This morning I’m in San Diego giving a talk on how to work more effectively at the Window’s command line. Here’s a PDF version of the presentation for anyone that is interested:
Posts Tagged ‘windows shortcuts’
Ubergeek Your Laptop For SANS Labs
September 17th, 2009Leveraging the Windows “runas” command
July 28th, 2009Sometimes we can be our own worst enemy. I’ve written a bit about Malware and how infection rates are through the roof. If you look at the one thing you can do to make a Malware author’s life easier, its logon to your Windows system as an Administrator equivalent.
This problem was solved long ago on UNIX and Linux systems via tools like su and sudo. You used to have an excuse for running Admin equivalent on Windows. Microsoft made it extremely difficult to perform IT functions unless you were a high level account. This problem was resolved years ago with the runas command however, so its time we took control of this potential security hole.
Why is it important to use runas
When you are logged on as an Administrator equivalent, you have full god/goddess rights to the local system, and possibly the whole network. This means that your credentials are capable of doing anything. If a Malware author drops something nasty on your system, they have the same level of access that you do. Administrators used to mitigate this threat by being careful about what they clicked on. Today however Malware can come at you through trusted sites. By running with a lower level of permissions, you can help reduce the magnitude of a Malware attack.
What does runas do for me?
When you execute the runas command, only applications running beneath it have high level permissions. So for example let’s say we leverage runas to launch the User Manager. The User Manager application will have Administrator level privileges but the rest of our system environment will not. If User Manager is open when an attacker delivers nasty Malware via your browser, the Malware will be constrained to the level of access granted by your regular user account because the browser is still running with lower level permissions.
Using runas via the GUI
One of the simplest ways to leverage the runas command is via shortcuts. In my last post I gave a list of common Windows administrator tools. Simply create a shortcut on your desktop for each tool you need to use. When you need to run the tool, right click the icon and select “Run as…” from the pop up menu (it should be the second option). This will produce the window shown in Figure #1. Simply supply the credential for your high level account and the tool will launch as it normally does.
Note that in Figure #1 I’m logging on as Administrator. In an ideal world, each admin will have a dedicated administrator account (like cbrenton-admin or similar). This will make it much easier to create a proper audit trail of changes.
Using runas from the command line
Along with the GUI interface, you can leverage runas from the command line as well. The simplest solution is to place a command prompt shortcut on your desktop and launch it as specified above. If you already have a command prompt session going, you can leverage the runas command directly. The syntax is:
runas /user:<high level account name> <command we wish to run>
If we wish to generate a new command prompt with high permissions, we can do that too. The syntax is:
runas /user:<high level account name> c:\windows\system32\cmd.exe
This will produce output similar to Figure #2. Note that we have simply leveraged runas to spawn a new command prompt session. Now anything run within this new command prompt will be executed with higher permissions.
Exec Summary
Today there is no excuse for logging into Windows as an administrator equivalent. By leveraging the runas command along with some shortcuts, IT folks can still get the job done while refraining from being their own worst enemy.
Quick Access To Windows Admin Tools
July 28th, 2009In my last post I talked about how using the Windows GUI can at times be cumbersome. If you administer a Windows network, you are frequently leveraging the Windows admin tools. Here are some tips to make that task a bit easier.
List of Tools
Here’s a list of the most commonly used Window’s admin tools as well as the command needed to launch them:
- Add/Remove Programs = appwiz.cpl
- Certificate Manager = certmgr.msc
- Computer Manager = compmgmt.msc
- Control Panel = control.exe
- Copy screen to clipboard = <ctrl><Print Scrn>
- Copy active window to clipboard = <ctrl><alt><Print Scrn>
- Device Manager = devmgmt.msc
- Event Viewer = eventvwr.msc
- File Explorer = explorer.exe
- File Signature Verification = sigverif.exe
- Group Policy Editor = gpedit.msc
- MS Management Console = mmc
- Network Properties = control netconnections
- Performance Monitor = perfmon.msc
- Registry Editor = regedt32.exe
- Security Center = wscui.cpl
- User Manager = lusrmgr.msc
- Security Policy Editor = secpol.msc
- Services Screen = services.msc
- Solitaire = sol.exe
- System Config Utility = msconfig.exe
- Task Manager = taskmgr.exe
- Task Manager = <ctrl><shift><esc>
- Task Scheduler = control schedtasks
- User Manager = lusrmgr.msc
Quick Launch Options
Here are some tips for making each of the above easily accessible:
- Click Start –> Run then type in the command listed above
- Press <Windows key><r> then type in the command listed above
- Create a desktop shortcut
- Create a taskbar shortcut
- Create a single program group so everything is in one place
Helpful Shortcuts For The Windows IP Geek
July 25th, 2009Many of us do testing with our Windows systems which inevitably require us to change firewall settings and IP info. While Windows has given us a pretty GUI for performing these tasks, it can be cumbersome to navigate the menu options. In this post I’ll show you how creating a few icons can help you take better control of this problem.
Dealing with the Windows firewall
One of the common tasks I need to perform is disabling and enabling the Windows firewall. I sometimes need to shut it off for testing, but of course want it turned back on again if I’m connected to a potentially hostile network. This introduces the additional problem that I can never remember if I had it turned on or off the last time the system was booted.
Disabling the Windows firewall
Open up a text editor and create a file named disable-firewall.bat. Type the following line into the file:
netsh firewall set opmode disable
Now save the file and create a desktop shortcut that points to it. Whenever you double click the icon, the Windows firewall will shut down.
Enabling the Windows firewall
Open up a text editor and create a file named enable-firewall.bat. The file will contain only a single line:
netsh firewall set opmode enable
Now save the file and create a desktop shortcut that points to it. Whenever you double click the icon, the Windows firewall will turn on.
Checking the Windows firewall status
Open up a text editor and create a file named fw-status.bat. Type the following three lines into the file:
netsh firewall show state
pause
exit
Now save the file and create two shortcuts pointing to it. One on the desktop and one in your startup group. When your system first boots up, a command prompt will open showing the current state of the Windows firewall. It will then pause on the screen until you press a key. Anytime you need to check the current status, simply double click the shortcut you placed on the desktop.
Dealing with IP settings
If every network used DHCP, dealing with IP would be much easier. When we work in a lab however, we typically have to manually configure IP for communications. Obviously we can use the GUI for this, but its easy to streamline the process with a couple of shortcuts.
Manually setting a wired IP address
For the purpose of this exercise I’ll assume the IP address you want to assign is 192.168.1.10. Change this IP address as needed.
Open up a text editor and create a file named 192-168-1-10.bat. The file will contain only a single line:
netsh interface ip set address local static 192.168.1.10 255.255.255.0
Now save the file and create a desktop shortcut that points to it. When ever you double click the icon, the IP address on your wired interface will be changed.
Adding a default gateway
If there is a default gateway you need to specify, we can do that as well. Assuming the gateway is at 192.168.1.1, we would change the above command to read:
netsh interface ip set address local static 192.168.1.10 255.255.255.0 192.168.1.1 1
Specifying a DNS server
If you need to specify DNS servers, we’ll need to add a few extra lines to the batch file. Let’s build on the last example and assume we have two DNS servers, one at 10.1.1.1 and another at 172.30.1.10. In this case our batch file would contain the following:
netsh interface ip set address local static 192.168.1.10 255.255.255.0 192.168.1.1 1
netsh interface ip set dns local static 10.1.1.1
netsh interface ip set dns local static 172.30.1.10
Reverting back to DHCP
Open up a text editor and create a file named reset-dhcp.bat. The file will contain only a single line:
netsh interface ip set address local dhcp
Now save the file and create a desktop shortcut that points to it. When ever you double click the icon, Windows will look to a local DHCP server for the IP info it will use.
What if I use multiple IP addresses?
The above example works great provided you consistently use the same IP address. What if you need a bit more flexibility to change it on the fly? Luckily we can handle that problem through the use of variables.
Open up a text editor and create a file named varip.bat. The file will contain only a single line:
netsh interface ip set address local static %1 255.255.255.0
Now save the file to a directory in your path statement. The Windows directory itself is usually a good last ditch option. If you don’t know which directories are in your path, simply open a command prompt and type the command “path”. This will produce a semi-colon ( ; ) separated list of all directories in your path. This tip will not work if the file is not saved to a directory in your path statement.
Whenever you need to set your IP address simply click Start–> Run and type in:
varip 192.168.50.25
or what ever IP address you wish to use. If you commonly need to change the subnet mask, change the command to read:
netsh interface ip set address local static %1 %2
Now when you click Start–> Run you would type:
varip 192.168.50.25 255.255.255.128
or whatever IP address/subnet mask combination you wish to use.
Exec Summary
While the Windows GUI is relatively easy to navigate, it can be cumbersome for common tasks like changing IP address or firewall settings. This can easily be rectified by creating a few batch files and placing shortcuts to them on the desktop.
