1 00:00:00,340 --> 00:00:01,800 [Autogenerated] So let's go back into our 2 00:00:01,800 --> 00:00:03,720 machine and we'll look at how we can Innu 3 00:00:03,720 --> 00:00:05,970 Morant the name spaces on the classes 4 00:00:05,970 --> 00:00:09,040 available to us using the SIM commands. 5 00:00:09,040 --> 00:00:11,020 What will then do is look at how we use 6 00:00:11,020 --> 00:00:15,040 the SIM class Explorer in PowerShell iSCSI 7 00:00:15,040 --> 00:00:17,210 to kind of do the same thing as we did 8 00:00:17,210 --> 00:00:21,190 with the PowerShell commands. Okay, so 9 00:00:21,190 --> 00:00:22,740 we're back at the terminal. What I want to 10 00:00:22,740 --> 00:00:25,490 be able to do is actually find the classes 11 00:00:25,490 --> 00:00:27,900 and instances that are available inside 12 00:00:27,900 --> 00:00:30,270 the SIM class. So to do this, we can 13 00:00:30,270 --> 00:00:32,850 actually just type get sim class. We don't 14 00:00:32,850 --> 00:00:34,860 have to pass anything to it now. This will 15 00:00:34,860 --> 00:00:38,030 go crazy and list out a whole host of 16 00:00:38,030 --> 00:00:40,630 different things, which really is kind of 17 00:00:40,630 --> 00:00:42,870 really unreadable. Even if I use this 18 00:00:42,870 --> 00:00:44,240 scroll, you could just see there's 19 00:00:44,240 --> 00:00:46,400 hundreds of these different things, so 20 00:00:46,400 --> 00:00:48,360 that doesn't really help us. So what 21 00:00:48,360 --> 00:00:50,840 we can look at is I want to be able to 22 00:00:50,840 --> 00:00:54,110 identify everything that's, for example, 23 00:00:54,110 --> 00:00:56,910 to do with the hard disk. So I can say, 24 00:00:56,910 --> 00:00:59,080 get same class, win 32. Now that's a 25 00:00:59,080 --> 00:01:01,840 little bit more kind of easier to manage. 26 00:01:01,840 --> 00:01:04,040 You'll see that it gives me the name space 27 00:01:04,040 --> 00:01:06,710 then gives me the SIM class name that I 28 00:01:06,710 --> 00:01:08,320 was trying to get to, so everything that 29 00:01:08,320 --> 00:01:10,600 contained the word disk. And then, of 30 00:01:10,600 --> 00:01:12,450 course, anything that's associated to 31 00:01:12,450 --> 00:01:15,200 that. So what this means is that we're 32 00:01:15,200 --> 00:01:18,740 able to then identify the specific class 33 00:01:18,740 --> 00:01:21,140 name that we wanted to use. So let's go a 34 00:01:21,140 --> 00:01:24,010 little bit further now. The most important 35 00:01:24,010 --> 00:01:26,970 thing he is that a SIM class such as Win 36 00:01:26,970 --> 00:01:30,740 32 disc or something else contains various 37 00:01:30,740 --> 00:01:33,460 methods. So what we do have the ability to 38 00:01:33,460 --> 00:01:36,520 do is, I could say, Get sim class. I'm 39 00:01:36,520 --> 00:01:38,440 going to do with the class name and we'll 40 00:01:38,440 --> 00:01:41,080 keep it is Win 32 star, and then what I'm 41 00:01:41,080 --> 00:01:43,480 looking for is I want to filter by the 42 00:01:43,480 --> 00:01:46,650 type of method, so I'm going to say term, 43 00:01:46,650 --> 00:01:48,790 which would basically be terminate and 44 00:01:48,790 --> 00:01:50,830 I can. Do enter and you'll see that the 45 00:01:50,830 --> 00:01:54,300 only class in the entire structure here is 46 00:01:54,300 --> 00:01:57,920 Win 32 process that happens to have term 47 00:01:57,920 --> 00:02:00,750 or what would be termination listed as a 48 00:02:00,750 --> 00:02:04,320 class method. So this is a really fast way 49 00:02:04,320 --> 00:02:07,170 have been able to identify which class it 50 00:02:07,170 --> 00:02:09,640 is that I'm trying to get to now. If we go 51 00:02:09,640 --> 00:02:13,240 back here and say Win 32 and just do 52 00:02:13,240 --> 00:02:15,730 operator like that, then of course, this 53 00:02:15,730 --> 00:02:18,070 will bring back our operating system, one 54 00:02:18,070 --> 00:02:21,440 that obviously we utilized before Now, 55 00:02:21,440 --> 00:02:25,200 though, that's helpful. What we are able 56 00:02:25,200 --> 00:02:29,090 to do, then, is to retrieve the instances 57 00:02:29,090 --> 00:02:31,380 inside that class so you can see we're 58 00:02:31,380 --> 00:02:33,210 using operating system. So let me just 59 00:02:33,210 --> 00:02:37,220 change this and we'll do went 30 to 60 00:02:37,220 --> 00:02:40,860 underscore Prock and do a stop. So that 61 00:02:40,860 --> 00:02:43,420 gives me the win 32 process or process. 62 00:02:43,420 --> 00:02:45,960 Er, I'm gonna pick the process one. So let 63 00:02:45,960 --> 00:02:48,180 me just clear this So we can see? And this 64 00:02:48,180 --> 00:02:51,450 time I'm going to use get Sim instantiate 65 00:02:51,450 --> 00:02:55,640 class name and then we'll use that win 32 66 00:02:55,640 --> 00:02:58,640 process. Now what does this give us now? 67 00:02:58,640 --> 00:03:01,410 Just what it does. It gives me a list of 68 00:03:01,410 --> 00:03:04,950 all the processes or the instances off 69 00:03:04,950 --> 00:03:07,350 that type. So that's really what the 70 00:03:07,350 --> 00:03:10,060 instance comes down to The same class is 71 00:03:10,060 --> 00:03:12,710 really the class that contains the type of 72 00:03:12,710 --> 00:03:14,370 thing that we're looking for and the 73 00:03:14,370 --> 00:03:17,190 instance because I've said it's a win 32 74 00:03:17,190 --> 00:03:20,080 process. Go and get me that. So what would 75 00:03:20,080 --> 00:03:22,660 happen if I change that to, say, process 76 00:03:22,660 --> 00:03:25,500 er, if I do that, notice what happened, so 77 00:03:25,500 --> 00:03:27,590 gets him instantiate goes and gets me the 78 00:03:27,590 --> 00:03:29,390 process. Er and sure enough, it comes back 79 00:03:29,390 --> 00:03:32,030 and says there's 2 16 core processes 80 00:03:32,030 --> 00:03:34,890 there, so you can see that the SIM 81 00:03:34,890 --> 00:03:37,440 instantiate command is for instances of 82 00:03:37,440 --> 00:03:40,110 the type that you want to get to. Now we 83 00:03:40,110 --> 00:03:42,520 can use the get sim instantiate little bit 84 00:03:42,520 --> 00:03:46,010 more and we can say, Well, what I would 85 00:03:46,010 --> 00:03:49,670 like to do is see everything in a specific 86 00:03:49,670 --> 00:03:51,970 name space. So our route name spaces 87 00:03:51,970 --> 00:03:54,120 called Route on. I'm going to say class 88 00:03:54,120 --> 00:03:57,240 name and then use underscore underscore 89 00:03:57,240 --> 00:03:59,910 name, space and press. Enter now what this 90 00:03:59,910 --> 00:04:03,680 will do. This gives me the parent name off 91 00:04:03,680 --> 00:04:06,080 the name spaces or the sub containers. At 92 00:04:06,080 --> 00:04:08,700 least that we can utilize. Which means 93 00:04:08,700 --> 00:04:11,980 that if I want to, then look for specific 94 00:04:11,980 --> 00:04:14,950 instances of things I can then use any of 95 00:04:14,950 --> 00:04:17,760 these. So I could say instances off things 96 00:04:17,760 --> 00:04:20,090 within the Microsoft one. So if I go back 97 00:04:20,090 --> 00:04:23,940 and get rid of my name space here and then 98 00:04:23,940 --> 00:04:27,030 type, I forgot to put a space there. 99 00:04:27,030 --> 00:04:29,410 Microsoft and press enter. It's not gonna 100 00:04:29,410 --> 00:04:32,160 ask me for a class name. Now let's try and 101 00:04:32,160 --> 00:04:35,220 be smart here and we'll say name space and 102 00:04:35,220 --> 00:04:37,980 do enter now notice what happens. It gives 103 00:04:37,980 --> 00:04:40,750 me an error. So just be aware that the 104 00:04:40,750 --> 00:04:44,520 name spaces that exist in the classes may 105 00:04:44,520 --> 00:04:47,650 not actually match together. So how do we 106 00:04:47,650 --> 00:04:49,790 find those? Well, we could sit here and 107 00:04:49,790 --> 00:04:51,890 write PowerShell trying to figure out what 108 00:04:51,890 --> 00:04:54,220 it is. But actually, let's go to the start 109 00:04:54,220 --> 00:04:56,810 menu here, and I'm gonna type the word 110 00:04:56,810 --> 00:04:58,170 PowerShell. I'm gonna launch the 111 00:04:58,170 --> 00:05:02,590 PowerShell I see as an administrator. And 112 00:05:02,590 --> 00:05:05,090 what this will do is launch PowerShell I s 113 00:05:05,090 --> 00:05:07,180 e which we don't normally use for 114 00:05:07,180 --> 00:05:09,240 PowerShell seven. But what you'll see is I 115 00:05:09,240 --> 00:05:11,400 have a different Adan that's been added. 116 00:05:11,400 --> 00:05:13,950 This is called the Sim Explorer. Sim 117 00:05:13,950 --> 00:05:16,360 Explorer is one that you can download If I 118 00:05:16,360 --> 00:05:19,530 just minimize this on this, you'll see I 119 00:05:19,530 --> 00:05:21,820 have Sim Explorer set up here. It's just 120 00:05:21,820 --> 00:05:23,750 that executable you could download. So I'm 121 00:05:23,750 --> 00:05:25,690 gonna put these back. And then what I can 122 00:05:25,690 --> 00:05:28,240 do is in the computer name I can specify 123 00:05:28,240 --> 00:05:29,940 the name that I wish to connect to. So I'm 124 00:05:29,940 --> 00:05:32,130 gonna choose connect and notice what 125 00:05:32,130 --> 00:05:36,050 happens. It instantly changes the view Now 126 00:05:36,050 --> 00:05:38,130 you can't zoom in on this one. So when I 127 00:05:38,130 --> 00:05:40,360 try to zoom, it zooms this section. But 128 00:05:40,360 --> 00:05:42,940 what you can see is the same list that was 129 00:05:42,940 --> 00:05:45,870 returned. If I go back here and just do 130 00:05:45,870 --> 00:05:48,680 the same syntax, you can see we've got 131 00:05:48,680 --> 00:05:53,080 default. MSD TC security. If I go here, 132 00:05:53,080 --> 00:05:57,530 you can see m S d T c Security. But we 133 00:05:57,530 --> 00:06:00,600 didn't know what was inside the Microsoft 134 00:06:00,600 --> 00:06:02,630 one, so we couldn't really do anything. So 135 00:06:02,630 --> 00:06:05,640 what we can do here is click on this one 136 00:06:05,640 --> 00:06:08,390 on. Then this will load and you'll see it 137 00:06:08,390 --> 00:06:11,740 starts to break down the things inside. If 138 00:06:11,740 --> 00:06:14,440 I know, expand the classes. You can see 139 00:06:14,440 --> 00:06:17,590 the list of classes that are available 140 00:06:17,590 --> 00:06:20,290 inside those name spaces. Now notice the 141 00:06:20,290 --> 00:06:24,040 format. Here the format is root Microsoft 142 00:06:24,040 --> 00:06:27,440 a back here and we'll go back to the one 143 00:06:27,440 --> 00:06:32,440 that we ran before. If I say slash 144 00:06:32,440 --> 00:06:35,070 Microsoft and choose enter, you'll notice 145 00:06:35,070 --> 00:06:36,670 it gives me the same thing. And that's 146 00:06:36,670 --> 00:06:38,850 because notice the syntax I was using in 147 00:06:38,850 --> 00:06:40,850 PowerShell I was literally just saying 148 00:06:40,850 --> 00:06:42,840 Microsoft Wen. In reality, it's 149 00:06:42,840 --> 00:06:45,260 hierarchical, so you have to say root 150 00:06:45,260 --> 00:06:47,780 slash Microsoft and then we can start to 151 00:06:47,780 --> 00:06:50,300 get the names of the stuff underneath so 152 00:06:50,300 --> 00:06:52,510 we could go further down so I could scroll 153 00:06:52,510 --> 00:06:54,980 here and let's go a bit further to the 154 00:06:54,980 --> 00:06:58,920 bottom. And let's say I want the Microsoft 155 00:06:58,920 --> 00:07:01,300 extended status and then you'll see that 156 00:07:01,300 --> 00:07:02,960 we get all the properties that are 157 00:07:02,960 --> 00:07:05,190 available. If there are any methods, 158 00:07:05,190 --> 00:07:08,030 we can get that, too. So if I say win 32 159 00:07:08,030 --> 00:07:10,620 provider or if I want to go to a timer 160 00:07:10,620 --> 00:07:13,100 event, you can see the properties and any 161 00:07:13,100 --> 00:07:15,600 methods. So the nice thing about a tool 162 00:07:15,600 --> 00:07:18,230 like this is it allows me to kind of move 163 00:07:18,230 --> 00:07:20,690 backwards and forwards inside here so I 164 00:07:20,690 --> 00:07:23,550 can click Windows I can, then say remote 165 00:07:23,550 --> 00:07:27,630 access client M s 409 So I can click into 166 00:07:27,630 --> 00:07:29,190 here and notice it refreshes at the 167 00:07:29,190 --> 00:07:32,250 bottom. So depending where you click will 168 00:07:32,250 --> 00:07:35,230 then determine any properties or methods 169 00:07:35,230 --> 00:07:37,800 that might be available. So there's some 170 00:07:37,800 --> 00:07:39,960 Explorer is a way of you moving and 171 00:07:39,960 --> 00:07:43,130 traversing up and down the tree to kind of 172 00:07:43,130 --> 00:07:46,280 see what is available on the options that 173 00:07:46,280 --> 00:07:48,410 are there. So five, for example, do go 174 00:07:48,410 --> 00:07:50,810 back up to here, do default, click on 175 00:07:50,810 --> 00:07:53,890 properties, methods, classes you can see 176 00:07:53,890 --> 00:07:55,810 the list of classes come in, and you can 177 00:07:55,810 --> 00:07:57,770 obviously go backwards and forwards so 178 00:07:57,770 --> 00:08:00,220 highly recommend using the same Explorer 179 00:08:00,220 --> 00:08:02,130 as an ability to kind of just view the 180 00:08:02,130 --> 00:08:04,210 structure in more of a hierarchical 181 00:08:04,210 --> 00:08:07,080 process instead of trying to guess, or at 182 00:08:07,080 --> 00:08:08,870 least try and figure out. But if you are 183 00:08:08,870 --> 00:08:11,430 going to do that, then what you can do is 184 00:08:11,430 --> 00:08:13,810 you can obviously build this structure 185 00:08:13,810 --> 00:08:17,190 here. So if I say Windows, it'll break it 186 00:08:17,190 --> 00:08:19,440 down even further so you can see we just 187 00:08:19,440 --> 00:08:21,450 literally going slash across and moving 188 00:08:21,450 --> 00:08:24,940 it. So let me do that and do one more, and 189 00:08:24,940 --> 00:08:27,480 then I'm going to say DNS and then do 190 00:08:27,480 --> 00:08:30,590 AD DS gives me a value. So that's the kind 191 00:08:30,590 --> 00:08:33,080 of the logic behind this is to be able to 192 00:08:33,080 --> 00:08:38,000 find the classes, find the properties and retrieve the values that would be needed.