forked from jivoi/pentest
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathall_info.bat
executable file
·56 lines (56 loc) · 2.41 KB
/
all_info.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
echo ::SYSTEM REPORT::
echo ::SYSTEMINFO:: > all_info.txt
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" >> all_info.txt
echo ::HOSTNAME:: >> all_info.txt
hostname >> all_info.txt
echo ::USERNAME:: >> all_info.txt
echo %username% >> all_info.txt
echo ::ALL USERS:: >> all_info.txt
net users >> all_info.txt
echo ::IPCONFIG:: >> all_info.txt
ipconfig /all >> all_info.txt
echo ::ROUTE:: >> all_info.txt
route print >> all_info.txt
echo ::ARP:: >> all_info.txt
arp -A >> all_info.txt
echo ::NETSTAT:: >> all_info.txt
netstat -ano >> all_info.txt
echo ::FWSTATE:: >> all_info.txt
netsh firewall show state >> all_info.txt
netsh firewall show config >> all_info.txt
echo ::SCHEDULED TASKS:: >> all_info.txt
schtasks /query /fo LIST /v >> all_info.txt
echo ::RUNNING PROC:: >> all_info.txt
tasklist /SVC >> all_info.txt
echo ::STARTED SVC:: >> all_info.txt
net start >> all_info.txt
echo ::WMI SVC:: >> all_info.txt
wmic service get name,displayname,pathname,startmode |findstr /i "Auto" |findstr /i /v "C:\Windows\\" |findstr /i /v """ >> all_info.txt
echo ::DRIVERS:: >> all_info.txt
DRIVERQUERY >> all_info.txt
echo ::PATCHES:: >> all_info.txt
wmic qfe get Caption,Description,HotFixID,InstalledOn >> all_info.txt
echo ::CONFIG FILES:: >> all_info.txt
copy c:\sysprep.inf all_info_sysprep.inf
copy c:\sysprep\sysprep.xml all_info_sysprep.xml
copy %WINDIR%\Panther\Unattend\Unattended.xml all_info_Unattended.xml
copy %WINDIR%\Panther\Unattended.xml all_info_Unattended2.xml
echo ::ALWAYS ELEVATED HKLM:: >> all_info.txt
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated >> all_info.txt
echo ::ALWAYS ELEVATED HKCU:: >> all_info.txt
reg query reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated >> all_info.txt
echo ::FILES WITH PW:: >> all_info.txt
dir /s *pass* == *cred* == *vnc* == *.config* >> all_info.txt
findstr /si password *.xml *.ini *.txt >> all_info.txt
echo ::REG WITH PW:: >> all_info.txt
reg query HKLM /f password /t REG_SZ /s >> all_info.txt
reg query HKCU /f password /t REG_SZ /s >> all_info.txt
echo ::CHECK SPOOL SVC:: >> all_info.txt
sc qc Spooler >> all_info.txt
echo ::ACCESS CHK:: >> all_info.txt
accesschk.exe /accepteula -ucqv Spooler >> all_info.txt
accesschk.exe /accepteula -uwcqv "Authenticated Users" * >> all_info.txt
echo ::CHECK UPNP SVC:: >> all_info.txt
sc qc upnphost >> all_info.txt
echo ::PATHS DURING BOOT:: >> all_info.txt
echo %path% >> all_info.txt