Windows Command Line kill process tips

During Penetration Testing, some software may inevitably affect penetration testing. In this case, some measures or tools are required to end the process that hinders penetration, this article shares the small tips of the three ending processes, pure kepan, which is just a reference, as shown below:

1、PsKill.exe

PsKill may be the oldest and most commonly used method to end processes in Microsoft Windows command lines. It was a tool in the Sysinternals toolkit developed by Mark Russinovich, a foreign security research institute, it is now acquired by Microsoft.
You can transmit the PID of a process and end the process through pskill.

C：\> pskill $PID

22.16taskkill.exe

TASKKILL is a built-in Microsoft Windows Command that can be used to terminate a process. The specific command rules are as follows:

TASKKILL [/S system [/U username [/P [password]]]] { [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]

Parameter List:

/S system specifies the remote system to connect. /U [domain \] user specifies the user context in which the command should be executed. /P [password] specifies a password for the provided user context. If this parameter is ignored, a prompt is displayed. /F specifies the process to be forcibly terminated. /FI filter specifies to filter in or out the query tasks. /PID process id specifies the PID of the process to terminate. /IM image name specifies the image name of the process to terminate. The wildcard '*' can be used to specify all image names. /T Tree kill: Terminate the specified process and any sub-processes that are started from this process. /? Show Help/usage.

Example

TASKKILL /S system /F /IM notepad.exe /T TASKKILL /PID 1230 /PID 1241 /PID 1253 /T TASKKILL /F /IM QQ.exe

3. ProcessHacker Tool

ProcessHacker is a tool developed by foreign security researchers to end processes. It can be used to end some common anti-virus software processes. The usage is as follows:

c:\> ProcessHacker.exe -c -ctype process -cobject $PID-Number -caction terminate

The process is also paused, as follows:

c:\> ProcessHacker.exe -c -ctype process -cobject $PID-Number –caction suspend