legacy-wiki
Remote control
Recovered from the older tannerjc.net wiki snapshot dated January 23, 2016.
commands
python
-
log collecting
-
http://stackoverflow.com/questions/32404/can-i-run-a-python-script-as-a-service-in-windows-how
-
http://www.blog.pythonlibrary.org/2010/07/27/pywin32-getting-windows-event-logs/
-
http://docs.activestate.com/activepython/2.5/pywin32/Windows_NT_Eventlog.html
shells
webservers
winexe
- https://build.opensuse.org/project/show?project=home%3Aahajda%3Awinexe
- https://build.opensuse.org/package/binaries?package=winexeproject=home%3Aahajda%3Awinexerepository=CentOS_CentOS-6
- https://build.opensuse.org/package/binary?arch=x86_64filename=winexe-1.00-2.1.x86_64.rpmpackage=winexeproject=home%3Aahajda%3Awinexerepository=CentOS_CentOS-6
- http://download.opensuse.org/repositories/home:/ahajda:/winexe/CentOS_CentOS-6/x86_64/winexe-1.00-2.1.x86_64.rpm
[root@jtshell winexe]# winexe -U Administrator%tclmeSRS1234 //WIN-U573PINAGA9 'net help'
The syntax of this command is:
NET HELP
command
-or-
NET command /HELP
Commands available are:
NET ACCOUNTS NET HELPMSG NET STATISTICS
NET COMPUTER NET LOCALGROUP NET STOP
NET CONFIG NET PAUSE NET TIME
NET CONTINUE NET SESSION NET USE
NET FILE NET SHARE NET USER
NET GROUP NET START NET VIEW
NET HELP
NET HELP NAMES explains different types of names in NET HELP syntax lines.
NET HELP SERVICES lists some of the services you can start.
NET HELP SYNTAX explains how to read NET HELP syntax lines.
NET HELP command | MORE displays Help one screen at a time.
[root@jtshell winexe]# winexe -U Administrator%tclmeSRS1234 //WIN-U573PINAGA9 'tasklist'
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 304 K
smss.exe 248 Services 0 1,100 K
csrss.exe 332 Services 0 4,228 K
wininit.exe 384 Services 0 4,412 K
csrss.exe 392 Console 1 3,784 K
winlogon.exe 420 Console 1 4,416 K
services.exe 480 Services 0 8,636 K
lsass.exe 488 Services 0 11,480 K
lsm.exe 496 Services 0 5,952 K
svchost.exe 588 Services 0 10,112 K
svchost.exe 656 Services 0 8,568 K
LogonUI.exe 748 Console 1 14,360 K
svchost.exe 756 Services 0 11,684 K
svchost.exe 808 Services 0 32,712 K
svchost.exe 868 Services 0 12,340 K
svchost.exe 908 Services 0 12,356 K
svchost.exe 948 Services 0 20,756 K
svchost.exe 264 Services 0 11,176 K
spoolsv.exe 1080 Services 0 11,204 K
svchost.exe 1152 Services 0 3,136 K
svchost.exe 1640 Services 0 7,964 K
svchost.exe 1840 Services 0 5,276 K
msdtc.exe 1824 Services 0 7,260 K
sppsvc.exe 540 Services 0 9,036 K
csrss.exe 1212 2 5,016 K
winlogon.exe 1976 2 4,956 K
taskhost.exe 1300 2 5,640 K
rdpclip.exe 1416 2 5,084 K
dwm.exe 1036 2 4,596 K
explorer.exe 1788 2 46,508 K
Oobe.exe 144 2 16,232 K
mmc.exe 2188 2 9,208 K
vds.exe 2252 Services 0 9,180 K
mmc.exe 2884 2 14,300 K
rWBS.exe 1008 Services 0 50,376 K
taskmgr.exe 552 2 10,108 K
winexesvc.exe 2716 Services 0 2,760 K
TrustedInstaller.exe 2736 Services 0 6,836 K
tasklist.exe 1032 Services 0 5,308 K
conhost.exe 884 Services 0 2,812 K
WmiPrvSE.exe 2056 Services 0 6,164 K
[root@jtshell winexe]# winexe -U Administrator%tclmeSRS1234 //WIN-U573PINAGA9 'powershell Get-EventLog -list '
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 1,425 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
512 7 OverwriteOlder 0 Internet Explorer
20,480 0 OverwriteAsNeeded 0 Key Management Service
20,480 0 OverwriteAsNeeded 21,060 Security
20,480 0 OverwriteAsNeeded 1,180 System
15,360 0 OverwriteAsNeeded 236 Windows PowerShell
[root@jtshell winexe]# winexe -U Administrator%tclmeSRS1234 //WIN-U573PINAGA9 'powershell Get-EventLog Application; ' | head -n 50
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
1415 Apr 01 10:02 Information rPath Windows Bui... 0 Respons...
1414 Apr 01 10:02 Information rPath Windows Bui... 0 0 locke...
1413 Apr 01 10:02 Information rPath Windows Bui... 0 0 job r...
1412 Apr 01 10:02 Information rPath Windows Bui... 0 0 locke...
1411 Apr 01 10:02 Information rPath Windows Bui... 0 0 image...
1410 Apr 01 10:02 Information rPath Windows Bui... 0 0 locke...
1409 Apr 01 10:02 Information rPath Windows Bui... 0 0 packa...
1408 Apr 01 10:02 Information rPath Windows Bui... 0 0 locke...
1407 Apr 01 10:02 Information rPath Windows Bui... 0 0 msi r...
1406 Apr 01 10:02 Information rPath Windows Bui... 0 ...
1405 Apr 01 09:02 Information rPath Windows Bui... 0 Respons...
1404 Apr 01 09:02 Information rPath Windows Bui... 0 0 locke...
1403 Apr 01 09:02 Information rPath Windows Bui... 0 0 job r...
1402 Apr 01 09:02 Information rPath Windows Bui... 0 0 locke...
1401 Apr 01 09:02 Information rPath Windows Bui... 0 0 image...
1400 Apr 01 09:02 Information rPath Windows Bui... 0 0 locke...
1399 Apr 01 09:02 Information rPath Windows Bui... 0 0 packa...
1398 Apr 01 09:02 Information rPath Windows Bui... 0 0 locke...
1397 Apr 01 09:02 Information rPath Windows Bui... 0 0 msi r...
[root@jtshell winexe]# winexe -U Administrator%tclmeSRS1234 //WIN-U573PINAGA9 'powershell Get-EventLog Application | Format-Table -autosize ' | head -n 50
WARNING: column Message does not fit into the display and was removed.
Index Time EntryType Source Instance
ID
----- ---- --------- ------ --------
1415 Apr 01 10:02 Information rPath Windows Build Service 0
1414 Apr 01 10:02 Information rPath Windows Build Service 0
1413 Apr 01 10:02 Information rPath Windows Build Service 0
1412 Apr 01 10:02 Information rPath Windows Build Service 0
1411 Apr 01 10:02 Information rPath Windows Build Service 0
1410 Apr 01 10:02 Information rPath Windows Build Service 0
1409 Apr 01 10:02 Information rPath Windows Build Service 0
1408 Apr 01 10:02 Information rPath Windows Build Service 0
1407 Apr 01 10:02 Information rPath Windows Build Service 0
1406 Apr 01 10:02 Information rPath Windows Build Service 0
1405 Apr 01 09:02 Information rPath Windows Build Service 0
1404 Apr 01 09:02 Information rPath Windows Build Service 0
1403 Apr 01 09:02 Information rPath Windows Build Service 0
1402 Apr 01 09:02 Information rPath Windows Build Service 0
1401 Apr 01 09:02 Information rPath Windows Build Service 0
[root@jtshell winexe]# winexe -U Administrator%tclmeSRS1234 //WIN-U573PINAGA9 'powershell Get-EventLog Application | Format-Table -autosize | Out-String -Width 10000 | out-file C:\scripts\log.txt '
[root@jtshell winexe]# dos2unix /mnt/rwbs/scripts/log.txt
dos2unix: converting file /mnt/rwbs/scripts/log.txt to UNIX format ...
[root@jtshell winexe]# cat /mnt/rwbs/scripts/log.txt | strings -e l | sed -e s/ \{1,\}$// | head
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
1415 Apr 01 10:02 Information rPath Windows Build Service 0 Response: 200 OK...
1414 Apr 01 10:02 Information rPath Windows Build Service 0 0 locked job resource(s)
1413 Apr 01 10:02 Information rPath Windows Build Service 0 0 job resource(s) deleted
1412 Apr 01 10:02 Information rPath Windows Build Service 0 0 locked image resource(s)
1411 Apr 01 10:02 Information rPath Windows Build Service 0 0 image resource(s) deleted
1410 Apr 01 10:02 Information rPath Windows Build Service 0 0 locked package resource(s)
1409 Apr 01 10:02 Information rPath Windows Build Service 0 0 package resource(s) deleted
1408 Apr 01 10:02 Information rPath Windows Build Service 0 0 locked msi resource(s)
[root@jtshell ~]# winexe -U Administrator%tclmeSRS1234 //WIN-U573PINAGA9 'powershell gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* ' | head -n 100
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Softwa
re\Microsoft\Windows\CurrentVersion\Uninstall\Connection Mana
ger
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Softwa
re\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName : Connection Manager
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
SystemComponent : 1
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Softwa
re\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET
Framework 4 Client Profile
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Softwa
re\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName : Microsoft .NET Framework 4 Client Profile
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
DisplayIcon : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Cl
ient\DisplayIcon.ico
DisplayName : Microsoft .NET Framework 4 Client Profile
DisplayVersion : 4.0.30319
EstimatedSize : 39732
UninstallString : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Cl
ient\Setup.exe /repair /x86 /x64 /parameterfolder Client
VersionMinor : 0
VersionMajor : 4
Publisher : Microsoft Corporation
InstallLocation : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Cl
ient
UninstallPath : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Cl
ient
Readme : http://go.microsoft.com/fwlink/?LinkId=164156
URLInfoAbout : http://go.microsoft.com/fwlink/?LinkId=164164
URLUpdateInfo : http://go.microsoft.com/fwlink/?LinkId=164165