forked from dipsec/Cheatsheets-1
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Cheatsheet_BuildReviews.txt
123 lines (100 loc) · 2.27 KB
/
Cheatsheet_BuildReviews.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Windows Hosts:
[+] Server Roles
[+] Server Manager
[+] System Properties
[+] Default Domain Policy
[+] Global Domain Policy
[+] Net accounts/Users/groups/Administrators
[+] IPConfig/Routing
[+] Installed Programs
[+] Installed System Updates
[+] AV Version/Definition Dates
[+] Check Computer folders
[+] Firewall Configuration
[+] Audit Policy
[+] Password/Lockout Policy
[+] Security Policy
[+] User Rights Policy
[+] Lanman Parameters (HKLM - System - Current Control - Services - LanmanServer - Parameters)
[+] LSA (HKLM - System - Current Control - Control - LSA)
[+] MSV (HKLM - System - Current Control - Control - LSA - MSV1_0)
BIOS password
boot to usb
file system
- encrypted?
- grab /Windows/System32/config/SAM SECURITY SYSTEM
- put C:\Program.exe (eg calc)
Control Panel
- Windows Firewall
- enabled
- editable
- logs
- System Info
- Windows Update
Anti-Virus
- config
- logs
- version
- dates
- EICAR
cmd.exe
script.cmd
- ipconfig /all
- netstat
- net accounts
- net accounts /domain (review password policy)
- net user hacker Password@1 /add
- regedit
- ping
- sched
- tracert
- net use \\IP address_or_host name\ipc$ "" /user:"" # null session
- net use
- net view
- net start
- tasklist
mount usb
usb autostart
copy over files
- nc
- enum
- nmap
- DIRE
- EICAR
# SAM files in backtrack
/Windows/System32/config/SAM SECURITY SYSTEM
# mounting on desktop review
# mount <target> <mydir>
# sda1 = client hdd, sdb2 = my usb part 2
mkdir /mnt/client-hdd
mount /dev/sda1 /mnt/client-hdd
mkdir /mnt/win-usb
mount /dev/sdb2 /mnt/win-usb
hosts file C:\Windows\System32\drivers\etc\hosts.txt
http://pcsupport.about.com/od/tipstricks/tp/control-panel-applets-list.04.htm
control netconnections
control netsetup.cpi
control /name Microsoft.NetworkAndSharingCenter
remote scan (nessus, nmap)
SYSVOL GPO preference item, check for obscured passwords in xml
http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx
Unix Based Hosts:
hostname
whoami
uname -a
cat /etc/lsb-release
dmesg | grep Linux
cat /etc/passwd
cat /etc/sudoers
netstat -antup
ps -aux
ps aux | grep root
crontab -l
/sbin/ifconfig -a
iptables -L
arp -e
cat ~/.bash_history
cat ~/.ssh/authorized_keys
mount
- Check installed applications
- Check installed compilers/interpreters