weyne/pwnwiki.github.io
1
0
Fork 0
mirror of https://github.com/oXis/pwnwiki.github.io.git synced 2025-10-29 16:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding files I forgot to add yesterday

Browse Source
This commit is contained in:
webbreacher 2014-01-23 17:20:18 -05:00
parent 0f442d0f80
commit b55aa38841
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
presence/windows/blind.md
View File

@ -26,4 +26,4 @@ The files below are things to pull when all you can do is to blindly read. Examp
| `%WINDIR%\system32\config\default.sav`<br>`%WINDIR%\system32\config\security.sav`<br>`%WINDIR%\system32\config\software.sav`<br>`%WINDIR%\system32\config\system.sav` | Backup Windows registry files (http://forensics.wikia.com/wiki/Windows_registry_entries) | | `%WINDIR%\system32\config\default.sav`<br>`%WINDIR%\system32\config\security.sav`<br>`%WINDIR%\system32\config\software.sav`<br>`%WINDIR%\system32\config\system.sav` | Backup Windows registry files (http://forensics.wikia.com/wiki/Windows_registry_entries) |
| `%WINDIR%\system32\logfiles\httperr\httperr1.log` | IIS 6.x web server error logs. | | `%WINDIR%\system32\logfiles\httperr\httperr1.log` | IIS 6.x web server error logs. |
| `%WINDIR%\system32\logfiles\w3svc1\exYYMMDD.log` where YYMMDD = year month day | Web server log files. | | `%WINDIR%\system32\logfiles\w3svc1\exYYMMDD.log` where YYMMDD = year month day | Web server log files. |
| `unattend.txt, unattend.xml, sysprep.inf` | Used in the automated deployment of Windows images and can contain user accounts. | | `unattend.txt, unattend.xml, unattended.xml, sysprep.inf` | Used in the automated deployment of Windows images and can contain user accounts. Sometimes found in the `%WINDIR%\Panther\` directory. |

2
presence/windows/windows_cmd_config.md
View File

@ -214,7 +214,7 @@ For some of these `wmic` commands that pull information (versus perform an actio
### Process Create ### Process Create
* **Command with arguments**: `wmic process call create [EXECUTABLE]` * **Command with arguments**: `wmic process call create [EXECUTABLE]`
* **Description**: Launches an executable. Replace [EXECUTABLE] with the name of the executable you'd like to launch (for example: calc.exe). Do not include quotes around the value (for example: *DO* use calc.exe; do *NOT* use "calc.exe"). * **Description**: Launches an executable. Replace [EXECUTABLE] with the name of the executable you'd like to launch (for example: calc.exe). Do not include quotes around the value (for example: *DO* use calc.exe; do *NOT* use "calc.exe"). Another option for this command comes from [Rob Fuller's talk](http://www.slideshare.net/mubix/windows-attacks-at-is-the-new-black-26665607): `wmic /node:DC1 /user:DOMAIN\domainadminsvc /password:domainadminsvc123 process call create "cmd /c vssadmin list shadows 2>&1 > c:\temp\output.txt"`
* **Output**: * **Output**:
* <div class="slide" style="cursor: pointer;"> **Windows 2008:** Show/Hide</div><div class="view"><code>C:\Users\johndoe>wmic process call create calc.exe<br>Executing (Win32_Process)->Create()<br>Method execution successful.<br>Out Parameters:<br>instance of __PARAMETERS<br>{<br> ProcessId = 1936;<br> ReturnValue = 0;<br>};</code></div> * <div class="slide" style="cursor: pointer;"> **Windows 2008:** Show/Hide</div><div class="view"><code>C:\Users\johndoe>wmic process call create calc.exe<br>Executing (Win32_Process)->Create()<br>Method execution successful.<br>Out Parameters:<br>instance of __PARAMETERS<br>{<br> ProcessId = 1936;<br> ReturnValue = 0;<br>};</code></div>