|Hacker Enumerations Tools|
SomarSoft's DumpEvt is a Windows NT program to dump the event log in a format suitable for importing into a database.
SomarSoft's DumpReg is a program for Windows NT and Windows 95 that dumps the registry, making it easy to find keys and values containing a string.
SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/2000. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent.
Here is a little tool to dump the contents of the endpoint mapper; real ugly output, but it gives some ideas about what's running and waiting on what dynamically assigned ports.
A command-line utility to view the locally logged on users to a specified computer. Can be used to show the current interactive users, or a list of all users to ever logon through the computer.
A command-line version of Network Neighborhood or Net View, which supports filtering of specific types of computers returned (SQL, workstations only, etc.).
ProbeTS will scan a full C-Class for you to determine if terminal services are being offered up regardless of what port is actually being used.
SID2User and User2SID
Two small utilities for Windows NT that allow you to query SAM and to find out a SID value for a given account name and vice versa.
It basically allows you to get the transport names (devices) in use on a box. With NT4, the protocol name usually contains the adapter type as well as the protocol, so it was pretty easy to see stuff like modems, net cards, etc in a dump
TSEnum stands for "Terminal Services Enumeration", however this program can enumerate pretty much everything not just Terminal Services
UserDump is UserInfo with a twist. It combines LookupAccountSID and LookupAccountName with UserInfo's NetGetUserInfo calls, resulting in a SID Walker that can dump every user in a domain in a single command line.
UserInfo is a little functiod that retrieves all available information about any know user from any NT/Win2k system that you can hit 139 on.
A nice utility showing information about your NT installation including: version, build number, installation date, and whether it is a full or time limited version.