 |
||||
|
|
|||
|
||||
The following Windows command-line tools can be a big help. Hardly a day passes that I'm not using several of them. To get rolling, simply click Start/Run, run cmd.exe, and you're ready to start entering these commands:
| Command tool | How to use this command for security |
| dir | dir /od to find the most recently modified files on the hard drive |
| ping | ping -a and ping –t to determine hostnames and whether or not the host is alive |
| tracert | tracert –d for determining how your system is communicating with a remote host |
| find | dir c:\ /s /b | find "SSN" to search your local hard drive for sensitive text such as "SSN" |
| findstr | findstr /s /i confidential *.* to search the current directory and all subdirectories for sensitive text such as "confidential" |
| nslookup | nslookup –type=ANY domain_name to display all DNS records for a specific domain |
| nbtstat | nbtstat –A remote_host_IP_address to display a remote system's NetBIOS name table, computer name, domain name, MAC address and possibly the currently logged on user |
| net |
|
| netsh | netsh interface ip set address name="Local Area Connection" static ip_address network_mask default_gateway for quickly setting a static IP address on your default network interface netsh interface ip set address "Local Area Connection" dhcp for quickly obtaining IP configuration information via DHCP |
| netstat | netstat –a –o to determine TCP and UDP connections currently in use along with the process ID that owns each connection. Use to find out which application is talking to whom |
| sc | sc stop service_name to stop a Windows service sc start service_name to start a Windows service |
| taskkill | taskkill /pid and taskkill /im for killing hung processes, such as a security scanner that you've maxed out or potential malware loaded in memory |
| tasklist | tasklist /svc shows services associated with each Windows process tasklist /n dll_name shows all processes using a specified DLL tasklist /fi /m "imagename eq process" shows the DLLs loaded into the specified Windows process |
| wmic | Windows Management Interface Command-line (WMIC), literally an entire control system in and of itself, allows you to control both local and remote systems. Commands of interest for security include:
|
Give these a spin. They're quick and dirty and may be just what you need to get the job done and to take some of the pain out of day-to-day security administration.
About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has nearly two decades of experience in IT and specializes in performing information security assessments regarding compliance and risk management. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as (Auerbach). He's also the creator of the Security On Wheels providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.
This was first published in June 2007
Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation