-
Notifications
You must be signed in to change notification settings - Fork 184
/
Copy pathwindows_recon.bat
24 lines (23 loc) · 1 KB
/
windows_recon.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
echo --------- net config Workstation --------- > report.txt
net config Workstation >> report.txt
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" >> report.txt
hostname >> report.txt
net users >> report.txt
ipconfig /all >> report.txt
route print >> report.txt
arp -A >> report.txt
netstat -ano >> report.txt
netsh firewall show state >> report.txt
netsh firewall show config >> report.txt
schtasks /query /fo LIST /v >> report.txt
tasklist /SVC >> report.txt
net start >> report.txt
DRIVERQUERY >> report.txt
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated >> report.txt
reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated >> report.txt
dir /s *pass* == *cred* == *vnc* == *.config* >> report.txt
findstr /si password *.xml *.ini *.txt >> report.txt
reg query HKLM /f password /t REG_SZ /s >> report.txt
reg query HKCU /f password /t REG_SZ /s >> report.txt
sc qc Spooler >> report.txt
accesschk.exe -ucqv Spooler >> report.txt