======Links======
[[http://web.archive.org/web/20070814083206/www.nativecs.com/page.en.php?f=data/en/download&img=images/baner01e.gif|ACLView]] voor het bekijken van DACLs\\
[[http://peter.verhas.com/progs/c/nt/pvt/index.html|Danger Tools]] This tool allows you to do some really powerful operations on Windows NT/2000/ XP from the command line. These include (but not limited to) creating hard links on NTFS (to files and directories), copying files with all attributes on NTFS, changing owner and group of files, setting process work set size and priority.\\
[[http://ntsecurity.nu/toolbox/setowner/|SetOwner]] is able to change the ownership of a file to any account. This works if you have the "Restore files and directories" user right. \\

=====NTSecurity Toolbox=====
[[http://ntsecurity.nu/toolbox/|NTSecurity Toolbox]]:
^Name^Description^
|BrowseList|BrowseList retrieves the browse list on a Windows network.|
|CECrypt|CECrypt is a file encryption tool for Windows CE that can encrypt with either 3-DES or IDEA. Compatible with CryptF.|
|ClearLogs|ClearLogs clears the event log (Security, System or Application) that you specify. You run it from the Command Prompt, and it can also clear logs on a remote computer.|
|CryptF|A file encryption tool that can encrypt with either 3-DES or IDEA. Compatible with CECrypt.|
|DBProbe|DBProbe checks the directed broadcast ping amplification factor for a network.|
|DumpUsers|DumpUsers is able to dump account names and information even though RestrictAnonymous has been set to 1.|
|EFSView|EFSView lists the users who have ordinary decryption keys or recovery keys for an EFS encrypted file.|
|EtherChange|EtherChange can change the Ethernet address of the network adapters in Windows.|
|EtherFlood|EtherFlood floods a switched network with ethernet frames with random hardware addresses. The effect on some switches is that they start sending all traffic out on all ports so you can sniff all traffic on the network. 
|FakeGINA|FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file.|
|FileHasher|FileHasher calculates the MD5 or SHA hash for a file.|
|GPList|GPList lists information about the applied Group Policies.|
|GrabItAll|GrabItAll performs traffic redirection by sending spoofed ARP replies.|
|GSD - Get Service DACL|GSD (Get Service DACL) gives you the DACL (Discretionary Access Control List) of any service you specify as a command line option.|
|Inzider|Shows which processes listen at which ports. Inzider was the first tool that could do this in Windows.|
|IPEye|IPEye is a TCP port scanner that can do SYN, FIN, Null and Xmas scans.|
|IPSecScan|IPSecScan is a tool that can scan either a single IP address or a range of IP addresses looking for systems that are IPSec enabled. The first IPSec scanner out there. |
|KerbCrack|KerbCrack consists of two programs, kerbsniff and kerbcrack. The sniffer listens on the network and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the passwords from the capture file using a brute force attack or a dictionary attack.|
|KLogger|KLogger is a keystroke logger for the NT-series of Windows OS's.|
|ListDrivers|ListDrivers lists the loaded kernel drivers.|
|ListModules|ListModules lists the modules (EXE's and DLL's) that are loaded into a process.|
|LNS - List NTFS Streams|LNS is a tool that searches for NTFS streams (aka alternate data streams or multiple data streams).|
|MACMatch|MACMatch lets you search for files by their last write, last access or creation time without changing any of these times.|
|MemImager|MemImager performs a memory dump using NtSystemDebugControl.|
|NSCopy|NSCopy works is a copy command with one big difference from others. If you have the "Back up files and directories" user right you will be able to copy files even if you don't have any explicit permission to read them. It doesn't take ownership of the file to do it.|
|PEriscope|PEriscope is a PE file inspection tool. It works on ordinary 32-bit files as well as 64-bit and .NET ones.|
|PMDump|PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process.|
|PromiscDetect|PromiscDetect checks locally if your network adapter(s) is running in promiscuous mode, which may be a sign that you have a sniffer running on your computer. The first tool able to do this.|
|PStoreView|PStoreView lists the contents of the Protected Storage. It usually contains things like Internet Explorer username and password autocomplete, and Outlook account names and passwords.|
|RPAK - Routing Protocol Attack Kit|RPAK is a collection of tools that can be useful for doing attacks on routing protocols. It contains tools for RIP, RIP2, IGRP and OSPF.|
|SetOwner|Allows you to set file ownership to any account, as long as you have the "Restore files and directories" user right.|
|Snitch|Snitch can sometimes turn back the asterisks in password fields to plaintext passwords.|
|SQLDict|SQLDict is a dictionary attack tool for SQL Server.|
|Tini|A simple and very small (3kb) remote shell server for Windows, coded in assembler.|
|Win32 SocketShell|Win32 SocketShell is shellcode for penetration testing. It binds to TCP port 7777 and returns the string "hacked!" when connected to.|
|Winfo|Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. It also identifies the built-in Administrator and Guest accounts, even if their names have been changed.|
|WinRelay|WinRelay is a TCP/UDP forwarder/redirector that works with both IPv4 and IPv6. You can choose the port and IP it will listen on, the source port and IP that it will connect from, and the port and IP that it will connect to.|
|WinZapper|WinZapper is a tool that lets you erase event records selectively from the Security Log in Windows NT 4.0 and Windows 2000. The first tool able to do this.|
|WPSweep|WPSweep is a simple ping sweeper, that is, it pings a range of IP addresses and lists the ones that reply.|
|WUPS - Windows UDP Port Scanner|An UDP port scanner for Windows. All port scanners for Windows only scanned TCP ports before I wrote this one.|

=====EventSentry SysAdminTools=====
Gratis bundel met tools van Netikus. \\

Commandline: \\  
| **Tool**| **Functie** |
| CheckTCP| voor het controleren of een poort op een server open staat of niet. |
| DirectoryMonitor| houd een directory (en evt. subdirectories) in de gaten en toont alle bestandswijzigingen in real-time. |
| DirectorySize| bepaald de huidige omvang van een directory inclusief subdirectories en toont deze. |
| FileReplace| doorloopt een directory (inclusief subdirectories) en vervangt meerdere exemplaren van eenzelfde bestand. |
| FPing| gedeeltelijke vervanger voor ping.exe. Pingt hosts sneller. |
| GetHTTP| voor het ophalen van bestanden via HTTP. |
| Logoff Delay| om een gebruiker na x tijd uit te loggen. |
| PageSNPP| voor het versturen van korte berichten naar piepers. |
| ServiceSecure| voor het aanpassen van servcie passwords door opgeven van gebruikersnaam en (nieuwe) wachtwoord. |
| SHA Checksum Generator| genereerd het SHA-256 checksum van een bestand en toont deze. |
| Sleep| applicatie voor het inbouwen van pauzes (in milliseconden) in een batch script. |
| SuperDelete| doorloopt een directory (inclusief subdirectories) en verwijderd meerdere exemplaren van eenzelfde bestand (bijv. alle thumbs.db bestanden). |
| TaskSecure| voor het aanpassen van de wachtwoorden van scheduled tasks. |
| Uptime| toont de uptime van de lokale machine. Kan continu uptime weergeven of eenmalig. |
| WakeOnLAN| voor het aanzetten van systemen via de netwerkkaart. |

Grafisch: \\
| **Tool**| **Functie** |
| Hardlink Shell Extension| Windows shell extensie voor het aanmaken van hardlinks vanuit het rechtsklik menu in de verkenner. |
| NetSend| grafische versie van het "net send pcnaam bericht" commando. |
| Password Assistant| grafische applicatie om wachtwoorden van user accounts op meerdere Windows NT/XP/2000 machines te veranderen. |
| ShutdownTimer| om servers/pcs na bepaalde acties in hibernate te zetten/te herstarten/gebruikers af te loggen. |
| Event Message Browser| geeft een overzicht van alle geïnstalleerde Message DLLs die gebruikt worden door applicaties/services die events in het event log plaatsen. |

Services: \\
| **Tool**| **Functie** |
| ServiceScheduler| service om services te beheren (stoppen, starten, ...) Onafhankelijk van de in Windows ingebouwde scheduler service. |
Bron:[[http://www.eventsentry.com/sysadmintools|EventSentry - SysAdmin Tools]] \\