#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2010
    Posts
    22
    Rep Power
    0

    Data formatting queries


    Hello guys, basically what i have done is that i have created an windows audit script. So basically i output the raw result to a text file. The problem starts here, some words/white spaces in the text file are not needed and i would like to filter them out. Hence, my question is can the problem be solved by using regular expression in the command prompt?

    Code:
    Result
            START_TYPE         : 4   DISABLED
            DISPLAY_NAME       : Alerter  
            START_TYPE         : 2   AUTO_START
            DISPLAY_NAME       : Automatic Updates  
            START_TYPE         : 3   DEMAND_START
            DISPLAY_NAME       : Background Intelligent Transfer Service  
            START_TYPE         : 4   DISABLED
            DISPLAY_NAME       : ClipBook  
            START_TYPE         : 2   AUTO_START
            DISPLAY_NAME       : Computer Browser  
            START_TYPE         : 2   AUTO_START
            DISPLAY_NAME       : Fax  
            START_TYPE         : 4   DISABLED
            DISPLAY_NAME       : IIS Admin  
            START_TYPE         : 2   AUTO_START
            DISPLAY_NAME       : Indexing Service  
            START_TYPE         : 4   DISABLED
            DISPLAY_NAME       : Messenger  
            START_TYPE         : 3   DEMAND_START
            DISPLAY_NAME       : Net Logon  
            START_TYPE         : 3   DEMAND_START
            DISPLAY_NAME       : NetMeeting Remote Desktop Sharing  
            START_TYPE         : 3   DEMAND_START
            DISPLAY_NAME       : Remote Desktop Help Session Manager  
            START_TYPE         : 2   AUTO_START
            DISPLAY_NAME       : Remote Registry  
            START_TYPE         : 4   DISABLED
            DISPLAY_NAME       : Routing and Remote Access  
            START_TYPE         : 2   AUTO_START
            DISPLAY_NAME       : Simple Mail Transfer Protocol (SMTP)  
            START_TYPE         : 2   AUTO_START
            DISPLAY_NAME       : SNMP Service  
            START_TYPE         : 3   DEMAND_START
            DISPLAY_NAME       : SNMP Trap Service  
            START_TYPE         : 2   AUTO_START
            DISPLAY_NAME       : Task Scheduler  
            START_TYPE         : 4   DISABLED
            DISPLAY_NAME       : Telnet  
            START_TYPE         : 3   DEMAND_START
            DISPLAY_NAME       : Terminal Services  
            START_TYPE         : 3   DEMAND_START
            DISPLAY_NAME       : Universal Plug and Play Device Host  
            START_TYPE         : 2   AUTO_START
            DISPLAY_NAME       : World Wide Web Publishing  
    C:\windows\System32\at.exe SEAN\IUSR_SEAN:N 
                               BUILTIN\Administrators:F 
                               NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\attrib.exe SEAN\IUSR_SEAN:N 
                                   BUILTIN\Administrators:F 
                                   NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\cacls.exe SEAN\IUSR_SEAN:N 
                                  BUILTIN\Administrators:F 
                                  NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\debug.exe SEAN\IUSR_SEAN:N 
                                  BUILTIN\Administrators:F 
                                  NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\drwatson.exe SEAN\IUSR_SEAN:N 
                                     BUILTIN\Administrators:F 
                                     NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\drwtsn32.exe SEAN\IUSR_SEAN:N 
                                     BUILTIN\Administrators:F 
                                     NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\edlin.exe SEAN\IUSR_SEAN:N 
                                  BUILTIN\Administrators:F 
                                  NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\eventcreate.exe SEAN\IUSR_SEAN:N 
                                        BUILTIN\Administrators:F 
                                        NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\eventtriggers.exe SEAN\IUSR_SEAN:N 
                                          BUILTIN\Administrators:F 
                                          NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\ftp.exe SEAN\IUSR_SEAN:N 
                                BUILTIN\Administrators:F 
                                NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\net.exe SEAN\IUSR_SEAN:N 
                                BUILTIN\Administrators:F 
                                NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\net1.exe SEAN\IUSR_SEAN:N 
                                 BUILTIN\Administrators:F 
                                 NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\netsh.exe SEAN\IUSR_SEAN:N 
                                  BUILTIN\Administrators:F 
                                  NT AUTHORITY\SYSTEM:F 
                                NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\reg.exe SEAN\IUSR_SEAN:N 
                                BUILTIN\Administrators:F 
                                NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\regedt32.exe SEAN\IUSR_SEAN:N 
                                     BUILTIN\Administrators:F 
                                     NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\regsvr32.exe SEAN\IUSR_SEAN:N 
                                     BUILTIN\Administrators:F 
                                     NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\rexec.exe SEAN\IUSR_SEAN:N 
                                  BUILTIN\Administrators:F 
                                  NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\rsh.exe SEAN\IUSR_SEAN:N 
                                BUILTIN\Administrators:F 
                                NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\runas.exe SEAN\IUSR_SEAN:N 
                                  BUILTIN\Administrators:F 
                                  NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\sc.exe SEAN\IUSR_SEAN:N 
                               BUILTIN\Administrators:F 
                               NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\subst.exe SEAN\IUSR_SEAN:N 
                                  BUILTIN\Administrators:F 
                                  NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\telnet.exe SEAN\IUSR_SEAN:N 
                                   BUILTIN\Administrators:F 
                                   NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\tftp.exe SEAN\IUSR_SEAN:N 
                                 BUILTIN\Administrators:F 
                                 NT AUTHORITY\SYSTEM:F 
    C:\windows\System32\tlntsvr.exe SEAN\IUSR_SEAN:N 
                                    BUILTIN\Administrators:F 
                                    NT AUTHORITY\SYSTEM:F 
    [Privilege Rights]
    SeNetworkLogonRight = *S-1-1-0,IUSR_SEAN,IWAM_SEAN,Administrators,Users,Power Users,Backup Operators
    SeBackupPrivilege = Administrators,Backup Operators
    SeChangeNotifyPrivilege = *S-1-1-0,Administrators,Users,Power Users,Backup Operators
    SeSystemtimePrivilege = Administrators,Power Users
    SeCreatePagefilePrivilege = Administrators
    SeDebugPrivilege = Administrators
    SeRemoteShutdownPrivilege = Administrators
    SeAuditPrivilege = *S-1-5-19,*S-1-5-20
    SeIncreaseQuotaPrivilege = *S-1-5-19,*S-1-5-20,IWAM_SEAN,Administrators
    SeIncreaseBasePriorityPrivilege = Administrators
    SeLoadDriverPrivilege = Administrators
    SeBatchLogonRight = SUPPORT_388945a0,IUSR_SEAN,IWAM_SEAN,Administrator
    SeServiceLogonRight = *S-1-5-20
    SeInteractiveLogonRight = IUSR_SEAN,Guest,Administrators,Users,Power Users,Backup Operators
    SeSecurityPrivilege = Administrators
    SeSystemEnvironmentPrivilege = Administrators
    SeProfileSingleProcessPrivilege = Administrators,Power Users
    SeSystemProfilePrivilege = Administrators
    SeAssignPrimaryTokenPrivilege = *S-1-5-19,*S-1-5-20,IWAM_SEAN
    SeRestorePrivilege = Administrators,Backup Operators
    SeShutdownPrivilege = Administrators,Users,Power Users,Backup Operators
    SeTakeOwnershipPrivilege = Administrators
    SeDenyNetworkLogonRight = SUPPORT_388945a0,Guest
    SeDenyInteractiveLogonRight = SUPPORT_388945a0,Guest
    SeUndockPrivilege = Administrators,Users,Power Users
    SeManageVolumePrivilege = Administrators
    SeRemoteInteractiveLogonRight = Administrators,Remote Desktop Users
    SeImpersonatePrivilege = Administrators,*S-1-5-6
    SeCreateGlobalPrivilege = Administrators,*S-1-5-4,*S-1-5-6
    [Version]
    signature="$CHICAGO$"
    Revision=1
    
    Domain profile configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    Exception mode                    = Enable
    Multicast/broadcast response mode = Enable
    Notification mode                 = Enable
    
    Service configuration for Domain profile:
    Mode     Customized  Name
    -------------------------------------------------------------------
    Enable   No          UPnP Framework
    
    Allowed programs configuration for Domain profile:
    Mode     Name / Program
    -------------------------------------------------------------------
    Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Enable   Message Queuing / C:\WINDOWS\system32\mqsvc.exe
    
    Port configuration for Domain profile:
    Port   Protocol  Mode     Name
    -------------------------------------------------------------------
    1900   UDP       Enable   SSDP Component of UPnP Framework
    2869   TCP       Enable   UPnP Framework over TCP
    
    Standard profile configuration (current):
    -------------------------------------------------------------------
    Operational mode                  = Disable
    Exception mode                    = Enable
    Multicast/broadcast response mode = Enable
    Notification mode                 = Enable
    
    Service configuration for Standard profile:
    Mode     Customized  Name
    -------------------------------------------------------------------
    Enable   No          File and Printer Sharing
    Enable   No          UPnP Framework
    Enable   No          Remote Desktop
    Enable   No          Remote Administration
    
    Allowed programs configuration for Standard profile:
    Mode     Name / Program
    -------------------------------------------------------------------
    Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Enable   Apache HTTP Server / C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
    Enable   Apache HTTP Server / C:\xampp\apache\bin\httpd.exe
    Enable   Message Queuing / C:\WINDOWS\system32\mqsvc.exe
    Enable   The MySQL Server / C:\xampp\mysql\bin\mysqld.exe
    
    Port configuration for Standard profile:
    Port   Protocol  Mode     Name
    -------------------------------------------------------------------
    139    TCP       Enable   NetBIOS Session Service
    445    TCP       Enable   SMB over TCP
    137    UDP       Enable   NetBIOS Name Service
    138    UDP       Enable   NetBIOS Datagram Service
    1900   UDP       Enable   SSDP Component of UPnP Framework
    2869   TCP       Enable   UPnP Framework over TCP
    3389   TCP       Enable   Remote Desktop
    
    Log configuration:
    -------------------------------------------------------------------
    File location   = C:\WINDOWS\pfirewall.log
    Max file size   = 4096 KB
    Dropped packets = Disable
    Connections     = Disable
    
    Local Area Connection firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    Last edited by requinix; July 12th, 2010 at 02:01 PM. Reason: code tags
  2. #2
  3. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,295
    Rep Power
    9400
    I added [code] tags ( button) around the output. Makes it quite a bit easier to read. Keep that in mind for next time, okay?

    1. You didn't mention what parts you wanted and which you didn't.
    2. What do you mean by "regular expression in the command prompt"?
  4. #3
  5. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    2. What do you mean by "regular expression in the command prompt"?
    Perhaps he meant awk, in which case there's a great many great websites teaching you how to use it.

    -Dan
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  6. #4
  7. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,295
    Rep Power
    9400
    Originally Posted by ManiacDan
    Perhaps he meant awk, in which case there's a great many great websites teaching you how to use it.
    I thought about that, but if he was able to install the various mingw/cygwin Unix ports then I'd think he was familiar with them enough to explicitly say "awk" or "grep" or something.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2010
    Posts
    22
    Rep Power
    0
    Okay Requinix. Basically im doing a web based auditing toolkit where users will download the audit batch script and run it so that the result will be output to a text file. I will need it to be formatted properly. My question is, can words be filtered off and formatted solely in the cmd itself?

    Raw Results
    Code:
    START_TYPE         : 4   DISABLED
    DISPLAY_NAME      : Alerter 
    
    
    C:\windows\System32\at.exe SEAN\IUSR_SEAN:N 
                               BUILTIN\Administrators:F 
                               NT AUTHORITY\SYSTEM:F
    Desired Format
    Code:
    DISPLAY_NAME   START_TYPE
    Alerter         DISABLED
    
    at.exe
    Administrators:F 
    SYSTEM:F

IMN logo majestic logo threadwatch logo seochat tools logo