Find Out If Windows Server System Hacked / Cracked Or Not

Posted on in Categories Hardware, Howto, Links, Networking, Security, Tips, Windows, Windows server, windows vista last updated May 29, 2008

Some time my work force me to do detective work on MS-Windows boxes. Just like Linux / UNIX / BSD system , Windows machines get *owned* a lot. Recently while searching for information I came across couple of nice built-in windows command line security tools to determine if a system has been hacked cracked.

Fortunately, Microsoft has built numerous tools into Windows so administrators and power users can analyze a machine to determine whether it’s been compromised. In this tip, which is the first of a two-part series, Author has covered five useful command-line tools built into Windows for such analysis.

=> Built-in Windows commands to determine if a system has been hacked : Part I and Part II

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 4 comments/add one below):

4 comment

  1. Blah who has time for all that. Find a dedicated managed server. I run with Server Intellect fully managed. They run full scans for me each month. One less thing I have to worry scan for. Spend more time being productive and less time chasing down wanna be hacker kiddies.

  2. … seriously?

    Every month?

    What, so if you got compromised, that’s no problem, because you’ll find out like 4 weeks later.

    Meanwhile some dude in Belarus has all your customer data, credit cards, etc

    …or do you work for Server Intellect?

  3. (Incidentally that’s not a jab at Server Intellect, I’m not familiar with them and they’re probably fantastic for all I know)

    btw Great articles, though they would have been better if they pointed out which command line tools were more useful than others at spotting common cloaked rootkits..

  4. Henrick I think your missing the point, I have someone who runs scans for me. I still continue to monitor and run scans myself but I have a third party also reviewing and watching my server and updating it if I dont get the chance to right away. Plus if I do get rooted, I have some support to back me up and resolve issues. Most people that run their own servers wouldn’t know a root kit if it bit them in the ass. I dont always have time to read the newest rootkit, or patch needed to protect my server from being rooted. Also if I had Customer CC and data It wouldn’t be in clear text=)

    Have a question? Post it on our forum!