Secret Windows command line tools can boost security

The following Windows command-line tools can be a big help. Hardly a day passes that I'm not using several of them. To get rolling, simply click Start/Run, run cmd.exe, and you're ready to start entering these commands:

Command toolHow to use this command for security
dir dir /od to find the most recently modified files on the hard drive
ping ping -a and ping –t to determine hostnames and whether or not the host is alive
tracerttracert –d for determining how your system is communicating with a remote host
finddir c:\ /s /b | find "SSN" to search your local hard drive for sensitive text such as "SSN"
findstrfindstr /s /i confidential *.* to search the current directory and all subdirectories for sensitive text such as "confidential"
nslookupnslookup –type=ANY domain_name to display all DNS records for a specific domain
nbtstatnbtstat –A remote_host_IP_address to display a remote system's NetBIOS name table, computer name, domain name, MAC address and possibly the currently logged on user
net

1. net view hostname to display shares on a remote system
2. net accounts to display local user account policies for passwords, etc.
3. net share to display local shares
4. net user to display local user names.

/...

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information:

Email Address:

By joining SearchEnterpriseDesktop.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

To read more you must become a member of SearchEnterpriseDesktop.com

As an existing member of the TechTarget network please activate your SearchEnterpriseDesktop.com account 

By joining SearchEnterpriseDesktop.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Endpoint security management tools MDOP for Windows 7 available now Microsoft's Online Desktop Manager caters to small IT shops Monitoring user activity with network analyzers Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Top 5 registry keys for Windows XP Microsoft releases WSUS 3 SP2 with Win 7, R2 support Using System Center Essentials as a patch management tool Troubleshooting Microsoft WSUS connectivity issues Windows desktop security tips Underlying causes of inconsistent patch management Monitoring user activity with network analyzers Microsoft's Patch Tuesday brings a bumper crop of security fixes Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Top 5 registry keys for Windows XP Secure Windows XP before a Windows 7 upgrade Nine common password oversights to avoid Secure your Windows systems with proper password practices

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary system tray  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

add switch and a username and password, you can add users to the local system (works great once you've obtained a remote command prompt using Metasploit during your security testing!)
netshnetsh interface ip set address name="Local Area Connection" static ip_address network_mask default_gateway for quickly setting a static IP address on your default network interface
netsh interface ip set address "Local Area Connection" dhcp for quickly obtaining IP configuration information via DHCP
netstatnetstat –a –o to determine TCP and UDP connections currently in use along with the process ID that owns each connection. Use to find out which application is talking to whom
scsc stop service_name to stop a Windows service
sc start service_name to start a Windows service
taskkilltaskkill /pid and taskkill /im for killing hung processes, such as a security scanner that you've maxed out or potential malware loaded in memory
tasklisttasklist /svc shows services associated with each Windows process
tasklist /n dll_name shows all processes using a specified DLL
tasklist /fi /m "imagename eq process" shows the DLLs loaded into the specified Windows process
wmicWindows Management Interface Command-line (WMIC), literally an entire control system in and of itself, allows you to control both local and remote systems. Commands of interest for security include:

1. wmic /output:c:\temp\stuff.html process list /format:htable for displaying all currently running processes in an HTML table
2. wmic /record:c:\temp\investigate.xml process list full for recording your commands. Write them to a file for an investigative trail that includes the date, time, user name, command entered and output of the command.
3. wmic useraccount list full for displaying a list of users on the local machine
4. wmic /user:userID /password:password /node:hostname share list full for displaying a list of shares on the remote machine (administrator access required)
5. wmic qfe list full for displaying a list of patches and service packs installed on the local machine

Give these a spin. They're quick and dirty and may be just what you need to get the job done and to take some of the pain out of day-to-day security administration.

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has nearly two decades of experience in IT and specializes in performing information security assessments regarding compliance and risk management. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as (Auerbach). He's also the creator of the Security On Wheels providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.