I almost didn’t write this tip. If you have a background in unix, you will understand why command-line tools are so powerful. They can save you a lot of time. One of the biggest problems with administrating a large NT environment, is the lack of command-line tools. Microsoft’s GUI-based tools work well in the miniature but are very burdensome as admin tools for more complex server pools. If you haven’t worked with command-line tools, consider it. Remember such tools support automation which may preserve what little time you have.
Related links:
- ActiveState Perl
Perl for Win32 – highly recommended version of Perl for NT / W2K / XP admin tasks
- Indigo Perl
bundled with Apache web server for developing/test cgi perl scripts
- Perl2Exe
Perl2Exe is a command line utility for converting perl scripts to executable files.
- Carvdawg’s Perl Page
Good examples
- Null.pl
This script performs null session enumeration. Mentioned in Todd Sabin’s (RAZOR Team from BindView) presentation during BlackHat in Feb, ’01.
- Sniffer.pl
This script is used to detect the presence of the WinPcap packet capture device driver. This is intended as an alternative for admins who wish to detect the use of packet sniffers. This is not a complete solution, but many of the available packet sniffer tools (snort, WinDump, Ethereal, and even L0phtCrack3) require the use of the device driver. Administrators can run sniffer.pl from a centralized location, or locally as part of an incident response investigation. Other steps may include locating packet.sys and packet.dll within the file system, or using keytime.pl on the Registry keys to determine when the drivers were installed.
- Rights.pl
displays the rights and privileges a user has on NT/2K systems. In verbose mode, it also displays group membership.
… many more …
- Null.pl
