Inx

Articles Metasploit Framework Windows Tutorial Remote Desktop Connection Windows Processes That May Be Dangerous How-To use NetCat a Tutorial Common Linux Commands Common Ports Netcat Commands HTTP Response Codes War-Google Hack Terms Wardriving Avoiding Social Engineering and Phishing Attacks Intrusion Detection on Linux Linux Intrusion Detection Penetration Testing Guide Penetration Testing Tools Social Engineering Fundamentals, Part I: Hacker Tactics Social engineering (computer security) The Psychology of Social Engineering The Archives General GSO GovernmentSecurity.org News & Suggestions In The News Open Topic General Security Information Trash Can Exploit & Vulnerability Mailing List Archives Trial Member Forum Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems File Downloads Exploit Research & Discussion Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware GSO Programming Section C , C++ , VC++ Visual Basic .NET Perl /CGI Java/Javascript PHP/XML/ASP/HTML Assembly + Other The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers		Help - Search - Member List - Calendar Full Version: Inx GovernmentSecurity.org > System Security > File Downloads Nick Aug 11 2005, 09:24 PM CODE Usage : Inx -pshdunmwi -[lkdamf] [] [] -p : Processus Listing -k [PID 1]...[PID n]: Kill Processus -s : Service Listing -d [NAME_SERVICE] : Start a Service -df [NAME_SERVICE] : Force Start a Service \| Can cause damage on this c omputer -a [NAME_SERVICE] : Stop a Service -af [NAME_SERVICE] : Force Stop a Service \| Can cause damage on this c omputer -k [NAME_SERVICE] : Kill a Service -m [NAME_SERVICE] [TYPE]: Modify a Start Type of Service 0 -> BOOT_START 1 -> SYSTEM_START 2 -> AUTO_START 3 -> DEMAND_START 4 -> DISABLED -d : Drive Listing -u : Users and Groups Listing -n : Network Adaptater Listing -m : Share Listing on Local Computer -i : Netstat tcp/upd Listing -w : System Information Listing -b : Shutdown the Computer -b [TYPE] : Type of Shutdown 0 -> SHUTDOWN 1 -> REBOOT -all : List All Informations example to help you finding shit : Inx -p CODE Process --- Pid Process Path --- --- --- 0 [System Process] C:\Inx.exe 4 System 848 smss.exe \SystemRoot\System32\smss.exe 908 csrss.exe \??\C:\WINDOWS\system32\csrss.exe 936 winlogon.exe \??\C:\WINDOWS\system32\winlogon.exe 980 services.exe C:\WINDOWS\system32\services.exe 992 lsass.exe C:\WINDOWS\system32\lsass.exe 1168 svchost.exe C:\WINDOWS\system32\wins\svchost.exe 1236 svchost.exe C:\WINDOWS\system32\svchost.exe You can find one trojan here, Pid 1168, maybe servu or bot, or any spyware... Inx -n is like netstat CODE Pro Local:Ip Remote:Ip State Pid Process --- --- --- --- --- --- ... tcp 192.168.0.4:12345 83.x.x.x:2134 ESTABLISHED 1168 svchost.exe ... Same Pid 1168, same object, seems to be trojan or servu, on port 12345. And my asshole 83.x.x.x You could try Inx -u CODE Users & Groups --- Administrators Owned Name : Owned Password : (null) Password age : 2 days, 02:18:03 Privilege : USER_PRIV_ADMIN ... Last logon : Thu Aug 11 11:33:37 2005 Last logoff : unknown Expires : never Max storage : unlimited Bad PW count : 0 Number of logons : 14 Logon server: \\* ... Or you can type Inx -all > readMe.txt More information and a gui @ http://3psilon.free.fr/index.php?pa=22 OleaSTeR Aug 12 2005, 08:20 AM working fine, but some caracters problem with French windows XP... é substitute by Ú CODE InvitÚs InvitÚ Name : InvitÚ certainly the same with other no US windows AsCii Aug 13 2005, 12:33 AM excelent tool , thks very usuful Thanks post This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here. Invision Power Board © 2001-2005 Invision Power Services, Inc.