CMD And PowerShell

[mylamour]

最近写了一些Powershell脚本，然后列出一些CMD和PowerShell作为比较。使用PowerShell进行渗透的话，github上有许多不错的资源。

Windows Cmd

• REG

  reg save HKLM\Security security.hive  (Save security hive to a file) 
  reg save HKLM\System system.hive (Save system hive to a file) 
  reg save HKLM\SAM sam.hive (Save sam to a file)= 
  reg add [\\TargetIPaddr\] [RegDomain][ \Key ]  
  reg export [RegDomain]\[Key] [FileName]  
  reg import [FileName ] 
  reg query [\\TargetIPaaddr\] [RegDomain]\[ Key ] /v [Valuename!] (you can to add /s for recurse all values ) 

• NET

  
  net view /domain
  net view /domain:otherdomain 
  net user %USERNAME% /domain 
  net accounts

* NETSH
>
```cmd
netsh wlan show profile

• NETSTAT

  netstat -antp | findstr :445

• NBTSTAT
• WMIC

  
  wmic bios 
  wmic qfe qfe get hotfixid 
  (This gets patches IDs) 
  wmic startupwmic service 
  wmic process get caption,executablepath,commandline 
  wmic process call create “process_name” (executes a program) 
  wmic process where name=”process_name” call terminate (terminates program) 
  wmic logicaldisk where drivetype=3 get name, freespace, systemname, filesystem, size, 
  volumeserialnumber (hard drive information) 
  wmic useraccount (usernames, sid, and various security related goodies) 
  wmic useraccount get /ALL 
  wmic share get /ALL (you can use ? for gets help ! ) 
  wmic startup list full (this can be a huge list!!!) 
  wmic /node:"hostname" bios get serialnumber (this can be great for finding warranty info about target)

* FSUTIL
> `fsutil fsinfo drives`
* QPROCESS
* WEVTUTIL
* WUSA
* QUERY
* TASKLIST
* AT (SCHTASKS)
* [RUNDLL32](http://www.thewindowsclub.com/rundll32-shortcut-commands-windows)
* MSTSC

## [Windows环境变量](http://www.cnblogs.com/valuel/archive/2010/04/01/1702434.html)

* %HOMEDRIVE% 
* %HOMEPATH%    
%HOMESHARE%
* %USERPROFILE%
* %SYSTEMDRIVE%
* %SystemRoot%
* %SESSIONNAME%
* %WINDIR% 
* %USERNAME% 

## [File]
* %SYSTEMDRIVE%\boot.ini 
* %WINDIR%\win.ini 
* %SYSTEMROOT%\repair\SAM 
* %SYSTEMROOT%\System32\config\RegBack\SAM 
* %SYSTEMROOT%\repair\system 
* %SYSTEMROOT%\System32\config\RegBack\system
* %SYSTEMDRIVE%\autoexec.bat 
* 
> 
```cmd
type yourfilepath 
tree C:\ /f /a > C:\output_of_tree.txt
dir /b /s [Directory or Filename] 
dir \ /s /b | find /I “searchstring” 

[sspring]

cmd命令补充：

1. set命令枚举所有已经环境变量
2. telnet测试端口是否开放

[mylamour]

• WindowsPost-ExploitationCommandList.pdf
• Password hashes dump tools.pdf
• PowerSploit