Top 10 Open Source Hacking Tools

1. Nmap Security Scanner 2. OSSEC 3. OpenVAS 4. Security Onion 5. Metasploit Framework 6. OpenSSH 7. Wireshark 8. Backtrack 9. ZED Attack Proxy (ZAP) 10. SQLmap

Useful commands

1. Create a WiFi Hotspot

If you want to share your device connect to other mobile devices, simply enter the following commands. This is for Windows versions before Windows 10. The latest version has a built-in feature to enable a hotspot.

First command:

netsh wlan set hostednetwork mode=allow ssid=Kalanithi key=Test123

---

C:\WINDOWS\system32>netsh wlan set hostednetwork mode=allow ssid=Kalanithi key=Test123$

The hosted network mode has been set to allow.

The SSID of the hosted network has been successfully changed.

The user key passphrase of the hosted network has been successfully changed.

_________

Replace the ssid and key values with the name of your WiFi and the password. It will now be enabled.

To start the WLAN, execute this next command:

netsh wlan start hostednetwork

When you’re all done, end the session with this command:

netsh wlan stop hosted network

2. Find your License Key

To retrieve your license key for your Windows installation, use the following command:

Command prompt:

wmic path softwarelicensingservice get OA3xOriginalProductKey

Powershelll command

powershell "(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey"

3. Scan your System Files for Issues

To let Windows do a scan of all your system files for various types of problems, you can use the following command:

sfc /scannow

If there are any issues found, your Windows system file checker will attempt to rectify them.

Sfc Command Options
Item	Description
/scannow	This option instructs sfc to scan all protected operating system files and repair as necessary.
/verifyonly	This sfc command option is the same as /scannow but without repairing.
/scanfile=file	This sfc option is the same as /scannow but the scan and repair is only for the specified file.
/offbootdir=boot	Used with /offwindir, this sfc option is used to define the boot directory (boot) when using sfc from outside of Windows.
/offwindir=win	This sfc option is used with /offbootdir to define the Windows directory (win) when using sfc offline.
/?	Use the help switch with the sfc command to show detailed help about the command's several options.

Sfc Command Examples

sfc /scannow

In the above example, the System File Checker utility is used to scan and then automatically replace any corrupt or missing system files. The /scannow option is the most commonly used switch for the sfc command.

See How to Use SFC /Scannow to Repair Protected Windows Operating System Filesfor more information on using the sfc command in this way.

sfc /scanfile=c:\windows\system32\ieframe.dll

The sfc command above is used to scan ieframe.dll and then repair it if an issue is found.

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

In the next example, protected Windows files are scanned and repaired if necessary (/scannow) but this is done so with a different installation of Windows (/offwindir=c:\windows) on a different drive (/offbootdir=c:\).

The above example is how you would use the sfc command from the Command Prompt in System Recovery Options or from a different installation of Windows on the same computer.

sfc /verifyonly

Using the sfc command with the /verifyonly option, System File Checker will scan all protected files and report any issues, but no changes are made.

Depending on how your computer was setup, you may need access to your original Windows installation disc or flash drive to allow file repairs.

4. Change a file association

If you find that certain types of files aren’t able to get associated with the appropriate program to open them, you can manually change the association with the following command:

assoc.ext=

Replace ‘ext’ with the extension of the file and enter the program name after the “=” sign. If you want to just see the various file associations, use this:

Assoc

5. Compare differences between two text files

For coders and writers working with .txt or .doc/.docx files, it’s very useful to know if there are any differences between two text documents where the content appears to be identical. To have Command Prompt display the differences, you can use the “fc” command as follows:

fc “C:\Program Files (x86)\document1.doc” “C:\Program Files (x86)\document2.doc”

There are also variations of the “fc” command:

fc /b – only compares binary output
fc /l – only compares ASCII text
fc /c – ignores letter casing

6.  Create a recovery image

When you need to reinstall Windows at a later time, it’s useful to have a recovery image created in a specific directory. However, all the bloatware apps that are on your system will first need to be removed, and you can install your own desktop apps. Once the apps are in place, you can create a fresh recovery image using this command:

recimg /CreateImage C:\CustomRefreshImages\Image1

You can change the location as per your preference. The next time you refresh or reset your PC, the system will use the custom image that you created.

Note: This only works on Windows 8 and Windows 8.1 desktops. On Windows 8.1 tablets, after Microsoft brought in the “WIMboot” option, this command no longer works. It also does not work on the Windows 10 environment.

7. Remove a virus from a USB drive (Windows 10)

This is an easy way to remove a virus from an infected USB. First, let’s see how to clear the attributes of a virus file, and then delete it altogether using Command Prompt. You may want to copy any important files to another location before doing this.

First, change the directory by using F: or whatever the name of the removable USB drive.

Next, use the following command to list all the virus files:

attrib

This will list all the files in the USB drive. Now look for one of these files:

·         Autorun.inf

·         Ravmon.exe

·         New Folder.exe

·         svchost.exe

·         Heap41a

These are typical virus files, so now you need to remove their attributes. Use the command below:

attrib -r -a -s -h *.*

-r will remove read-only files
-a will remove the archive file
-s will remove the system file
-h will remove the hidden file
*.* will specific that you want to remove those for all files with any type of extension

So far you’ve only removed file attributes for all files. You can now proceed to delete the virus file with this command:

del autorun.inf

Replace autorun.inf with the virus file name.

Now run the “attrib” command again, and you’ll see that the file has been successfully deleted.

If you simply want to delete all files with a particular extension, use:

del *.ink

8. Reset a User Account Password

At times, you may face a situation where you still have admin rights to your computer but a particular user account password has been forgotten. Alternatively, you may want to change the password for a particular account.

To see all user accounts, use the following command as administrator:

net user

To change the password for a user, execute this command:

net user user_name new_password

Replace user_name with the user account to be modified, and replace new_password with a password of your choice. Hit Enter and the password will instantly be changed. You can now log out of the admin account and login to the user account with the different password. There are also several software applications that you can use if you want to completely reset the password.

9. Check port status for all peripheral connections

If you’re trying to troubleshoot peripheral devices and their connections to your PC, this command will be very useful:

netstat -an

This will display all ports, their IP addresses and their status – closed/established/listening. This is especially useful if you’re attempting to locate a malicious connection after suspecting a Trojan infection.

These 10 useful Windows Commands for Command Prompt will give you a lot more control over your Windows environment using the humble but powerful command line.

 WMIC commands

To execute these queries, run “WMIC” at a command prompt, followed by one of the following alias/es:

baseboard	get Manufacturer, Model, Name, PartNumber, slotlayout, serialnumber, poweredon
bios	get name, version, serialnumber
bootconfig	get BootDirectory, Caption, TempDirectory, Lastdrive
cdrom	get Name, Drive, Volumename
computersystem	get Name, domain, Manufacturer, Model, NumberofProcessors, PrimaryOwnerName,Username, Roles, totalphysicalmemory /format:list
cpu	get Name, Caption, MaxClockSpeed, DeviceID, status
datafile	where name=’c:\boot.ini’ get Archive, FileSize, FileType, InstallDate, Readable, Writeable, System, Version
dcomapp	get Name, AppID /format:list
desktop	get Name, ScreenSaverExecutable, ScreenSaverActive, Wallpaper /format:list
desktopmonitor	get screenheight, screenwidth
diskdrive	get Name, Manufacturer, Model, InterfaceType, MediaLoaded, MediaType
diskquota	get User, Warninglimit, DiskSpaceUsed, QuotaVolume
environment	get Description, VariableValue
fsdir	where name=’c:\windows’ get Archive, CreationDate, LastModified, Readable, Writeable, System, Hidden, Status
group	get Caption, InstallDate, LocalAccount, Domain, SID, Status
idecontroller	get Name, Manufacturer, DeviceID, Status
irq	get Name, Status
job	get Name, Owner, DaysOfMonth, DaysOfWeek, ElapsedTime, JobStatus, StartTime, Status
loadorder	get Name, DriverEnabled, GroupOrder, Status
logicaldisk	get Name, Compressed, Description, DriveType, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName
memcache	get Name, BlockSize, Purpose, MaxCacheSize, Status
memlogical	get AvailableVirtualMemory, TotalPageFileSpace, TotalPhysicalMemory, TotalVirtualMemory
memphysical	get Manufacturer, Model, SerialNumber, MaxCapacity, MemoryDevices
netclient	get Caption, Name, Manufacturer, Status
netlogin	get Name, Fullname, ScriptPath, Profile, UserID, NumberOfLogons, PasswordAge, LogonServer, HomeDirectory, PrimaryGroupID
netprotocol	get Caption, Description, GuaranteesSequencing, SupportsBroadcasting, SupportsEncryption, Status
netuse	get Caption, DisplayType, LocalName, Name, ProviderName, Status
nic	get AdapterType, AutoSense, Name, Installed, MACAddress, PNPDeviceID,PowerManagementSupported, Speed, StatusInfo
nicconfig	get MACAddress, DefaultIPGateway, IPAddress, IPSubnet, DNSHostName, DNSDomain
nicconfig	get MACAddress, IPAddress, DHCPEnabled, DHCPLeaseExpires, DHCPLeaseObtained, DHCPServer
nicconfig	get MACAddress, IPAddress, DNSHostName, DNSDomain, DNSDomainSuffixSearchOrder, DNSEnabledForWINSResolution, DNSServerSearchOrder
nicconfig	get MACAddress, IPAddress, WINSPrimaryServer, WINSSecondaryServer, WINSEnableLMHostsLookup, WINSHostLookupFile
ntdomain	get Caption, ClientSiteName, DomainControllerAddress, DomainControllerName, Roles, Status
ntevent	where (LogFile=’system’ and SourceName=’W32Time’) get Message, TimeGenerated
ntevent	where (LogFile=’system’ and SourceName=’W32Time’ and Message like ‘%timesource%’) get Message, TimeGenerated
ntevent	where (LogFile=’system’ and SourceName=’W32Time’ and EventCode!=’29’) get TimeGenerated, EventCode, Message
onboarddevice	get Description, DeviceType, Enabled, Status
os	get Version, Caption, CountryCode, CSName, Description, InstallDate, SerialNumber, ServicePackMajorVersion, WindowsDirectory /format:list
os	get CurrentTimeZone, FreePhysicalMemory, FreeVirtualMemory, LastBootUpTime, NumberofProcesses, NumberofUsers, Organization, RegisteredUser, Status
pagefile	get Caption, CurrentUsage, Status, TempPageFile
pagefileset	get Name, InitialSize, MaximumSize
partition	get Caption, Size, PrimaryPartition, Status, Type
printer	get DeviceID, DriverName, Hidden, Name, PortName, PowerManagementSupported, PrintJobDataType, VerticalResolution, Horizontalresolution
printjob	get Description, Document, ElapsedTime, HostPrintQueue, JobID, JobStatus, Name, Notify, Owner, TimeSubmitted, TotalPages
process	get Caption, CommandLine, Handle, HandleCount, PageFaults, PageFileUsage, PArentProcessId, ProcessId, ThreadCount
product	get Description, InstallDate, Name, Vendor, Version
qfe	get description, FixComments, HotFixID, InstalledBy, InstalledOn, ServicePackInEffect
quotasetting	get Caption, DefaultLimit, Description, DefaultWarningLimit, SettingID, State
recoveros	get AutoReboot, DebugFilePath, WriteDebugInfo, WriteToSystemLog
Registry	get CurrentSize, MaximumSize, ProposedSize, Status
scsicontroller	get Caption, DeviceID, Manufacturer, PNPDeviceID
server	get ErrorsAccessPermissions, ErrorsGrantedAccess, ErrorsLogon, ErrorsSystem, FilesOpen, FileDirectorySearches
service	get Name, Caption, State, ServiceType, StartMode, pathname
share	get name, path, status
sounddev	get Caption, DeviceID, PNPDeviceID, Manufacturer, status
startup	get Caption, Location, Command
sysaccount	get Caption, Domain, Name, SID, SIDType, Status
sysdriver	get Caption, Name, PathName, ServiceType, State, Status
systemenclosure	get Caption, Height, Depth, Manufacturer, Model, SMBIOSAssetTag, AudibleAlarm, SecurityStatus, SecurityBreach, PoweredOn, NumberOfPowerCords
systemslot	get Number, SlotDesignation, Status, SupportsHotPlug, Version, CurrentUsage, ConnectorPinout
tapedrive	get Name, Capabilities, Compression, Description, MediaType, NeedsCleaning, Status, StatusInfo
timezone	get Caption, Bias, DaylightBias, DaylightName, StandardName
useraccount	get AccountType, Description, Domain, Disabled, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID

Networking commands

Ping

I am guessing that the ping command is probably the most familiar, and most widely used of the utilities being discussed in this article, but that does not make it any less essential.

Ping is used to test the ability of one network host to communicate with another. Simply enter the Ping command, followed by the name or the IP address of the destination host. Assuming that there are no network problems or firewalls preventing the ping from completing, the remote host will respond to the ping with four packets. Receiving these packets confirms that a valid and functional network path exists between the two hosts.

NetStat

If you are experiencing problems with network communications, then network statistics can sometimes help point you toward the root cause of the problem. That’s where the aptly named NetStat command comes into play. This command has a number of different functions, but the most useful of these is to display network summary information for the device. To see this type of summary information, just type NetStat -e.

ARP

The ARP command corresponds to the Address Resolution Protocol. Although it is easy to think of network communications in terms of IP addressing, packet delivery is ultimately dependent on the Media Access Control (MAC) address of the device’s network adapter. This is where the Address Resolution Protocol comes into play. Its job is to map IP addresses to MAC addresses.

Windows devices maintain an ARP cache, which contains the results of recent ARP queries. You can see the contents of this cache by using the ARP -A command. If you are having problems communicating with one specific host, you can append the remote host’s IP address to the ARP -A command.

NbtStat

As I am sure you probably know, computers that are running a Windows operating system are assigned a computer name. Oftentimes, there is a domain name or a workgroup name that is also assigned to the computer. The computer name is sometimes referred to as the NetBIOS name.

Windows uses several different methods to map NetBIOS names to IP addresses, such as broadcast, LMHost lookup, or even using the nearly extinct method of querying a WINS server.

Of course, NetBIOS over TCP/IP can occasionally break down. The NbtStat command can help you to diagnose and correct such problems. The NbtStat -n command for example, shows the NetBIOS names that are in use by a device. The NbtStat -r command shows how many NetBIOS names the device has been able to resolve recently.

Hostname

The previously discussed NbtStat command can provide you with the host name that has been assigned to a Windows device, if you know which switch to use with the command. However, if you’re just looking for a fast and easy way of verifying a computer’s name, then try using the Hostname command. Typing Hostname at the command prompt returns the local computer name.

Tracert

Contrary to what a rather infamous YouTube video might lead you to believe, Tracert isn’t pronounced “Tracer T,” nor can it show you how many people are using Google right this second. Instead, Tracert, or “Trace Route,” is a utility for examining the path to a remote host.

Functionally, Tracert works similarly to Ping. The major difference is that Tracert sends a series of ICMPecho requests, and the request’s TTL increased by 1 each time. This allows the utility to display the routers through which packets are passing to be identified. When possible, Windows displays the duration and IP address or fully qualified domain name of each hop.

IpConfig

One utility that I find myself using constantly is IPConfig. At its simplest, the IPConfig command will display basic IP address configuration information for the device. Simply type IPConfig at the Windows command prompt, and you will be presented with the IP address, subnet mask, and default gateway that the device is currently using.

If you would like to see more detailed information, then type IPConfig /all. Doing so causes Windows to display IP address configuration that is much more verbose. This is also the command that you will have to use if you want to see which DNS server the Windows device is configured to use.

The IPConfig command can do much more than just display IP address configuration information. It also contains options that can help you to troubleshoot problems related to DNS and DHCP. For example, entering the IPConfig /FlushDNS command purges the contents of the computer’s DNS resolver cache.

NSLookup

NSLookup is a great utility for diagnosing DNS name resolution problems. Just type the NSLookup command, and Windows will display the name and IP address of the device’s default DNS server. From there, you can type host names in an effort to see if the DNS server is able to resolve the specified host name.

Route

IP networks use routing tables to direct packets from one subnet to another. The Windows Route utility allows you to view the device’s routing tables. To do so, simply type Route Print.

The cool thing about the Route command is that it not only shows you the routing table, it lets you make changes. Commands such as Route Add, Route Delete, and Route Change allow you to make routing table modifications on an as needed basis. The changes that you make can be persistent or nonpersistent, depending on whether you use the -P switch.

PathPing

Earlier, I talked about the Ping utility and the Tracert utility, and the similarities between them. As you might have guessed, the PathPing tool is a utility that combines the best aspects of Tracert and Ping.

Entering the PathPing command followed by a host name initiates what looks like a somewhat standard Tracert process. Once this process completes however, the tool takes 300 seconds (five minutes) to gather statistics, and then reports latency and packet loss statistics that are more detailed than those provided by Ping or Tracert.

NetDiag

Perhaps the most useful of the network utilities that are built into Windows is NetDiag. The NetDiag command is designed to run a battery of tests on the computer in order to help the technician figure out why the computer is experiencing networking problems.

One of the things that I really like about this tool is that although there are a number of optional switches that you can use, you don’t have to use any of them unless you want to. Entering the NetDiag command by itself will cause all of the available tests to be run.

In some cases, NetDiag can not only identify problems, but can also fix those problems. Obviously, NetDiag cannot automatically correct every problem that it finds, but appending the /Fix parameter to the command will tell NetDiag to attempt to fix the problem automatically.

The Windows operating system is jam packed with command line utilities. Many of these utilities are left over from operating systems that were introduced decades ago. Even so, the utilities that I have discussed in this article are every bit as useful today as they were when they were first introduced.