Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
Sender: cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com
Message-ID: <3773E9CE.9C7549CE@jak10.med.navy.mil>
Date: Fri, 25 Jun 1999 16:42:54 -0400
From: jak0npc AT jak10 DOT med DOT navy DOT mil (Campi, Nathan P.)
Organization: US Navy
X-Mailer: Mozilla 4.6 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: cygwin AT sourceware DOT cygnus DOT com
Subject: Can CMD be tweaked to emulate background processes?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I need help making a background process under the native NT shell,
CMD.EXE

I love how my FreeBSD box mails me security info each and every night. I
decided to make a similar security script for NT, and to try and make it
available to as many people as possible, I thought about using CMD
instead of bash.
The only reason is that some of my Navy security friends like to be
minimalists. They use as little extra software as possible, so if I
don't have to tell them to use a new shell (bash), so much the better.

The problem is with a scan detection method I wanted to experiment with.
I want to launch multiple netcat processes listening on different ports,
ready to execute a "net send" to the security admin when connected to,
but cmd doesn't support background processes the way bash does.
I could use the start command, but it will launch another window, and I
don't need 5 or 10 CMD windows sitting on my desktop!

BTW, so far I have the basic script doing the following:
1. outputting the last 10 successful and unsuccessful logons
(ntobjectives' ntlast)
2. checking for added/deleted user accounts (outputs "net name" to text
file and compares old one to new one, backup in case event log is
cleared)
3. checking passwords against a wordlist to ensure password strength
(command line version of l0phtcrack)
4. outputs hidden files made since the last time the script was run
(forensic toolkit's hfind)
5. gives info on NTFS partitions (sysinternals ntfsinfo utility)
6. event log dump to search for specific events (dumpevt and grep the
file)
7. defrags the hard drive (sysinternals' contig util)

If people want to play with it, let me know and I'll post it to my
website for download... it certainly needs work :)
I really haven't done anything that others here can't reproduce in
minutes with the info I gave.

If anyone has any way to smoothly make an equivalent to a background
process using cmd please let me know.
-- 
     

  Nate Campi
  npcampi at jak10.med.navy.mil

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com