Information Gathering

Windows Information Gathering: network interfaces, routing table, arp cache table

Available network interfaces:

C:\Users\admin>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : enculet
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : some.lan

Ethernet adapter Connessione di rete Bluetooth:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dispositivo Bluetooth (Personal Area Network)
Physical Address. . . . . . . . . : 5C-F3-70-74-B9-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet0:

Connection-specific DNS Suffix . : some.lan
Description . . . . . . . . . . . : Connessione di rete Gigabit Intel(R) 82574L
Physical Address. . . . . . . . . : 00-0C-29-78-72-9E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::78a9:478d:f75b:9355%3(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.178(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 26 May 2017 11:09:26
Lease Expires . . . . . . . . . . : 29 May 2017 14:57:50
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.52
DHCPv6 IAID . . . . . . . . . . . : 50334761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-B5-A7-DF-00-0C-29-78-72-9E
DNS Servers . . . . . . . . . . . : 192.168.0.52
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.some.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : some.lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Routing table

Read More

Windows Information Gathering: OS, hostname, user list, current user info

Get OS we’re connected to:

C:\Windows\system32> systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows 7 Professional
OS Version: 6.1.7601 Service Pack 1 Build 7601

 

Get Hostname

C:\Windows\system32> hostname
hostname_xyz

 

Get current username

C:\Windows\system32> echo %username%
username_xyz

Read More

Searching for passwords on windows filesystem and register

# The command below will search the file system for file names containing certain keywords. You can specify as many keywords as you wish.

C:\Windows\system32> dir /s *pass* == *cred* == *vnc* == *.config*

# Search certain file types for a keyword, this can generate a lot of output.

C:\Windows\system32> findstr /si password *.xml *.ini *.txt

# Similarly the two commands below can be used to grep the registry for keywords, in this case “password”.

C:\Windows\system32> reg query HKLM /f password /t REG_SZ /s
C:\Windows\system32> reg query HKCU /f password /t REG_SZ /s

Read More