Windows Command-Line Kung Fu (2): challenges
My first post in this Blog was about the Windows WMI capabilities (specifically, the WMIC tool). The last post for this year covers the same topic: Wouldn't be terrific to have a single tool capable of helping with all the incident handling (IH) and security-related daily tasks? It seems 2006 has been the year of WMIC (I agree there is some hype in this comment ;-)).
The goal of this post is to provide a couple of challenges for you to solve during Christmas.
The rules are easy: briefly explain the steps you take to solve them and focus on using WMIC only (if possible). If you are interested, submit your solutions to radajo@gmail.com till January, the 12th. The results will be published, together with the names of those sending the best answers, the 15th of January, 2007. This is a beta challenge to promote IH and WMIC and to warm-up for future serious challenges (with prizes) RaDaJo plans to publish in 2007.
TIP: If you are interested in participating, I recommend you to review the references on my original WMIC post and some other Ed's tips & tricks.
Challenge 1:
What Windows WMIC command would help you to identify what systems in your Windows domain are vulnerable to a DHCP security flaw published by Microsoft on July, 2006?
Challenge 2:
Imagine you have identified strange TCP network traffic going to destination port 17503 on one of your Windows XP boxes. Imagine you experience a Déjà vu, and as a result, the only additional thing you know is that the traffic is going to a Windows service inside the box. What steps would you take (having WMIC handy) to discover what is the service that is getting this TCP traffic?
I hope you enjoy and learn from these challenges.
Merry Christmas and Happy New Year! All the best for 2007!
The goal of this post is to provide a couple of challenges for you to solve during Christmas.
The rules are easy: briefly explain the steps you take to solve them and focus on using WMIC only (if possible). If you are interested, submit your solutions to radajo@gmail.com till January, the 12th. The results will be published, together with the names of those sending the best answers, the 15th of January, 2007. This is a beta challenge to promote IH and WMIC and to warm-up for future serious challenges (with prizes) RaDaJo plans to publish in 2007.
TIP: If you are interested in participating, I recommend you to review the references on my original WMIC post and some other Ed's tips & tricks.
Challenge 1:
What Windows WMIC command would help you to identify what systems in your Windows domain are vulnerable to a DHCP security flaw published by Microsoft on July, 2006?
Challenge 2:
Imagine you have identified strange TCP network traffic going to destination port 17503 on one of your Windows XP boxes. Imagine you experience a Déjà vu, and as a result, the only additional thing you know is that the traffic is going to a Windows service inside the box. What steps would you take (having WMIC handy) to discover what is the service that is getting this TCP traffic?
I hope you enjoy and learn from these challenges.
Merry Christmas and Happy New Year! All the best for 2007!
0 Comments:
Post a Comment
<< Home