Intrusion Discovery Cheat Sheet V2.0 Windows Xp Pro / 2003 Server / Vista

ADVERTISEMENT

Windows
WMIC
Reg Command
Command Line
Adding Keys and Values:
Fundamental grammar:
Cheat Sheet
C:\> reg add
C:\> wmic [alias] [where clause] [verb
[\\TargetIPaddr\][RegDomain]\[Key]
clause]
By Ed Skoudis
POCKET REFERENCE GUIDE
Add a key to the registry on machine
Useful [aliases]:
[TargetIPaddr] within the registry domain
process
service
[RegDomain] to location [Key]. If no remote
share
nicconfig
startup
useraccount
Purpose
machine is specified, the current machine is
qfe (Quick Fix Engineering – shows patches)
assumed.
The purpose of this cheat sheet is to provide
tips on how to use various Windows
Example [where clauses]:
Export and Import:
command that are frequently referenced in
C:\> reg export [RegDomain]\[Key]
where name="nc.exe"
SANS 504, 517, 531, and 560.
[FileName]
where (commandline like "%stuff")
where (name="cmd.exe" and
Process and Service Information
parentprocessid!="[pid]")
Export all subkeys and values located in the domain
[RegDomain] under the location [Key] to the file
List all processes currently running:
Example [verb clauses]:
[FileName]
C:\> tasklist
list [full|brief]
C:\> reg import [FileName]
get [attrib1,attrib2…]
List all processes currently running and the DLLs
call [method]
each has loaded:
delete
Import all registry entries from the file [FileName]
C:\> tasklist /m
List all attributes of [alias]:
Import and export can only be done from or to the
Lists all processes currently running which have the
C:\> wmic [alias] get /?
local machine.
specified [dll] loaded:
C:\> tasklist /m [dll]
List all callable methods of [alias]:
Query for a specific Value of a Key:
C:\> reg query
C:\> wmic [alias] call /?
List all processes currently running and the services
[\\TargetIPaddr\][RegDomain]\[Key] /v
hosted in those processes:
[ValueName]
Example:
C:\> tasklist /svc
List all attributes of all running processes:
Query a key on machine [TargetIPaddr] within
C:\> wmic process list full
Query brief status of all services:
the registry domain [RegDomain] in location
C:\> sc query
Make WMIC effect remote [TargetIPaddr]:
[Key] and get the specific value [ValueName]
C:\> wmic /node:[TargetIPaddr]
Query the configuration of a specific service:
under that key. Add /s to recurse all values.
/user:[User] /password:[Passwd] process
C:\> sc qc [ServiceName]
list full

ADVERTISEMENT

00 votes

Related Articles

Top 20 Happy Easter Cards And Gift Tags To Download For Free
Top Ten Easter Arts And Crafts Activities For Your Kids
Free Easter Coloring Pages And Easter Printables For Your Kids

Related forms

Intrusion Discovery Cheat Sheet V2.0 Windows Xp Pro / 2003 Server / Vista Intrusion Discovery Cheat Sheet V2.0 Windows Xp Pro / 2003 Server / Vista Education
Linux Cheat Sheet- Cygwin On Windows Commands Linux Cheat Sheet- Cygwin On Windows Commands Education
Scala Cheat Sheet V.0.1 Scala Cheat Sheet V.0.1 Education
Jquery 1.2 Cheat Sheet V1.0 Jquery 1.2 Cheat Sheet V1.0 Education
Nmap Cheat Sheet V1.0 Nmap Cheat Sheet V1.0 Education
.htaccess Cheat Sheet V1.0 .htaccess Cheat Sheet V1.0 Education
Windows Excel Keyboard Shortcuts Cheat Sheet Windows Excel Keyboard Shortcuts Cheat Sheet Education
Windows 8 Cheat Sheet Windows 8 Cheat Sheet Education
Windows 8 Cheat Sheet Windows 8 Cheat Sheet Education
Cheat Sheet - Subnetting Cheat Sheet - Subnetting Education

Related Categories

Parent category: Education
Download
Go
Page of 2