命令行下的信息搜集

使用wmic识别安装到系统中的补丁情况

[sourcecode language="plain"]C:\> wmic qfe get description,installedOn[/sourcecode]

识别正在运行的服务

[sourcecode language="plain"] C:\>sc query type= service C:\>net start [/sourcecode]

识别开机启动的程序，包括路径

[sourcecode language="plain"]C:\>wmic startup list full[/sourcecode]

ping探测存活主机

[sourcecode language="plain"]D:\>for /L %I in (100,1,254) DO @ping -w 1 -n 1 10.18.180.%I | findstr "TTL=" >> pinglive.txt[/sourcecode]

查看系统中网卡的IP地址和MAC地址

[sourcecode language="plain"]D:\>wmic nicconfig get ipaddress,macaddress[/sourcecode]

查看当前系统是否有屏保保护，延迟是多少

[sourcecode language="plain"]D:\>wmic desktop get screensaversecure,screensavertimeout[/sourcecode]

查看系统中开放的共享

[sourcecode language="plain"] D:\>wmic share get name,path D:\>net share [/sourcecode]

查看系统中开启的日志

[sourcecode language="plain"]C:\>wmic nteventlog get path,filename,writeable[/sourcecode]

清除相关的日志（这里是全部清除）

[sourcecode language="plain"] wevtutil cl "windows powershell" wevtutil cl "security" wevtutil cl "system" [/sourcecode]

查看系统中安装的软件以及版本

[sourcecode language="plain"]C:\>wmic product get name,version[/sourcecode]

查看某个进程的详细信息 （路径，命令行参数等）

[sourcecode language="plain"]C:\>wmic process where name="chrome.exe" list full[/sourcecode]

终止一个进程

[sourcecode language="plain"] D:\>wmic process where name="xshell.exe" call terminate D:\>ntsd -c q -p 进程的PID [/sourcecode]

显示系统中的曾经连接过的无线密码

[sourcecode language="plain"] D:\>netsh wlan show profiles D:\>netsh wlan show profiles name="profiles的名字" key=clear [/sourcecode]

查看当前系统是否是VMWARE

[sourcecode language="plain"]C:\>wmic bios list full | find /i "vmware"[/sourcecode]