Often when I teach classes where students attain shell access to a Windows target, students ask "now what?" I found the blog post Command-Line Kung Fu by SynJunkie to be a great overview of common tasks using tools available within cmd.exe. It's nothing new, but I thought the author did a good job outlining the options and showing what they look like in his lab.
Wednesday, October 22, 2008
What To Do on Windows
Often when I teach classes where students attain shell access to a Windows target, students ask "now what?" I found the blog post Command-Line Kung Fu by SynJunkie to be a great overview of common tasks using tools available within cmd.exe. It's nothing new, but I thought the author did a good job outlining the options and showing what they look like in his lab.
Subscribe to:
Post Comments (Atom)
5 comments:
Ed Skoudis did a webcast on command line ninjutsu. It is nicely outlined here:
http://carnal0wnage.blogspot.com/2008/02/penetration-testing-ninjitsu-with-ed.html
Also be sure to review his post on WMIC:
http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
If you don't find what you're looking for in any of the links above, you can always get a copy of "Microsoft® Windows® Command-Line Administrator's Pocket Consultant (Pro - Administrator's PC) (Paperback)" - http://www.amazon.com/Microsoft%C2%AE-Windows%C2%AE-Command-Line-Administrators-Consultant/dp/0735620385
I agree with -epy()nx, Ed's webcasts are fantastic for anyone interested in what can be acheived from the command-line. My posts are nothing too origional, whereas Ed's webcasts are just that.
Interestingly enough, I've seen these commands used in intrusions, most notably a SQL injection incident I responded to over a year ago...
Post a Comment