systeminfo | findstr /B /C:"OS Name" /C:"OS Version" \\find out what OS we are

connected to
hostname \\hostname of the box and
echo %username% \\what user we are connected as
whoami \\what user we are connected as
echo %path% \\
net users \\ list the other user accounts on the box
net user user1 \\view user1's information in a bit more detail
wmic useraccount get name,sid \\arata SID
ipconfig /all \\available network interfaces
route print \\route print
arp -A \\ARP (Address Resolution Protocol) cache table
netstat -ano \\active network connections
netsh firewall show state \\firewall state
netsh firewall show config \\firewall rules
PSEXEC -i -s -d CMD \\CMD as System
schtasks /query /fo LIST /v \\verbose output for all scheduled tasks
tasklist /SVC \\tasklist /SVC
net start \\Windows services started
DRIVERQUERY \\drivers
wmic qfe get Caption,Description,HotFixID,InstalledOn \\update-uri/patch
instalate
wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB979682"
/C:"KB2592799" \\cautare patch-uri lipsa!!
dir /s *pass* == *cred* == *vnc* == *.config* \\ search the file system for file
names containing keywords
findstr /si password *.xml *.ini *.txt \\
rundll32.exe keymgr.dll,KRShowKeyMgr
C:\ >netsh>winhttp netsh winhttp>import proxy source=ie
rundll32.exe user32.dll,LockWorkStation- blocare /lock workstation
wmic nicconfig where index=8 call SetTcpipNetbios 2 \\disable netbiosovertcp
sysdm.cpl
alt+f4 - shut down
shift+rightclick - copy as path !!!
control shift+rightclick taskbar -> exit explorer
task manager - file _ CONTROL+RIGHTCLICK -> CMD ADMIN RIGHTS
STEPS RECORDER - CREARE AUTOMATA PASI
SNIPPING TOOL
whoami /all - afiseaza privilegiile mele
psexec -sid cmd.exe - (system rights interactive dont wait)
taskschd.exe with system rights - see update for group policy
procesexp (sysinternals) shows threads!!! vs task man shows processes
iCacls /SetIntergrityLevel medium - to control uncontrollable files INTEGRITY LEVELS
BEATS NTFS AND SHARE PERMISSIONS
administrator is not root!!!

accesschk.exe /accepteula -uwdqs Users c:\

accesschk.exe -uwdqs "Authenticated Users" c:\
accesschk.exe -uwqs Users c:\*.*
accesschk.exe -uwqs "Authenticated Users" c:\*.*
icacls "d:\profiles" /grant "domain admins":(OI)(CI)F /inheritance:r
icacls "d:\users" /grant "domain admins":(OI)(CI)F /inheritance:r

(OI) This folder and files

(CI) This folder and subfolders.
(OI)(CI) This folder, subfolders, and files.
(OI)(CI)(IO) Subfolders and files only.
(CI)(IO) Subfolders only.
(OI)(IO) Files only.
- (OI)(CI):F means Full Control This Folder, Subfolders and files
- (OI)(CI):M means Modify This Folder, Subfolders and files
- /inheritance:r means remove all inherited ACLs from parent
perm is a permission mask and can be specified in one of two forms:
a sequence of simple rights:
N - no access
 F - full access
M - modify access
RX - read and execute access
R - read-only access
W - write-only access
D - delete access

wmicinfo.bat\\script
for /f "delims=" %%A in ('dir /s /b %WINDIR%\system32\*htable.xsl') do set "var=%%A"

wmic process get CSName,Description,ExecutablePath,ProcessId /format:"%var%" >>

out.html
wmic service get Caption,Name,PathName,ServiceType,Started,StartMode,StartName
/format:"%var%" >> out.html
wmic USERACCOUNT list full /format:"%var%" >> out.html
wmic group list full /format:"%var%" >> out.html
wmic nicconfig where IPEnabled='true' get
Caption,DefaultIPGateway,Description,DHCPEnabled,DHCPServer,IPAddress,IPSubnet,MACAd
dress /format:"%var%" >> out.html
wmic volume get Label,DeviceID,DriveLetter,FileSystem,Capacity,FreeSpace
/format:"%var%" >> out.html
wmic netuse list full /format:"%var%" >> out.html
wmic qfe get Caption,Description,HotFixID,InstalledOn /format:"%var%" >> out.html
wmic startup get Caption,Command,Location,User /format:"%var%" >> out.html
wmic PRODUCT get Description,InstallDate,InstallLocation,PackageCache,Vendor,Version
/format:"%var%" >> out.html
wmic os get
name,version,InstallDate,LastBootUpTime,LocalDateTime,Manufacturer,RegisteredUser,Se
rvicePackMajorVersion,SystemDirectory /format:"%var%" >> out.html
wmic Timezone get DaylightName,Description,StandardName /format:"%var%" >> out.html

If there is an environment where many machines need to be installed, typically, a

technician will not go around from machine to machine. There are a couple of
solutions to install machines automatically. What these methods are and how they
work is less important for our purposes but the main thing is that they leave behind
configuration files which are used for the installation process. These configuration
files contain a lot of sensitive sensitive information such as the operating system
product key and Administrator password. What we are most interested in is the Admin
password as we can use that to elevate our privileges.

Typically these are the directories that contain the configuration files (however it
is a good idea to check the entire OS):
c:\sysprep.inf
c:\sysprep\sysprep.xml
%WINDIR%\Panther\Unattend\Unattended.xml
%WINDIR%\Panther\Unattended.xml

SIDs may be in either numerical or friendly name form. If you use a numerical
form, affix the wildcard character * to the beginning of the SID.
icacls preserves the canonical order of ACE entries as:
Explicit denials
Explicit grants
Inherited denials
Inherited grants
Perm is a permission mask that can be specified in one of the following forms:
A sequence of simple rights:
F (full access)
M (modify access)
RX (read and execute access)
R (read-only access)
W (write-only access)
A comma-separated list in parenthesis of specific rights:
D (delete)
 RC (read control)
WDAC (write DAC)
WO (write owner)
S (synchronize)
AS (access system security)
MA (maximum allowed)
GR (generic read)
GW (generic write)
GE (generic execute)
GA (generic all)
RD (read data/list directory)
WD (write data/add file)
AD (append data/add subdirectory)
REA (read extended attributes)
WEA (write extended attributes)
X (execute/traverse)
DC (delete child)
RA (read attributes)
WA (write attributes)
Inheritance rights may precede either Perm form, and they are applied only to
directories:
(OI): object inherit
(CI): container inherit
(IO): inherit only
(NP): do not propagate inherit

(I) "Inherited": This ACE was inherited from the parent container.
(OI) "Object inherit": This ACE will be inherited by objects placed in this
container.
(CI) "Container inherit": This ACE will be inherited by subcontainers placed in
this container.
(IO) "Inherit only": This ACE will be inherited (see OI and CI), but does not
apply to this object itself.
(NP) "Do not propagate": This ACE will be inherited by objects and subcontainers
one level deep it will not apply to things inside subcontainers.