Windows系统安全获取重要信息的方法(一)

Windows系统安全获取重要信息的方法(一)

1. 系统信息(System information)

C:\\>echo %DATE% %TIME%
C:\\>hostname
C:\\>systeminfo
C:\\>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
C:\\>wmic csproduct get name
C:\\>wmic bios get serialnumber
C:\\>wmic computersystem list brief
C:\\>wmic product get name, version
C:\\>echo %PATH%
C:\\>psinfo -accepteula -s -h -d

关于psinfo的介绍,可以参考微软官方文档:
https://docs.microsoft.com/en-us/sysinternals/downloads/psinfo.

2. 用户信息(User information)

C:\\>whoami
C:\\>net users
C:\\>net localgroup administrators
C:\\>net group administrators
C:\\>wmic rdtoggle list
C:\\>wmic useraccount list
C:\\>wmic group list
C:\\>wmic netlogin get name, lastlogon, badpasswordcount
C:\\>wmic netclient list brief
C:\\>doskey /history > history.txt
C:\\>netstat -e
C:\\>netstat -anob
C:\\>netstat -nr
C:\\>netstat -vb
C:\\>netstat -S
C:\\>route print
C:\\>arp -a
C:\\>ipconfig /displaydns
C:\\>netsh winhttp show proxy
C:\\>ipconfig /allcompartments /all
C:\\>netsh wlan show interfaces
C:\\>netsh wlan show all
C:\\>reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Connections\WinHttpSettings"
C:\\>type %SYSTEMROOT%\system32\drivers\etc\hosts
C:\\>wmic nicconfig get descriptions, IPaddress, MACaddress
C:\\>wmic netuse get name, username, connectiontype, localname

3. 服务信息(Service information)

C:\\>at
C:\\>tasklist
C:\\>tasklist /svc
C:\\>tasklist /svc /fi "imagename eq svchost.exe"
C:\\>tasklist /svc /fi "pid eq < PID>"
C:\\>schtasks 
C:\\>net start
C:\\>sc query
C:\\>wmic service list brief | findstr "Running"
C:\\>wmic service list config
C:\\>wmic process list brief
C:\\>wmic process list status
C:\\>wmic process list memory
C:\\>wmic job list brief
C:\\>Get-Service | Where-Object { $_.Status -eq "running" }

列出所有进程和所有已加载模块:

C:\\>Get-Service |select modules|Foreach-Object{$_.modules}
上一篇:信息收集 -- 内网***(wmic)


下一篇:mac 下 用 glfw3 搭建opengl开发环境