What To Do on Windows

Often when I teach classes where students attain shell access to a Windows target, students ask "now what?" I found the blog post Command-Line Kung Fu by SynJunkie to be a great overview of common tasks using tools available within cmd.exe. It's nothing new, but I thought the author did a good job outlining the options and showing what they look like in his lab.

Comments

Anonymous said…
Ed Skoudis did a webcast on command line ninjutsu. It is nicely outlined here:

http://carnal0wnage.blogspot.com/2008/02/penetration-testing-ninjitsu-with-ed.html
Scott Burch said…
Also be sure to review his post on WMIC:

http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
Anonymous said…
If you don't find what you're looking for in any of the links above, you can always get a copy of "Microsoft® Windows® Command-Line Administrator's Pocket Consultant (Pro - Administrator's PC) (Paperback)" - http://www.amazon.com/Microsoft%C2%AE-Windows%C2%AE-Command-Line-Administrators-Consultant/dp/0735620385
SynJunkie said…
I agree with -epy()nx, Ed's webcasts are fantastic for anyone interested in what can be acheived from the command-line. My posts are nothing too origional, whereas Ed's webcasts are just that.
H. Carvey said…
Interestingly enough, I've seen these commands used in intrusions, most notably a SQL injection incident I responded to over a year ago...

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics