SEC435 - 2018/04/18 - Wk. 4 Hands-On Projects

April 18, 2018


Hands-on Project 11-1
Hands-on Project 11-3

Hands-on Project 11-1:

Navigating the Windows File System from the Command Prompt

  • Issuing the dir command

  • Issuing dir /ah to show hidden files

  • Going to the root and then to a folder relative to the root by using a backslash at the beginning of the folder structure.

  • Running dir /p to show the paginated results. This is incredibly helpful in folders like system32 where you'll likely see a lot of results.

  • Changing devices doesn't successfully work since we don't have a secon drive. This is to be expected.

  • Changing back to a suitable folder for creating files and making a directory called TestDocs.

  • Just making directories and changing into them. It shows navigation related to the root and how that impacts our folder.

  • It's hard to show autocompletion since it just looks like I'm typing TestDocs again but tabbing saves time and lives.

  • This is also a real lifesaver. It's not as wild as using exclamation points in Unix but it definitely saves your time and hair.

  • Interestingly, this is what I always forget when working in Windows. Renaming a file has its own command rather than just using a command designed to move a file.

  • Wildcards are another useful way to limit files that are shown in a dir. I always use this before using paginated values since I'm likely able to nail down a little bit about what I'm looking for right away.

  • Every beginning has an end! Our files must go as well.

  • Commands used to create a folder would be:

    mkdir NewFolder
    cd NewFolder
    dir *.doc

Hands-on Project 11-3:

Using Windows Task Manager

  • Here is Task Manager with the notepad.exe process running. This is going to look a bit different than what's in the book but we'll make due.
  • We can kick it over to the Processes tab. This is going to be very similar to running 'More details...' on Windows 10.
  • The different columns give us the ability to sort in a handful of different ways. Here we've sorted by the CPU column.
  • I've also gone ahead and expanded our options to include the CPU time measure.
  • And this can be expanded pretty widely. Here's the command line option that shows what invopked the service.
  • Following the svchost.exe process that was invoked with LocalSystemNetworkRestricted leads us to the following service.
  • Following DHCP back to processes will show us a svchost.exe invocation with the LocalServiceNetworkRestricted argument. This teaches us a bit about how services are managed in Windows.
  • The holy grail of monitoring if you're living off the land in a Windows installation is here, the performance tab. This shows the resource usage of your system. I was in here all of the time when I was repairing Windows boxes.
  • I'd show you the killed process but it'd just be a blank window. :)
  • CPU usage is how much of the CPU is being used by your process in a percentage figure while Time is showing how long the process has been running. This can be important in showing how long a process has been queued up for jobs at the processor.