whoami
ipconfig /all
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
systeminfo | findstr /B /C:"OS 名称" /C:"OS 版本"
echo %PROCESSOR_ARCHITECTURE%
set
wmic product get name,version
利用 PowerShell 收集软件版本信息
powershell "Get-WmiObject -class Win32_Product |Select-Object -Property name,version"
wmic service list brief
tasklist /v
wmic process list brief
wmic startup get command,caption
schtasks /query /fo LIST /v
net statistics workstation
net user
net user teamssix
net localgroup administrators
query user || qwinsta
net session
netstat –ano
systeminfo
wmic qfe get Caption,Description,HotFixID,InstalledOn
net share
wmic share get name,path,status
route print
arp –a
netsh firewall set opmode disable (Windows Server 2003 系统及之前版本)
netsh advfirewall set allprofiles state off (Windows Server 2003 系统及之后版本)
netsh firewall show config
(Windows Server 2003 系统及之前版本)
允许指定程序全部连接
netsh firewall add allowedprogram c:\nc.exe "allow nc" enable
(Windows Server 2003 之后系统版本)
允许指定程序连入
netsh advfirewall firewall add rule name="pass nc" dir=in action=allow program="C: \nc.exe"
允许指定程序连出
netsh advfirewall firewall add rule name="Allow nc" dir=out action=allow program="C: \nc.exe"
允许 3389 端口放行
netsh advfirewall firewall add rule name="Remote Desktop" protocol=TCP dir=in localport=3389 action=allow
netsh advfirewall set currentprofile logging filename "C:\windows\temp\fw.log
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
REG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /V PortNumber
wmic path win32_terminalservicesetting where (__CLASS !="") call setallowtsconnections 1
wmic /namespace:\\root\cimv2\terminalservices path win32_terminalservicesetting where (__CLASS !="") call setallowtsconnections 1
wmic /namespace:\\root\cimv2\terminalservices path win32_tsgeneralsetting where (TerminalName='RDP-Tcp') call setuserauthenticationrequired 1
reg add "HKLM\SYSTEM\CURRENT\CONTROLSET\CONTROL\TERMINAL SERVER" /v fSingleSessionPerUser /t REG_DWORD /d 0 /f
wmic 脚本下载地址:https://www.fuzzysecurity.com/scripts/files/wmic_info.rar
直接将脚本在目标主机上运行,运行结束后会生成一个 output.html 文件
PowerShsell Empire中文简称 “帝国” ,是一款针对 Windows 系统平台而打造的渗透工具,以下是 Empire 和万能的 MSF 的一些区别。
当使用 Empire 使主机上线后,可调用powershell/situational_awareness/host/winenum
模块查看本机用户信息、系统基本信息、剪贴板等等信息。
调用powershell/situational_awareness/host/computerdetails
模块可查看更丰富的信息,比如RDP登录信息、主机时间日志等等,在运行这个模块时需要管理员权限。
原文链接:https://www.teamssix.com/year/210211-160909.html 参考链接: https://www.freebuf.com/sectool/158393.html https://www.freebuf.com/articles/system/114731.html https://blog.csdn.net/bring_coco/article/details/113550173
往期推荐