Monthly Archives: March 2015

Windows Remote Services

Especially helpful on malware detection side, many of the command-line tools in windows, support remote machines too.

While you can use ‘Computer Management’ to connect to a remote console, many commands such as tasklist and taskkill support remote system commands.

tasklist /s 'computername or IP'

Replace the ‘quote text’ with said machine or IP address. If you want to output these to a text file for review and archiving, any command you use will support ‘less than’ > pathing for your results to be dumped into a flat-file.

tasklist /s 'computername or IP' > C:FileName.log

I recommend writing to a sub-directory and not the root of the C: drive, as users without admin privileges will get an error creating the file.

If you are really in a pinch and want to invoke a soft-shutdown of a windows machine, taskkill the svchost.exe processes and one of them will invoke a reboot. This is helpful if you get an error trying to execute the following shutdown command for a remote PC.

shutdown /m 'computername or IP' -r

The -r designates a reboot, while the -m in this case is specifying to do this on a remote PC and not your local PC.

Mozilla Profiles

So I did a reinstall and forgot to run MozBackup on my old OS before I wiped it. I did however get a drive backup and copy of my C:Users folder.

Turns out with Mozilla (browsers and email clients) you can copy the contents of the profile folder, into the new one. The folder name should remain the same on the new PC, so copy the contents of the old profile into the new one.

C:Users$Username$AppDataRoamingMoonchild ProductionsPale MoonProfiles$string$.default

This will restore all your history, logged in sessions and likely saved password, if you do the saved password thing.

I found it amusing that a new machine with the folder contents copied over, registered as the same machine. Interesting vector if you are an exploiter or hand lots of system deployments with data migration.

Remember, what is nefarious for one person, can be used to help someone else out.

Replace the Pale Moon path with a relevant Firefox install directory. It will also live in the Roaming portion of your profile AppData folders. Pale Moon is a forked browser based off Firefox.