1.1. 信息收集 - Windows

1.1.1. 基本命令

  • 查询所有计算机名称 <span class="pre">dsquery</span><span> </span><span class="pre">computer</span>
  • 查看配置 <span class="pre">systeminfo</span>
  • 查看版本 <span class="pre">ver</span>
  • 进程信息 <span class="pre">tasklist</span><span> </span><span class="pre">/svc</span>
  • 查看所有环境变量 <span class="pre">set</span>
  • 查看计划任务 <span class="pre">schtasks</span><span> </span><span class="pre">/QUERY</span><span> </span><span class="pre">/fo</span><span> </span><span class="pre">LIST</span><span> </span><span class="pre">/v</span>
  • 查看安装驱动 <span class="pre">DRIVERQUERY</span>

1.1.2. 域信息

  • 获取当前组的计算机名 <span class="pre">net</span><span> </span><span class="pre">view</span>
  • 查看所有域 <span class="pre">net</span><span> </span><span class="pre">view</span><span> </span><span class="pre">/domain</span>
  • 查看域中的用户名 <span class="pre">dsquery</span><span> </span><span class="pre">user</span>
  • 查询域组名称 <span class="pre">net</span><span> </span><span class="pre">group</span><span> </span><span class="pre">/domain</span>
  • 查询域管理员 <span class="pre">net</span><span> </span><span class="pre">group</span><span> </span><span class="pre">"Domain</span><span> </span><span class="pre">Admins"</span><span> </span><span class="pre">/domain</span>
  • 查看域控制器 <span class="pre">net</span><span> </span><span class="pre">group</span><span> </span><span class="pre">"Domain</span><span> </span><span class="pre">controllers"</span>

1.1.3. 用户信息

  • 查看用户 <span class="pre">net</span><span> </span><span class="pre">user</span>
  • 查看在线用户 <span class="pre">qwinsta</span> / <span class="pre">query</span><span> </span><span class="pre">user</span>
  • 查看当前计算机名,全名,用户名,系统版本,工作 站域,登陆域 <span class="pre">net</span><span> </span><span class="pre">config</span><span> </span><span class="pre">Workstation</span>

1.1.4. 网络信息

  • 域控信息 <span class="pre">nltest</span><span> </span><span class="pre">/dclist:xx</span>
  • 内网网段信息
  • 网卡信息 <span class="pre">ipconfig</span>
  • 外网出口
  • ARP表 <span class="pre">arp</span><span> </span><span class="pre">-a</span>
  • 路由表 <span class="pre">route</span><span> </span><span class="pre">print</span>
  • 监听的端口 <span class="pre">netstat</span><span> </span><span class="pre">-ano</span>
  • 连接的端口

  • 防火墙状态及规则* <span class="pre">netsh</span><span> </span><span class="pre">firewall</span><span> </span><span class="pre">show</span><span> </span><span class="pre">config</span>

    • <span class="pre">netsh</span><span> </span><span class="pre">firewall</span><span> </span><span class="pre">show</span><span> </span><span class="pre">state</span>
  • hosts文件

1.1.5. 密码信息

  • Windows RDP连接记录
  • 浏览器中保存的账号密码
  • 系统密码管理器中的各种密码

  • 无人值守安装文件中的密码信息* <span class="pre">C:\sysprep.inf</span>

    • <span class="pre">C:\sysprep\sysprep.xml</span>
    • <span class="pre">C:\Windows\Panther\Unattend\Unattended.xml</span>
    • <span class="pre">C:\Windows\Panther\Unattended.xml</span>

1.1.6. 其他

  • 查看补丁安装情况* <span class="pre">wmic</span><span> </span><span class="pre">qfe</span><span> </span><span class="pre">get</span><span> </span><span class="pre">Caption,Description,HotFixID,InstalledOn</span>
  • 注册表信息
  • 安装的监控软件
  • 安装的杀毒软件
最后修改:2021 年 06 月 23 日 11 : 43 PM
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏