Tag Archives: windows

Windows: List all users who are currently logged on

February 21, 2015 Michael Albert Leave a comment

Hi,

if you want to list all Users which are currently logged on to the box use the query command.

List all sessions


c:\> query session
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
 console                                     1  Conn
>rdp-tcp#0         user1                     2  Active  rdpwd
 rdp-tcp                                 65536  Listen

Or list all users


c:\> query user
 USERNAME              SESSIONNAME        ID  STATE   IDLE TIME  LOGON TIME
>user1                 rdp-tcp#0           2  Active          .  21.02.2015 19:42

You can also list the processes of the user


c:\> query process
 USERNAME              SESSIONNAME         ID    PID  IMAGE
>user1                 rdp-tcp#0            2   6076  taskhost.exe
>user1                 rdp-tcp#0            2   6592  rdpclip.exe
>user1                 rdp-tcp#0            2   4840  dwm.exe
>user1                 rdp-tcp#0            2   4680  explorer.exe
>user1                 rdp-tcp#0            2   7092  vmtoolsd.exe
....

Michael

Security, Windows knowhow, Windows Scripts

Windows: Initate a kernel memory dump

February 18, 2015 Michael Albert Leave a comment

Hi,

for deeper inspection of Windows it is sometimes necessary to get a memory dump of the machine to analyse these output with tools like volatility .

There are several ways to provoke windows to write a dump.
Continue reading Windows: Initate a kernel memory dump →

Security, Windows knowhow

Windows: Recover lost passwords from memory

February 11, 2015 Michael Albert 2 Comments

Hi,

if a User is logged on and forget it’s password you can dump to lsa process and recover the password from a dump file.

Two tools are needed:

Microsoft’s sysinternals procdump
mimikatz. A tool to play with windows security. Take care when download precompiled binaries. Better get the source code from github and compile it yourself. Its very easy

Lets start. Login as a User with administrator permissions and dump the lsass process
Continue reading Windows: Recover lost passwords from memory →

OpenVPN

OpenVPN: Connect to multiple VPNs on Windows

October 21, 2014 Michael Albert 20 Comments

Hi,

on Windows OpenVPN by default installs one TAP network interface. If you want to connect to multiple VPNs simultaneously you need an interface for each VPN.

You can add a additional adapter by a batch file provided by the TAP driver. Open a command prompt with administrative rights and change to the TAP install folder.

c:\> cd "C:\Program Files\TAP-Windows\bin"

and call
Continue reading OpenVPN: Connect to multiple VPNs on Windows →

Windows knowhow

Windows: How to enable IP routing

October 21, 2014 Michael Albert 2 Comments

Hi,

its not recommended, but Windows can act as a IP Router.

To enable routing set

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter to 1:

c:\>reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v IPEnableRouter /D 1 /f

change the startup type of the service “Routing and Remote Access” to auto

sc config RemoteAccess start= auto

and start the service

sc start RemoteAccess

Thats it