blog icon indicating copy to clipboard operation
blog copied to clipboard

Published 20 hours ago verified publisher icon mylamour

CMD And PowerShell

Open mylamour opened this issue 7 years ago • 2 comments

最近写了一些Powershell脚本,然后列出一些CMDPowerShell作为比较。使用PowerShell进行渗透的话,github上有许多不错的资源。

Windows Cmd

  • REG
reg save HKLM\Security security.hive  (Save security hive to a file) 
reg save HKLM\System system.hive (Save system hive to a file) 
reg save HKLM\SAM sam.hive (Save sam to a file)= 
reg add [\\TargetIPaddr\] [RegDomain][ \Key ]  
reg export [RegDomain]\[Key] [FileName]  
reg import [FileName ] 
reg query [\\TargetIPaaddr\] [RegDomain]\[ Key ] /v [Valuename!] (you can to add /s for recurse all values )
  • NET
net view /domain
net view /domain:otherdomain 
net user %USERNAME% /domain 
net accounts
  • NETSH
netsh wlan show profile
  • NETSTAT
netstat -antp | findstr :445
  • NBTSTAT
  • WMIC
wmic bios 
wmic qfe qfe get hotfixid 
  (This gets patches IDs) 
wmic startupwmic service 
wmic process get caption,executablepath,commandline 
wmic process call create “process_name” (executes a program) 
wmic process where name=”process_name” call terminate (terminates program) 
wmic logicaldisk where drivetype=3 get name, freespace, systemname, filesystem, size, 
volumeserialnumber (hard drive information) 
wmic useraccount (usernames, sid, and various security related goodies) 
wmic useraccount get /ALL 
wmic share get /ALL (you can use ? for gets help ! ) 
wmic startup list full (this can be a huge list!!!) 
wmic /node:"hostname" bios get serialnumber (this can be great for finding warranty info about target)
  • FSUTIL

fsutil fsinfo drives

  • QPROCESS
  • WEVTUTIL
  • WUSA
  • QUERY
  • TASKLIST
  • AT (SCHTASKS)
  • RUNDLL32
  • MSTSC

Windows环境变量

  • %HOMEDRIVE%
  • %HOMEPATH%
    %HOMESHARE%
  • %USERPROFILE%
  • %SYSTEMDRIVE%
  • %SystemRoot%
  • %SESSIONNAME%
  • %WINDIR%
  • %USERNAME%

[File]

  • %SYSTEMDRIVE%\boot.ini
  • %WINDIR%\win.ini
  • %SYSTEMROOT%\repair\SAM
  • %SYSTEMROOT%\System32\config\RegBack\SAM
  • %SYSTEMROOT%\repair\system
  • %SYSTEMROOT%\System32\config\RegBack\system
  • %SYSTEMDRIVE%\autoexec.bat
type yourfilepath 
tree C:\ /f /a > C:\output_of_tree.txt
dir /b /s [Directory or Filename] 
dir \ /s /b | find /I “searchstring”

mylamour avatar Nov 05 '17 13:11 mylamour

cmd命令补充:

  1. set命令枚举所有已经环境变量
  2. telnet测试端口是否开放

sspring avatar Dec 21 '17 06:12 sspring

mylamour avatar Apr 01 '18 07:04 mylamour