Windows shell for loop example (read file, run cmd, dump output)

I just retrieved this from Ed Skoudis’s presentation that I just mentioned in my previous post (look it up!)

Windows’ shell scripting is really in the dark, at least for me. I’m constantly looking for new ways of creating smart batch scripts and it really gets to be a pain in the ass to find something useful.

It is therefore a must to store the following one. It will open a file, the delimiter character is fictional, the idea is that you wont really use it - which forces windows not to parse the command using spaces as the default delimiter, the run the command and finally dump the output to a file!

c:\> for /L %i in (1,0,2) do (for /f “delims=^” %j in (commands.txt) do cmd.exe /C %j >> output.txt & del commands.txt) & ping -n 2 127.0.0.1

Goodbye!

Posted in Methodology, Tools on 05/25/2008 09:44 am by Consultant
 

Interesting Webcast by Ed Skoudis

I’m watching the following Webcast by Ed Skoudis which was hosted by Core Security Technologies:

Penetration Testing Ninjitsu Part II: Crouching Netcat, Hidden Vulnerabilities with Ed Skoudis at CORE Security

Ed talks about the importance of being aware of your ISP filtering policies at the time of conducting a pentest, which sounds obvious but then again it’s easy to forget.

He also discusses some techniques for replacing the netcat client in Linux and Windows, and provides examples for creating reverse shells using /dev/tcp and creating port scanners both in linux/windows, among other things.

In my personal opinion, the windows port scanning options are not worth it :) he sure works around the limitations imposed by Windows’ telnet and ftp clients, and I believe he mentions them for a specific case in which you may have no other ways of performing an automated portscan.

You can leave it on and hear him speak while you do something else, won’t be a waste of time.

Posted in Methodology, Tools on 05/25/2008 09:37 am by Consultant
 
   
  • © 2009 penetrationtests.com