文章来源:HACK之道
systeminfo
Windows 辅助提权
http://payloads.net/Windows_patch/
辅助提权https://i.hacking8.com/tiquan/
http://blog.neargle.com/win-powerup-exp-index/#
exp https://github.com/SecWiki/windows-kernel-exploits
netstat -ano
tasklist
net localhroup administrators
wmic qfe
wmic os
echo %processor_architecture%
set process
Product get 支持的参数
AssignmentType Caption Description HelpLink HelpTelephone
IdentifyingNumber InstallDate InstallDate2 InstallLocation
InstallSource InstallState Language LocalPackage Name
PackageCache PackageCode PackageName ProductID RegCompany
RegOwner SKUNumber Transforms URLInfoAbout URLUpdateInfo
Vendor Version WordCount
tasklist /svc
将命令执行结果放入在线识别 http://ddoslinux.com/windows/index.php
地址 http://payloads.net/kill_software/
获取杀毒软件
WMIC /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
WMIC /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName,productState,pathToSignedProductExe
当用户登录到计算机系统时自动运行的命令
wmic startup get command, caption
包含开机时间
net statistics workstation
netsh wlan show profile
netsh wlan show profile name="313" key=clear
icmp ping命令
dns lookup
http curl 或者telent
route print
arp -a
type c:\Windows\system32\drivers\etc\hosts
信息收集脚本
https://raw.githubusercontent.com/braeden/Batch-Infogather/master/Infogather.bat
quser
net config workstation
net use
net time /domain:域名
net use \\ip "密码" /user:"用户"
net time \\ip /set
net group "domain controllers" /domain
net group "domain controllers" /domain
net user /domain
net config workstation
net accounts /domain
net view /domain:域名
cmdkey /l 远程桌面连接历史
wmic environment get name,VariableValue 获取环境变量
作者:BY,文章来源:http://diego.team/