Scribd
Upload
102 views7 pages

Windows Forensics Commands - Networks Professionals

Uploaded by

larteylarkai24
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
102 views7 pages

Windows Forensics Commands - Networks Professionals

Uploaded by

larteylarkai24
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Windows Forensics

Commands
Window Forensic Post Exploit Command

Network Discovery:
net view /all net

view

net view \\HOSTNAME

net share net session

wmic volume list brief

wmic share get wmic

logicladisk get

Scan:
nbtstat -A indirizzoip for /L %I in (1,1,254) do ping -w 30 -n 1 192.168.1.%I | find

"Reply" >> nomefile.txt

nbtstat -c for /L %I in (1,1,254) do nbtstat -An

192.168.1.%I vedere le connessioni wifi salvate:

netsh wlan show profile vedere

le pssword salvate:

netsh wlan show profile nomedelprofilo key=clear

Network:
netstat -e netstat

-nr netstat -

naob netstst -S

netstat -vb route

www.networksprofessional.com
print arp -a

ipconfig /all

netsh wlan

show interfaces

netsh wlan show all

Start/Stop Firewall:
netsh advfirewall show rule name=all netsh

advfirewall set allprofile state off netsh

advfirewall set allprofile state on netsh

advfirewall set publicprofile state on netsh

advfirewall set privateprofile state on netsh

advfirewall set domainprofile state on

netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow
protocol=TCP localport=80

netsh advfirewall firewall add rule name="My Application" dir=in action=allow


program="C:\MyApp\MyApp.exe" enable=yes

Utenti:
creo l'utente:

net user /add nomeutente password lo

aggiungo al gruppo amministratori:

net localgroup administrators nomeutente /add

visualizzo i dettagli dell'utente:

net user nomeutente

cambio password:

www.networksprofessional.com
net user nomeutente nuvapassword

Vari:
net users net localgroup administrators net group

administrators wmic rdtoggle list wmic useraccount

list wmic group list wmic netlogin get

name,lastlogin,badpasswordcount

wmic netclient list brief wmic

nicconfig get

wmic netuse get

Service:
at tasklist

tasklist /svc

schtask

net start

sc query wmic service list brief | findstr

"Running" wmic service list brief | findstr

"Stopped" wmic service list config wmic

service list brief

wmic service list status

wmic service list memory

www.networksprofessional.com
wmic job list brief start/stop

service:

sc config "nome servizio" start= disable sc stop "nome servizio" wmic

service where name='nome servizio' call ChangeStartMode Disabled

autorun an autoload: wmic startup list full

wmic ntdomain list brief

Read Registry Entries:


reg query "HKCU\Control Panel\Desktop" enable/disable

rdesktop:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal


Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal


Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f

enable remote assistance:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal


Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /f

Main List shadows files:


vssadmin List ShadowStorage vssadmin

List Shadow

net start VSS

www.networksprofessional.com
polycy,

patch: set

gpresult /r

systeminfo

wmic qfe

Reboot:
shutdown.exe /r

Check Settings of Security Log:


wevtutil gl Security

Check Settings of Audit Policies:


auditpool /get /category:*

System Info: echo %DATE%

%TIME%

hostname systeminfo wmic

csproduct get name wmic

bios get serialnumber

wmic computersystem list brief

www.networksprofessional.com
Follow Us

Networks Professionals
www.networksprofessional.com
Adi Tri Mukti
[email protected]
+6283120384126

www.networksprofessional.com

You might also like