2KKUU7ita

Choosing Tools
Chapter 11: Windows
Literally hundreds of Windows hacking and testing tools are available. The
key is to find a set of tools that can do what you need and that you’re comfortable
using.
Many security tools — including some of the tools in this chapter — work
with only certain versions of Windows. The most recent version of each tool
in this chapter is compatible with Windows XP and Windows 7, but your
mileage may vary.
The more security tools and other power-user applications you install in
Windows — especially programs that tie into the network drivers and TCP/
IP stack — the more unstable Windows becomes. I’m talking about slow performance,
blue screens of death, and general instability issues. Unfortunately,
often the only fix is to reinstall Windows and all your applications. After
rebuilding my laptop every few months, I finally wised up and bought a copy
of VMware Workstation and a dedicated computer that I can junk up with testing
tools without worrying about it affecting my ability to get my other work
done. (Ah, the memories of those DOS and Windows 3.x days when things
were much simpler!)
Free Microsoft tools
You can use the following free Microsoft tools to test your systems for various
security weaknesses:
✓ Built-in Windows programs for NetBIOS and TCP/UDP service enumeration,
such as these three:
• nbtstat for gathering NetBIOS name table information
• netstat for displaying open ports on the local Windows system
• net for running various network-based commands, including viewing
shares on remote Windows systems and adding user accounts
after you gain a remote command prompt via Metasploit
✓ Microsoft Baseline Security Analyzer (MBSA) (www.microsoft.com/
technet/security/tools/mbsahome.mspx) to test for missing
patches and basic Windows security settings
✓ Sysinternals (http://technet.microsoft.com/en-us/sys
internals/default.aspx) to poke, prod, and monitor Windows
services, processes, and resources both locally and over the network
201