Properties
Advanced Security Settings
Permission Entry
cmd
¶!dir c:\p*
Volume in drive C is Windows7_OS Volume Serial Number is 4814-FA88 Directory of c:\ 07. 12. 2019 11:14 <DIR> PerfLogs 20. 03. 2023 17:08 <DIR> Program Files 02. 10. 2023 14:44 <DIR> Program Files (x86) 30. 06. 2017 20:55 <DIR> projekty.science.upjs.sk 29. 11. 2020 17:19 <DIR> Python27 23. 11. 2020 17:40 <DIR> Python39 0 File(s) 0 bytes 6 Dir(s) 1˙502˙818˙304 bytes free
!dir /Q c:\p*
Volume in drive C is Windows7_OS Volume Serial Number is 4814-FA88 Directory of c:\ 07. 12. 2019 11:14 <DIR> ... PerfLogs 20. 03. 2023 17:08 <DIR> NT SERVICE\TrustedInstaProgram Files 02. 10. 2023 14:44 <DIR> NT SERVICE\TrustedInstaProgram Files (x86) 30. 06. 2017 20:55 <DIR> RKB-TP\rkb projekty.science.upjs.sk 29. 11. 2020 17:19 <DIR> NT AUTHORITY\SYSTEM Python27 23. 11. 2020 17:40 <DIR> BUILTIN\Administrators Python39 0 File(s) 0 bytes 6 Dir(s) 1˙502˙277˙632 bytes free
!dir c:\r*
Volume in drive C is Windows7_OS Volume Serial Number is 4814-FA88 Directory of c:\ 04. 10. 2023 08:48 <DIR> rkb 0 File(s) 0 bytes 1 Dir(s) 1˙467˙432˙960 bytes free
!dir /a c:\r*
Volume in drive C is Windows7_OS Volume Serial Number is 4814-FA88 Directory of c:\ 09. 03. 2022 15:43 <DIR> Recovery 04. 10. 2023 08:48 <DIR> rkb 0 File(s) 0 bytes 2 Dir(s) 1˙467˙273˙216 bytes free
!icacls "c:\Program Files"
c:\Program Files NT SERVICE\TrustedInstaller:(F) NT SERVICE\TrustedInstaller:(CI)(IO)(F) NT AUTHORITY\SYSTEM:(M) NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F) BUILTIN\Administrators:(M) BUILTIN\Administrators:(OI)(CI)(IO)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(OI)(CI)(IO)(F) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE) APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(RX) APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE) Successfully processed 1 files; Failed processing 0 files
!powershell -command " dir c:\p* "
Directory: C:\ Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 7. 12. 2019 10:14 PerfLogs d-r--- 20. 3. 2023 16:08 Program Files d-r--- 2. 10. 2023 14:44 Program Files (x86) d----- 30. 6. 2017 20:55 projekty.science.upjs.sk d----- 29. 11. 2020 16:19 Python27 d----- 23. 11. 2020 16:40 Python39
!powershell -command " dir -hidden c:\ "
Directory: C:\ Mode LastWriteTime Length Name ---- ------------- ------ ---- d--hs- 5. 8. 2016 11:00 $Recycle.Bin d--h-- 18. 9. 2023 8:06 $WINDOWS.~BT d--h-- 18. 9. 2023 8:04 $WinREAgent d--hs- 28. 7. 2016 9:30 Boot d--hsl 14. 7. 2009 7:08 Documents and Settings d--h-- 26. 9. 2022 18:14 ProgramData d--hs- 9. 3. 2022 14:43 Recovery d--hs- 5. 5. 2023 12:07 System Volume Information -a-h-- 25. 12. 2017 7:09 0 $WINRE_BACKUP_PARTITION.MARKE R -arhs- 21. 11. 2010 4:23 383786 bootmgr -a-hs- 30. 10. 2015 8:18 1 BOOTNXT -arhs- 30. 1. 2014 20:47 8192 BOOTSECT.BAK ---hs- 20. 2. 2023 8:55 112 bootTel.dat -a-hs- 2. 10. 2023 14:42 8192 DumpStack.log.tmp -a-hs- 3. 10. 2023 15:24 6190977024 hiberfil.sys -a-hs- 2. 10. 2023 14:42 8589934592 pagefile.sys -a-hs- 2. 10. 2023 14:42 16777216 swapfile.sys
!powershell -command " ls c:\p* "
Directory: C:\ Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 7. 12. 2019 10:14 PerfLogs d-r--- 20. 3. 2023 16:08 Program Files d-r--- 2. 10. 2023 14:44 Program Files (x86) d----- 30. 6. 2017 20:55 projekty.science.upjs.sk d----- 29. 11. 2020 16:19 Python27 d----- 23. 11. 2020 16:40 Python39
!powershell -command " Get-ChildItem c:\p* "
Directory: C:\ Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 7. 12. 2019 10:14 PerfLogs d-r--- 20. 3. 2023 16:08 Program Files d-r--- 2. 10. 2023 14:44 Program Files (x86) d----- 30. 6. 2017 20:55 projekty.science.upjs.sk d----- 29. 11. 2020 16:19 Python27 d----- 23. 11. 2020 16:40 Python39
!powershell -command " Get-ChildItem c:\p* "
Directory: C:\ Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 7. 12. 2019 10:14 PerfLogs d-r--- 20. 3. 2023 16:08 Program Files d-r--- 2. 10. 2023 14:44 Program Files (x86) d----- 30. 6. 2017 20:55 projekty.science.upjs.sk d----- 29. 11. 2020 16:19 Python27 d----- 23. 11. 2020 16:40 Python39
# funguje nielen pre súbory, ale aj registre
!powershell -command " Get-ChildItem -Path HKLM:\HARDWARE "
Hive: HKEY_LOCAL_MACHINE\HARDWARE Name Property ---- -------- ACPI DESCRIPTION DEVICEMAP RESOURCEMAP
!powershell -command " dir HKLM:\HARDWARE "
Hive: HKEY_LOCAL_MACHINE\HARDWARE Name Property ---- -------- ACPI DESCRIPTION DEVICEMAP RESOURCEMAP
!powershell -command " Get-Acl c:\ | Format-List "
Path : Microsoft.PowerShell.Core\FileSystem::C:\ Owner : NT SERVICE\TrustedInstaller Group : NT SERVICE\TrustedInstaller Access : NT AUTHORITY\Authenticated Users Allow AppendData NT AUTHORITY\Authenticated Users Allow -536805376 NT AUTHORITY\SYSTEM Allow FullControl NT AUTHORITY\SYSTEM Allow 268435456 BUILTIN\Administrators Allow 268435456 BUILTIN\Administrators Allow FullControl BUILTIN\Users Allow ReadAndExecute, Synchronize Audit : Sddl : O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1- 5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;LC; ;;AU)(A;OICIIO;SDGXGWGR;;;AU)(A;;FA;;;SY)(A;OICIIO;GA;;;SY)(A;OICIIO;G A;;;BA)(A;;FA;;;BA)(A;OICI;0x1200a9;;;BU)
!powershell -command " Get-Acl c:\ | fl "
Path : Microsoft.PowerShell.Core\FileSystem::C:\ Owner : NT SERVICE\TrustedInstaller Group : NT SERVICE\TrustedInstaller Access : NT AUTHORITY\Authenticated Users Allow AppendData NT AUTHORITY\Authenticated Users Allow -536805376 NT AUTHORITY\SYSTEM Allow FullControl NT AUTHORITY\SYSTEM Allow 268435456 BUILTIN\Administrators Allow 268435456 BUILTIN\Administrators Allow FullControl BUILTIN\Users Allow ReadAndExecute, Synchronize Audit : Sddl : O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1- 5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;LC; ;;AU)(A;OICIIO;SDGXGWGR;;;AU)(A;;FA;;;SY)(A;OICIIO;GA;;;SY)(A;OICIIO;G A;;;BA)(A;;FA;;;BA)(A;OICI;0x1200a9;;;BU)
!powershell " Get-Acl C:\Windows\s*.log | Format-List -Property PSPath, Sddl "
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\setupact.log Sddl : O:BAG:SYD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x12 00a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\setuperr.log Sddl : O:SYG:SYD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x12 00a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\sk-SK.log Sddl : O:SYG:SYD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x12 00a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\SK-SK_IE11.log Sddl : O:SYG:SYD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x12 00a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\Synaptics.log Sddl : O:SYG:SYD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x12 00a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\Synaptics.PD.log Sddl : O:SYG:SYD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x12 00a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)
!powershell -command " Get-ChildItem -Attributes Compressed c:\ "
Directory: C:\ Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 31. 5. 2016 10:23 DRIVERS d----- 8. 6. 2020 17:32 Intel