bzip.org/ bzip2 is a command line Data compressor and open source tool Runs on any 32 or 64-bit machine with an ANSI C compiler
  • 104. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited T4eWebPing http://www.tools4ever.com/ T4eWebPing command line application is a MonitorMagic plugin to gather iNtra/Internet script performance data It can be used to 'ping' a web-page
  • 105. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited T4eSQL http://www.tools4ever.com/ T4eSQL command line tool reads the entire command line and query information from text files, which enables large command structures and queries
  • 106. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited T4eDirSize http://www.tools4ever.com/ T4eDirSize gets the free and used space of any directory or share It can be used to enable share monitoring free space and file statistics
  • 107. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited T4ePortPing http://www.tools4ever.com/ T4ePortPing can be used to 'ping' a specific port on any TCP/IP host Use T4ePortPing as a standard plugin, or in own scripts to see which ports are open in clients or servers
  • 108. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited T4eRexec http://www.tools4ever.com/ T4eRexec accepts a password as input and can therefore run in unattended mode It is used to execute remotely a command on computer running an operating system that supports the standard Rexec protocol
  • 109. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Forfiles http://technet.microsoft.com/ Forfiles selects files in a folder or tree for batch processing • forfiles [/p Path] [/m SearchMask] [/s] [/c Command] [/d[{+ | -}] [{MM/DD/YYYY | DD}]] Syntax:
  • 110. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Exe2bin http://technet.microsoft.com/ Exe2bin converts executable (.exe) files to binary format •exe2bin[drive1:][path1]InputFile [[drive2:][path2]OutputFile] Syntax:
  • 111. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary IpSecScan scans single IP address or range of IP address for systems which are IPSec enabled MacMatch searches and identifies files that are last updated, accessed or created chkdsk command lists and corrects errors on the disk Nslookup will display the information that you can use to diagnose Domain Name System (DNS) infrastructure
  • 112. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 113. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited