hi

you know this? you got a shell on your viktim but you cant transfer files etc because the firewall is running. You want to shut it down with "net stop firewall". but you don't know the service name of the firewall. with the integrated tasklister of windows (tasklist.exe) you can find it out. With the command "Tasklist /svc" you can map the service name to a process.

I hope this is helpful for you

gretings, passiw

gr8 tip thx dude

Tasklist is only available on XP Pro and I have yet to find an alternative (atleast at the command line). For the alternative at desktop check out this article:
http://ask-leo.com/archives/000102.html.

Thanks for the tip.

ZoraX is correct, the standard ports are usually open.

Cheers

hey thats pretty good
now i can easily see which processes are launched under svchost

I usually do

"tasklist.exe /svc > C:\file.txt" to get it printed to a nice lil' file =)
Easy to supervise :-)

"net start" view the running services.

hey passiw try this

sc query
or
sc queryex
will output a big list of all services and their names

thanks for the tip mate, i didnt know about that

net stop "service" works with all shown by net start. u just have to use the quotes HF

Nice tricky, didn't know that

Thanks a lot

sc query
work only on Windows XP.
And wenn it is Windows 2000, what can i do?

sc query is quite usefull but i was looking for other thing
if my stro is hack for example a good hacker woudnt put like let imagine a serv u with his own name!

is there any program that can discovered a rename program?

i dunno if i made myself clear....

Thanks for the knowledge m8.. wery usefull.. Cus on a sql-srv u can't use net stop "service". U need the real servicename.

taskkill cmd works pretty good, sometimes.

thx for the tips!


Great to know

nodeed. this works fine:
net stop "diskplay name"

"diskplay name" is just what shows up with net start command