5 hours 21 minutes
Hello and welcome to command line basics. In this video, we're gonna go over Windows System commands to I'm Christopher Heller. And this begin
the learning objectives for this video is that we're gonna understand the task list command, understand the task, Kill command, and then learn about the S C command
pre assessment. The SC command can be used to start and stop Service. Is is this true or false?
Answer is true. The SC Command stands for service control, and he's very, very useful to be able to start and stop Service is from the command line. We can also query specific information about a service, See if it's running, see if it's going to start automatically when the computer boots whole lot of other very useful information.
So the S C command is something that you should be very aware of, and I should be very comfortable using.
All right, So the task list command, What this does on a windows machine is display. All the running processes on the machine will show you the pyd, the process I d for a process how much memory the process is using and the name of the current process as well, also known as the image name.
So this could be used to troubleshoot a specific process. If you're having trouble with something being stuck, or if you have a process that you know should not be running, we can run the task list, see if it is running or not, and that we can use that information with the task he'll commit.
And then what I'd like to keep in mind, too, is the task list. Command could be useful in trying to identify malware that may be present on the machine.
If you see uh, evil that e x e running in your task list, that's pretty good indication that that task should be running. And if we're using the nets that command to try and identify, you know, different processes that are talking out to the Internet,
then we can also use the task list. Commander, help verify that information, and we can compare the PID and see how it is working.
All right, so let me put my command prompt.
I'm gonna type in task list,
and I have a whole bunch of tasks running right now so I can see all of this different information running it will show the This is the PID
and shows also how much memory each of these air using so very useful information.
Now, let's say I'm gonna run the note pad from the command prompt type in no pants and enter prints up this empty no pad window.
Now, if I run task list again,
you see, we have no pad down here
and it is a pity 40 80.
So let's go on to task. Kill. This is usedto end Arang process so we could use either the pig or the image name of the process. And it is usually used to end a stuck process or something that's hanging or it's not responding properly.
So this is very useful to be able to end that process, so either we can start it again or focus on doing a different task.
So if you go back to the command prompt, you see, I have the note pad running.
So first of all, it's to task kill
slash, question mark, because we want to make sure that we're doing what we should be doing. So it looks like you're going to do tests kill forward slash pid and then the pit number,
and it's important to read through the documentation, especially for these types of commands, where we're gonna end a process. That way, we don't do anything that we aren't intending to.
So let's say note PAD is 40 80.
So let's do task killed slash fit
As you can see, we've got the note pad open right here.
Let's run it. Let me make sure I spell that properly.
I'm missing another drill,
and Louis that are no pad is gone.
And if we do task list again,
we've seen no PAD is no longer in his list. Very useful build end a process that we don't want running.
And then we had the SC commend this Service Control Command. This interacts directly with the service control manager for a Windows system, and we can either Queary start pause or stop. Service is in the query. It will give you information about the service if it's running at that time, if it will start automatically, or the late start
and ah, lot more information about the service itself, we could start polished Stop. Those are pretty self explanatory. We want to create a failure action as well for a specific service. So we can say this service ends unexpectedly. I want you to run this specific command
and that could be a command to either alert administrators or to boot up second execute herbal,
so it would be very useful to be comfortable with that. So let's say I want to take a look at the Adobe Arms service, so I'm gonna run SC Query Adobe Armed Service.
and I did spell it correctly so we can see that it is running right now
is a stoppable. It's not possible. And it doesn't ignore a shut down. So let's say we want to you stop this. So I'm gonna push up a rookie,
delete the query and type in stop
and now exceeds has stopped pending because his comes immediately back and it says, Hey, I submitted your command. It's pending a stop right now,
So let's go up and look at query
and we can see that this service is stopped right now.
How same deal. If we want to start the service,
you just go to start.
And the same exact thing is stopping. It's gonna send it off and say, Hey, we have to start pending for this process right here.
And now if we do a clear again,
you see, it's running.
So this is very useful. To be able to troubleshoot, start, stop or change different information about a service at the Windows command line.
All right, so post assessment, what does the task kill? Command need to end. A process isn't a okay.
Be system info. See service, failure, action or deed. The process must be paused.
Enters a the pig. This is the process i d. That the task kill command uses in order to end the process. And I had to recommend using the PID instead of the image name of the process because it's usually very common to have more than one of the same process running under the same name.
So in order to end the specific process that you want to end
used to pin because the pain is always different for each process, even if they have the same name.
So the system info does not work of a serious failure. Action is for a service, not for a process, and the process does not need to be paused. You can end it whether it's stuck running or, uh, anything that's really going on.
All right, so in this video, we understood the task list. Come in. We understood the task. Kill command. And we learned the SCS Service Control Command, and I hope to see you in the next video.
SOC Analyst Assessment Level 1
Cydefe's SOC Analyst Assessment, Level 1, Capture-the-Flag (CTF) Assessment
How to Use GDB (BSWJ)
The GNU Debugger (GDB) is one of the most commonly-used debugging tools in the world. ...
Certificate of Completion Offered