Commit d1b685c
Changed files (4)
corpus
windows
corpus/windows/processes/processes.csv
@@ -1,7 +1,7 @@
-windows processes: System Process (pid 4) - Session Manager = [?].exe,smss,windows_processes
-windows processes: Windows Subsystem - [?].exe,csrss,windows_processes
-windows processes: Windows Initialization - [?].exe,winint,windows_processes
-windows processes: Service Control Manager - [?].exe,services,windows_processes
-windows processes: Local Security Authentication Server - [?].exe,lsass,windows_processes
-windows processes: Local Session Manager - [?].exe,lsm,windows_processes
-windows processes: Login Process - [?].exe,winlogon,windows_processes
+System Process (pid 4) - Session Manager = [?].exe,smss,windows_processes
+Windows Subsystem - [?].exe,csrss,windows_processes
+Windows Initialization - [?].exe,winint,windows_processes
+Service Control Manager - [?].exe,services,windows_processes
+Local Security Authentication Server - [?].exe,lsass,windows_processes
+Local Session Manager - [?].exe,lsm,windows_processes
+Login Process - [?].exe,winlogon,windows_processes
corpus/windows/shell/cmd.csv
@@ -1,18 +0,0 @@
-# windows cmd: ,whoami,windows_cmd
-# windows cmd: ,hostname,windows_cmd
-# windows cmd: ,ver,windows_cmd
-# windows cmd: ,systeminfo,windows_cmd
-# windows cmd: ,date /t,windows_cmd
-# windows cmd: ,time /t,windows_cmd
-# windows cmd: ,type,windows_cmd
-# windows cmd: ,echo,windows_cmd
-# windows cmd: ,more,windows_cmd
-# windows cmd: ,start,windows_cmd
-# windows cmd: ,sort,windows_cmd
-# windows cmd: ,cls,windows_cmd
-# windows cmd: ,ipconfig,windows_cmd
-# windows cmd: ,,windows_cmd
-# windows cmd: ,,windows_cmd
-# windows cmd: ,,windows_cmd
-# windows cmd: ,,windows_cmd
-# windows cmd: ,,windows_cmd
corpus/windows/cmd.csv
@@ -0,0 +1,95 @@
+# ,whoami,windows_cmd
+# ,hostname,windows_cmd
+# ,ver,windows_cmd
+# ,systeminfo,windows_cmd
+# ,date /t,windows_cmd
+# ,time /t,windows_cmd
+# ,type,windows_cmd
+# ,echo,windows_cmd
+# ,more,windows_cmd
+# ,start,windows_cmd
+# ,sort,windows_cmd
+# ,cls,windows_cmd
+# ,ipconfig,windows_cmd
+# ,,windows_cmd
+# ,,windows_cmd
+# ,,windows_cmd
+# ,,windows_cmd
+#
+# ,,
+# auditpol
+Displays information about and performs functions to manipulate audit policies: ?,auditpol,windows_cmd
+auditpol.exe was added in which version of Windows?,vista,windows_cmd
+[Flag] Display the current audit policy: auditpol /[?] /category:*,get,windows_cmd
+[Flag] Save the current audit policy to a file: auditpol /[?] /file:c:\filename,backup,windows_cmd
+[T/F] auditpol.exe can be run on a remote system (via /s)?,F,windows_cmd
+
+# driver query
+Display a list of all installed device drivers and their properties: [?].exe,driverquery,windows_cmd
+[T/F] driverquery.exe can be run on a remote system?,T,windows_cmd
+[Flag] Display digital signature information: driverquery /[?],si,windows_cmd
+
+# cmd
+Windows' default command shell: [?].exe,cmd,windows_cmd
+
+# ds
+Active Directory Domain Services commands (add, mod, get, query) start with this prefix,ds,windows_cmd
+Add active directory object: [?].exe,dsadd,windows_cmd
+Modify an active directory object: [?].exe,dsmod,windows_cmd
+View active directory objects: [?].exe,dsget,windows_cmd
+Rename or Move an active directory object to a different OU: [?].exe,dsmove,windows_cmd
+Delete active directory objects: [?].exe,dsrm,windows_cmd
+
+# acl
+Display or modify Access Controle Lists (Pre-Vista): [?].exe,cacls,windows_cmd
+Display or modify Access Controle Lists (Vista+): [?].exe,icacls,windows_cmd
+Which version of Windows introducted the new ACL file/folder permissions tool icacls.exe?,vista,windows_cmd
+
+# sc
+Create, stop, start, query or delete any windows service: [?].exe,sc,windows_cmd
+
+# systeminfo
+Display detailed config info about a computer: [?].exe,systeminfo,windows_cmd
+[T/F] systeminfo.exe can be run on a remote system (via /s)?,T,windows_cmd
+
+# taskkill
+End one or more processes (by id or name): [?].exe,taskkill,windows_cmd
+[T/F] taskkill.exe can be run on a remote system (via /s)?,T,windows_cmd
+[T/F] taskkill.exe can be used to kill more than one process?,T,windows_cmd
+[Flag] Specify the process to be killed by name: taskkill /[?] notepad.exe?,im,windows_cmd
+[Flag] Specify the process to be killed by process id: taskkill /[?] notepad.exe,pid,windows_cmd
+
+# tasklist
+List of applications and services with their Process ID: [?].exe,tasklist,windows_cmd
+[T/F] tasklist.exe can be run on a remote system (via /s)?,T,windows_cmd
+[T/F] tasklist.exe can be used to kill more than one process?,T,windows_cmd
+[Flag] Specify the process to be killed by name: taskkill /[?] notepad.exe,im,windows_cmd
+[Flag] Specify the process to be killed by process id: taskkill /[?] notepad.exe,pid,windows_cmd
+
+# task[kill|list] filters
+[T/F] /fi "PID eq 2223" is a valid taskkill or tasklist filter?,T,windows_cmd
+[T/F] /fi "PID gt 2233" is a valid taskkill or tasklist filter?,T,windows_cmd
+[T/F] /fi "USERNAME eq NT AUTHORITY\SYSTEM" is a valid taskkill or tasklist filter?,T,windows_cmd
+[T/F] /fi "USERNAME ne NT*" is a valid taskkill or tasklist filter?,T,windows_cmd
+[T/F] /fi "IMAGENAME eq Notepad.exe" is a valid taskkill or tasklist filter?,T,windows_cmd
+[T/F] /fi "PID == 2223" is a valid taskkill or tasklist filter?,F,windows_cmd
+[T/F] /fi "PID > 2233" is a valid taskkill or tasklist filter?,F,windows_cmd
+[T/F] /fi "USERNAME == NT AUTHORITY\SYSTEM" is a valid taskkill or tasklist filter?,F,windows_cmd
+[T/F] /fi "USERNAME != NT*" is a valid taskkill or tasklist filter?,F,windows_cmd
+[T/F] /fi "IMAGENAME == Notepad.exe" is a valid taskkill or tasklist filter?,F,windows_cmd
+[T/F] /fi "IMAGENAME ge Notepad.exe" is a valid taskkill or tasklist filter?,F,windows_cmd
+[T/F] /fi "Services eq 0" is a valid taskkill or tasklist filter?,F,windows_cmd
+[T/F] /fi "Session eq 0" is a valid taskkill or tasklist filter?,T,windows_cmd
+[T/F] /fi "Modules eq stsfp.dll" is a valid taskkill or tasklist filter?,T,windows_cmd
+[T/F] /fi "Modules == stsfp.dll" is a valid taskkill or tasklist filter?,T,windows_cmd
+[T/F] /fi "Status eq ACTIVE" is a valid taskkill or tasklist filter?,F,windows_cmd
+[T/F] /fi "Status eq DISABLED" is a valid taskkill or tasklist filter?,F,windows_cmd
+[T/F] /fi "Status eq RUNNING" is a valid taskkill or tasklist filter?,T,windows_cmd
+
+# wevutil
+Retrieve information about event logs and publishers: [?].exe,wevtutil,windows_cmd
+Display the names of all logs (short version): wevtutil [?],el,windows_cmd
+Display System event logs (short version): wevtutil [?] System,qe,windows_cmd
+[Flag] Return events in reverse order: wevtutil /[?]:true,rd,windows_cmd
+[Flag] Limit the results to 5 logs: wevtutil /[?]:5,c,windows_cmd
+
corpus/windows/releases.csv
@@ -1,35 +1,35 @@
-windows releases: Windows 10 = NT [?],10.0,windows_releases
-windows releases: Windows Server 2016 = NT [?],10.0,windows_releases
-windows releases: Windows 8.1 = NT [?],6.3,windows_releases
-windows releases: Windows Server 2012 R2 = NT [?],6.3,windows_releases
-windows releases: Windows 8 = NT [?],6.2,windows_releases
-windows releases: Windows Server 2012 = NT [?],6.2,windows_releases
-windows releases: Windows 7 = NT [?],6.1,windows_releases
-windows releases: Windows 2008 R2 = NT [?],6.1,windows_releases
-windows releases: Windows Vista = NT [?],6.0,windows_releases
-windows releases: Windows Server 2008 = NT [?],6.0,windows_releases
-windows releases: Windows XP Professional x64 = NT [?],5.2,windows_releases
-windows releases: Windows Server 2003 R2 = NT [?],5.2,windows_releases
-windows releases: Windows Server 2003 = NT [?],5.2,windows_releases
-windows releases: Windows XP = NT [?],5.1,windows_releases
-windows releases: Windows ME = [?],4.9,windows_releases
-windows releases: Windows 2000 = NT [?],5.0,windows_releases
-windows releases: Windows 98 = [?],4.10,windows_releases
-windows releases: Windows 95 = [?],4.00,windows_releases
-windows releases: NT 10.0 = Windows [?],10,windows_releases
-windows releases: NT 10.0 = Windows Server [?],2016,windows_releases
-windows releases: NT 6.3 = Windows [?],8.1,windows_releases
-windows releases: NT 6.3 = Windows Server [?],2012 R2,windows_releases
-windows releases: NT 6.2 = Windows [?],8,windows_releases
-windows releases: NT 6.2 = Windows Server [?],2012,windows_releases
-windows releases: NT 6.1 = Windows [?],7,windows_releases
-windows releases: NT 6.1 = Windows Server [?],2008 R2,windows_releases
-windows releases: NT 6.0 = Windows [?],Vista,windows_releases
-windows releases: NT 6.0 = Windows Server [?],2008,windows_releases
-windows releases: NT 5.2 = Windows [?],XP Professional x64,windows_releases
-windows releases: NT 5.2 = Windows Server [?] (and R2),2003,windows_releases
-windows releases: NT 5.1 = Windows [?],XP,windows_releases
-windows releases: NT 5.0 = Windows [?],2000,windows_releases
-windows releases: 4.10 = Windows [?],98,windows_releases
-windows releases: 4.9 = Windows [?],ME,windows_releases
-windows releases: 4.00 = Windows [?],95,windows_releases
+Windows 10 = NT [?],10.0,windows_releases
+Windows Server 2016 = NT [?],10.0,windows_releases
+Windows 8.1 = NT [?],6.3,windows_releases
+Windows Server 2012 R2 = NT [?],6.3,windows_releases
+Windows 8 = NT [?],6.2,windows_releases
+Windows Server 2012 = NT [?],6.2,windows_releases
+Windows 7 = NT [?],6.1,windows_releases
+Windows 2008 R2 = NT [?],6.1,windows_releases
+Windows Vista = NT [?],6.0,windows_releases
+Windows Server 2008 = NT [?],6.0,windows_releases
+Windows XP Professional x64 = NT [?],5.2,windows_releases
+Windows Server 2003 R2 = NT [?],5.2,windows_releases
+Windows Server 2003 = NT [?],5.2,windows_releases
+Windows XP = NT [?],5.1,windows_releases
+Windows ME = [?],4.9,windows_releases
+Windows 2000 = NT [?],5.0,windows_releases
+Windows 98 = [?],4.10,windows_releases
+Windows 95 = [?],4.00,windows_releases
+NT 10.0 = Windows [?],10,windows_releases
+NT 10.0 = Windows Server [?],2016,windows_releases
+NT 6.3 = Windows [?],8.1,windows_releases
+NT 6.3 = Windows Server [?],2012 R2,windows_releases
+NT 6.2 = Windows [?],8,windows_releases
+NT 6.2 = Windows Server [?],2012,windows_releases
+NT 6.1 = Windows [?],7,windows_releases
+NT 6.1 = Windows Server [?],2008 R2,windows_releases
+NT 6.0 = Windows [?],Vista,windows_releases
+NT 6.0 = Windows Server [?],2008,windows_releases
+NT 5.2 = Windows [?],XP Professional x64,windows_releases
+NT 5.2 = Windows Server [?] (and R2),2003,windows_releases
+NT 5.1 = Windows [?],XP,windows_releases
+NT 5.0 = Windows [?],2000,windows_releases
+4.10 = Windows [?],98,windows_releases
+4.9 = Windows [?],ME,windows_releases
+4.00 = Windows [?],95,windows_releases