From f902252e55d9037b042d0f9c8112ed100a24a58b Mon Sep 17 00:00:00 2001 From: yehualiu Date: Wed, 4 Dec 2013 10:41:32 +0800 Subject: [PATCH 1/5] add systeminfo command to windows_cmd_config.md --- windows/windows_cmd_config.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/windows/windows_cmd_config.md b/windows/windows_cmd_config.md index 892a106..aa4eae6 100755 --- a/windows/windows_cmd_config.md +++ b/windows/windows_cmd_config.md @@ -56,6 +56,13 @@ Commands that display information about the configuration of the victim and are * **Output**: *
**Windows 2008:** Show/Hide
C:\Users\johndoe>whoami
lab\johndoe

C:\Users\johndoe>whoami/all

USER INFORMATION
----------------

User Name SID
=========== ===========================================
lab\johndoe S-1-5-21-60789211-843652525-1994898995-1001


GROUP INFORMATION
-----------------

Group Name Type SID Attributes
========================================== ================ ============ ==================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only
BUILTIN\Pre-Windows 2000 Compatible Access Alias S-1-5-32-554 Group used for deny only
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
Mandatory Label\Medium Mandatory Level Unknown SID type S-1-16-8192 Mandatory group, Enabled by default, Enabled group


PRIVILEGES INFORMATION
----------------------

Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
+### systeminfo + * **Command**: `systeminfo` + * **Command with arguments**: NA + * **Description**:In computing, systeminfo.exe, a command-line utility shipped with Microsoft Windows versions from Windows XP onwards, produces summary output of Windows hardware/software operating-environment parameters. + * **Output**: + *
**Windows 2008:** Show/Hide
C:\Windows\system32>systeminfo

Host Name: ADMIN-PC
OS Name: Microsoft Windows 2008
OS Version: 6.1.7601 Service Pack 1 Build 7601
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: johndoe
Registered Organization:
Product ID: 00426-OEM-8992662-00400
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
...
+ ### type * **Command**: `type` * **Command with arguments**: `type %WINDIR%\System32\drivers\etc\hosts` @@ -251,4 +258,4 @@ Logon server share SYSVOL C:\Windows\SYSVOL\sysvol * **Command with arguments**: `wmic useraccount [list full]` * **Description**: Retrieve information about the user accounts on the system. * **Output**: - *
**Windows 2008:** Show/Hide
C:\Users\johndoe>wmic useraccount list full


AccountType=512
Description=Built-in account for administering the computer/domain
Disabled=FALSE
Domain=LAB
FullName=
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=Administrator
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-500
SIDType=1
Status=OK


AccountType=512
Description=Key Distribution Center Service Account
Disabled=TRUE
Domain=LAB
FullName=
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=krbtgt
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-502
SIDType=1
Status=Degraded


AccountType=512
Description=
Disabled=FALSE
Domain=LAB
FullName=John Doe
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=johndoe
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-1001
SIDType=1
Status=OK
\ No newline at end of file + *
**Windows 2008:** Show/Hide
C:\Users\johndoe>wmic useraccount list full


AccountType=512
Description=Built-in account for administering the computer/domain
Disabled=FALSE
Domain=LAB
FullName=
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=Administrator
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-500
SIDType=1
Status=OK


AccountType=512
Description=Key Distribution Center Service Account
Disabled=TRUE
Domain=LAB
FullName=
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=krbtgt
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-502
SIDType=1
Status=Degraded


AccountType=512
Description=
Disabled=FALSE
Domain=LAB
FullName=John Doe
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=johndoe
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-1001
SIDType=1
Status=OK
From 5e3d9db3a155128f0eada0ecaf70ffc09664dff8 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 15:47:39 -0500 Subject: [PATCH 2/5] Removing execute permissions from chmod, not needed for text files --- references/rosetta.htm | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 references/rosetta.htm diff --git a/references/rosetta.htm b/references/rosetta.htm old mode 100755 new mode 100644 From db719a808d3d0e83dfca0dd128bb3337bfa5dae7 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 15:47:15 -0500 Subject: [PATCH 3/5] Removing execute permissions from chmod, not needed for text files --- osx/bulk.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 osx/bulk.md diff --git a/osx/bulk.md b/osx/bulk.md old mode 100755 new mode 100644 From be6d377c010d9654d780fd348ad81fb27a28f458 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 15:46:44 -0500 Subject: [PATCH 4/5] Removing execute permissions from chmod, not needed for text files --- windows/autostart.md | 0 windows/binary.md | 0 windows/cover.md | 0 windows/find_files.md | 0 windows/windows_cmd_config.md | 0 5 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 windows/autostart.md mode change 100755 => 100644 windows/binary.md mode change 100755 => 100644 windows/cover.md mode change 100755 => 100644 windows/find_files.md mode change 100755 => 100644 windows/windows_cmd_config.md diff --git a/windows/autostart.md b/windows/autostart.md old mode 100755 new mode 100644 diff --git a/windows/binary.md b/windows/binary.md old mode 100755 new mode 100644 diff --git a/windows/cover.md b/windows/cover.md old mode 100755 new mode 100644 diff --git a/windows/find_files.md b/windows/find_files.md old mode 100755 new mode 100644 diff --git a/windows/windows_cmd_config.md b/windows/windows_cmd_config.md old mode 100755 new mode 100644 From 685339cdb748b1b2dd385876ca5b6ff1b2be011e Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 15:46:18 -0500 Subject: [PATCH 5/5] Removing execute permissions from chmod, not needed for text files --- linux/bulk.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 linux/bulk.md diff --git a/linux/bulk.md b/linux/bulk.md old mode 100755 new mode 100644