Tuesday, January 17, 2006

Windows XP CLI Commands

auditpol.exe: manage the system audits logs (net fuctions)
AuditPol [\\computer] [/enable | /disable] [/help | /?] [/Category:Opti

/Enable = Enable audit (default).

/Disable = Disable audit.

Category = System : System events
Logon : Logon/Logoff events
Object : Object access
Privilege : Use of privileges
Process : Process tracking
Policy : Security policy changes
Sam : SAM changes
Directory : Directory access
Account : Account logon events

Option = Success : Audit success events
Failure : Audit failure events
All : Audit success and failure events
None : Do not audit these events

Samples are as follows:

AUDITPOL \\MyComputer
AUDITPOL \\MyComputer /enable /system:all /object:failure
AUDITPOL \\MyComputer /disable
AUDITPOL /logon:failure /system:all /sam:success /privilege:none

AUDITPOL /HELP | MORE displays Help one screen at a time.


clearlogs.exe :del aplicatios/security/system logs (net fuctions)
ClearLogs 1.0 - © 2002, Arne Vidstrom (arne.vidstrom@ntsecurity.nu)
- http://ntsecurity.nu/toolbox/clearlogs/

Usage: clearlogs [\\computername] <-app / -sec / -sys>

-app = application log
-sec = security log
-sys = system log
fport.exe like netstat but show the aplication who open the ports
ClearLogs 1.0 - © 2002, Arne Vidstrom (arne.vidstrom@ntsecurity.nu)
- http://ntsecurity.nu/toolbox/clearlogs/

Usage: clearlogs [\\computername] <-app / -sec / -sys>

-app = application log
-sec = security log
-sys = system log

mnger.exe
Usage: mnger.exe -s[lvdsSp]p[kwl[v]]ri [arguments]

-sl * List all services.
-sv * View service configuration details.
-sd * Delete a service.
-ss * Stops a service.
-sS * Start a service.
-sp * Pause a service.
-si * Install a new service.
-sm * modify service configuration.
-pl [PID|process] * List [All] Running proccesses.
-plv [PID|process] * List verbose information about [All] Running processes.
-pk * Kill a process.
-pw * Shows Process owner (whoami).
-r * Spawns a shell in the remote Host(nc listening in the

other side)
-i * System Information


tlist.exe
Microsoft ® Windows NT ™ Version 5.1 TLIST
Copyright © Microsoft Corporation. All rights reserved.

usage: TLIST <<-m > | <-t> | | | <-p >>

| <-k> | <-s>
[options]:
-t
Print Task Tree

List module information for this task.

The pattern can be a complete task
name or a regular expression pattern
to use as a match. Tlist matches the
supplied pattern against the task names
and the window titles.
-c
Show command lines for each process
-e
Show session IDs for each process
-k
Show MTS packages active in each process.
-m
Lists all tasks that have DLL modules loaded
in them that match the given pattern name
-s
Show services active in each process.
-p
Returns the PID of the process specified or -1
if the specified process doesn't exist. If there
are multiple instances of the process running only
the instance with the first PID value is returned.
-v
Show all process information

Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?