7. OS X
DiamondCS console tools archive #
DiamondCS, makers of the fabled Process Guard and TDS, regrettably disappeared long ago. Here is an archive of their tiny command line tools for posterity, including:
- Internet & Network
- OpenPorts - The powerful OpenPorts reveals which processes are behind the TCP and UDP network ports on your system.
- EnumIPs - Displays all local IP addresses, including broadcast and net mask details.
- GetIP - Connects to the Internet to obtain your real Internet IP address.
- IP List - Enumerates network interfaces, showing all bound IP addresses, their broadcast addresses, and their netmasks
- ICMP Ping - Use ICMP Ping to determine if a machine is responding to standard requests.
- Resolve - Resolve an IP address to it's DNS address, and vice versa. Also performs a reverse-resolve.
- TraceRoute - TraceRoute uses specially-crafted ICMP Ping requests to trace a map of the computers between you and the target address. It is particularly useful to determine the ISP of the target.
- Whois - Display information about Internet domains
- SendMail - Send email (and even attach a file) using any SMTP server
- HTTPGet - Download files from HTTP/FTP servers from the command line
- CmdLine - Another of our more popular console tools, CmdLine is a one-of-a-kind that can actually reveal the commandline parameters of processes.
- DelayExec - DelayExec allows you to start programs in a pre-execution state of suspension, where the process is loaded but code isn't initially executed.
- Procs - Complete process control - listing (with full paths and process IDs), terminating, and module enumeration.
- Windows - Complete control over all parent and child windows, including listing and modification.
- CPUInfo - Displays a variety of information about your processor(s). Multi-CPU support, and detects serial number, speed, name, features and more.
- Adapters - Displays information about all network adapters. Details include MAC address, Description, IP addresses, DHCP info and more.
- Drivers - Lists all drivers on the system. Full image paths and base addresses are shown.
- MemDump - Also an MS-DOS-based tool, this allows you to view memory from 0000:0000 to FFFF:FFFF. For example, "memdump F000:FFF5, 8" will show your BIOS date - BIOS itself can be found at F000:0000.
- BIOSDump - An MS-DOS-based tool that allows you to view BIOS (and extensions which it scans for) and also save as files.
- ErrorDesc - If you've ever been frustrated by unhelpful error numbers like "Error #82 occurred" this tool can help. You simply give it the error number and it will query the operating system for a description about that error number. It also queries an internal database of over a thousand NTStatus error codes.
- User Info
- WhoAmI - Displays the current computer name, current user name, IP addresses, and Administrator status.
- IsAdmin - Displays the current user name and determines if the user has Administrator privileges.
- PWReveal - Allows you to see the passwords behind most PassChar-protected text\editboxes in memory (allowing you to see behind the "*****" fields). There is also a stay-resident option, and a patch option that can actually remove the PassChar protection from such password-protecting boxes on the fly.
- PassDump - PassDump is similar to (and based on) PWReveal, but with just one goal - PassDump simply dumps to the console the text from any PassChar-protected textboxes that it can find.
- File Tools
- FolderMon - A powerful monitoring program that allows you to see all (or specific) file activity in a folder & subfolders or even an entire drive.
- FindAll - A fast and powerful tool for searching the contents of files. Supports Unicode, case (in)sensitivity, subdirectory searching and more.
- StrDump - Scan a file for text strings - a quick, useful way to avoid sifting through 'junk' data.
- HexDump - Dump the contents of any file in traditional 'hex dump' format.
- MD5 - Quickly and easily calculate strong 128-bit checksums from strings and files.
- SHA-160 Hash - Calculates 160-bit checksums from files.
- AdjustCR - File conversion. Replaces UNIX-style line-feeds with Windows-style carriage-return & line-feed
- Date & Time
- CityTime - CityTime is the fastest and easiest way to check the time in another city. Over 200 major cities of the world are supported.
- UpTime - See how long your computer has been running, accurate to the second.
- DateDiff - Calculate the number of days between two dates - a common task finally made easy!
The above descriptions are quoted from Wayne's original announcements, the archived homepage, and the help text (for Whois). The descriptions are virtually verbatim, with only minor changes to categories. Sadly, Htm2Txt (mentioned in the second announcement) could not be located for inclusion in the archive.
/windows | May 21, 2013Windows 7 Firewall - Cannot disable or remove exceptions #
If attempting to disable or remove Windows Firewall exceptions using the standard method fails, try this: Control Panel > Administrative Tools > Windows Firewall with Advanced Security > select "Inbound Rules" or "Outbound Rules" > right click and delete or disable rule. (Thanks moogly!)
/windows | May 17, 2013"This may be the finest piece of word processing code ever written" #
VDE 1.96A [90k] + DOS/console text editor with an essential core of word processing features, including support for WordStar, WordPerfect, and Microsoft Word formats.
Dvorak quote from 1990:
"This may be the finest piece of word processing code ever written. I have never been as impressed with anything as I have with VDE 1.5... writing software in 100 percent assembly language still pays off in performance and reduced code size. It's an astonishing product, believe me. It's more than the perfect laptop word processor... I cannot give a higher recommendation for any product that I have seen in ten years... Top recommendation."
/windows | May 05, 2013Upgrading Quicken 2001 to 2013 #
or any ancient version of Quicken to a modern one requires using an intermediate version to convert the old data first. Intuit kindly offers these free Quicken downloads for that purpose:
Refreshingly, no registration is required; these are direct download links.
/windows | Apr 24, 2013Dump cleartext passwords of logged in user(s) #
mimikatz displays passwords of logged in user(s):
mimikatz # privilege::debug
Demande d'ACTIVATION du privilège : SeDebugPrivilege : OK
mimikatz # sekurlsa::logonPasswords full
Utilisateur principal : user
Domaine d'authentification : domain
* Utilisateur : user
* Domaine : domain
* Mot de passe : pass
Spotted on /r/sysadmin here and here.
Similar "exploit" for OS X: Recover passwords from current user's Login Keychain
/windows | Apr 11, 2013Emailing results from Windows XP Scheduled Tasks #
The Windows 7 Task Scheduler includes a built-in email option, something XP doesn't offer. A simple workaround is to use blat and a batch file. We'll use a SyncToy scheduled task in this example.
On a related note, the Windows 7 version of schtasks supports the /TN parameter for queries:
- Schedule a SyncToy backup job (see "Schedule SyncToy" in the included help file for details)
- Throw blat and grep into C:\Windows (or anywhere in your PATH)
- Create a batch file (e.g., C:\scripts\email.bat) which contains something like this:
schtasks /query /fo list /v | findstr /i "Result: TaskName: Last" | grep SyncToy -A 2 | blat -f email@example.com -to firstname.lastname@example.org -s "SyncToy task result" -serverSMTP mail.example.org
- Schedule email.bat to run daily. You'll start receiving emails that look something like this:
Last Run Time: 12:30:00, 4/2/2013
Last Result: 0
C:\>schtasks /query /?
/TN taskname Specifies the task name for which to
retrieve the information, else all of them.
Sadly, the help text is deceiving; you need to specify the full path, not just the task name (or rather (more accurately), the full path is the task name, though that is not at all clear from the Task Scheduler GUI).
C:\>schtasks /query /v /fo list /tn synctoy
ERROR: The system cannot find the path specified.
C:\>schtasks /query /v /fo list /tn "\Microsoft\Windows\SyncToy\synctoy"
Next Run Time: 4/3/2013 10:57:34 PM
Logon Mode: Interactive only
Last Run Time: 4/2/2013 11:01:39 PM
Last Result: 0
Task To Run: "C:\Program Files\SyncToy 2.1\SyncToyCmd.exe" -R
/windows | Apr 02, 2013Delete a directory with a trailing space in its name #
We've seen the confusion a trailing space in a filename can cause. The same problem in a directory name stored on a FAT32-formatted flash drive made it impossible to delete under OS X with the usual workarounds, but Windows managed it via:
C:\>rd "\\?\e:\dirname "
For more information, see Cause 5: The file name includes a reserved name in the Win32 name space in this KB article: You cannot delete a file or a folder on an NTFS file system volume.
/windows | Mar 31, 2013Recent additions to File/Backup #
- FSync 1.5 [116k] + Uni-directional folder mirroring. Target can be specified by drive letter, label, or serial number. Cannot backup locked or in-use files; combine with ShadowSpawn to work around.
- Drive SnapShot 1.42 [352k] + Disk imaging backup. Review
- Bvckup 126.96.36.1991 [478k] Delta copy folders in real time, manually, or at scheduled intervals.
/windows | Mar 24, 2013Copy in-use files from the command line #
- hobocopy (open source) - "Uses the Volume Shadow Service (VSS) to 'snapshot' the disk before copying. It then copies from the snapshot rather than the 'live' disk." Several issues raised in these comments, including problems with incremental mode and attributes/ACL. The author has deprecated it in favor of:
- ShadowSpawn (open source) - "Works by making a shadow copy of your disk, making it available at a drive letter, then launching (spawning) another program that you specify. Probably the most common way to use ShadowSpawn is to use Robocopy make a copy of files that are currently in use."
- ShadowCopy (freeware) - Copies locked and open files via Volume Shadow Services.
- Backup of locked files using vshadow.exe and robocopy.exe (PDF) - Instructions from the University of Arkansas for backing up with VShadow and Robocopy.
/windows | Mar 24, 2013Error installing Windows 7 #
While attempting to install Windows 7 from a USB-connected Zalman ZM-VE200 (formerly iodd 2501), the following error appeared:
Setup was unable to create a new system partition or locate an existing system partition. See the Setup log files for more information.
The error would not appear when booting from a Windows 7 install DVD.
Resolved by making two changes in the BIOS:
- set target disk to be first in the hard drive boot order
- set target disk as the primary boot device
/windows | Mar 24, 2013