Intranet information collection (1) Working group information collection

Others 2021-01-27 23:19:07 views: null

Because I am currently studying "Intranet Security Attack and Defense Penetration Testing Practical Guide", I will record some notes here, and thank you for your wonderful explanation.
Workgroup information collection
Note: Users with low permissions under XP cannot use the wmic command. Wmic is very suitable for intranet lateral penetration
. 1. Query network configuration
ipconfig /all
2. Query user list
net user View local user list
net localgroup administrators Machine administrator (usually including domain users)
query user || qwinsta View current online users
3. Query process list
tasklist /v
wmic process list brief
4. Collect local machine information
Obtain operating system and version information
systeminfo | findstr /B /C: "OS Name" /C: "OS Version"
systeminfo | findstr /B /C: "OS name" /C: "OS version"
View the installed software and version, path, etc.
wmic product get name, version powershell "Get-WmiObject- class Win32_Product | Select-Object -Property name,version"
5. Query port list
netstat -ano Update port is 8530 DNS server 53 port
6. Query patch list
systeminfo can also determine whether there is a domain
wmic qfe get description, installedon through this command
7. Query the local share
net share
net share \hostname
wmic share get name, path, status The sharing of domain classes is often the same
8. Query firewall configuration
netsh firewall show config to
turn off the firewall
A. Windows Server 2003 and previous versions
netsh firewall set opmode disable
B. Windows Server 2003 and later versions
netsh advfirewall set allprofiles state off
Customize the firewall log storage location
netsh advfirewall set currentprofile logging filename "C:\windows \temp\fw.log"
A. Windows Server 2003 and previous versions, allowing all specified programs to connect to
netsh firewall add allowedprogram c:\nc.exe "allow nc" enable
B. Windows Server 2003 and later versions
allow specified programs to be connected
netsh advfirewall firewall add rule name="pass nc" dir=in action=allow program="C:\nc.exe"
allows the specified program to connect out
netsh advfirewall firewall add rule name="Allow nc" dir=out action=allow program = "C: \nc.exe"
C. Allow port 3389 to allow
netsh advfirewall firewall add rule name="Remote Desktop" protocol=TCP dir=in localport=3389 action=allow
9. Query and enable remote connection service
Query remote connection port
Reg query "hkey_local_machine\system\currentcontrolset\control\terminal server\winstations\RDP-Tcp" /v portnumber
10. Query the host in the domain
net view /domain:hacker
11. Query the current authority
whoami /all Get the domain SID
net user XXX /domain Query the detailed information of a specified account

Guess you like

Origin blog.csdn.net/bring_coco/article/details/109456042
Recommended
Ranking
Swapping case of a single alphabetical word
From PoS evolution SPoS: no energy consensus mechanism
Android developers in Eleven: RGB and Raw RGB What is the difference? camera shutter shutter
How to apply high-tech enterprises preferential tax policies
The first Hello World!
Local debugging applet embedded web-view
Summary of the leadership class on Monday morning [Chapter 2]
LeetCode:. 2 reports two numbers together and problem-solving algorithm optimization ideas
Two ways for VirtualBox to let the host connect to the VPN through the virtual machine
The newly released Meituan three-sided R&D post, see how I can successfully get an offer
Daily
More
2024-05-26(0)
2024-05-25(3)
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)

Code World

© 2018 codetd.com