From f902252e55d9037b042d0f9c8112ed100a24a58b Mon Sep 17 00:00:00 2001 From: yehualiu Date: Wed, 4 Dec 2013 10:41:32 +0800 Subject: [PATCH] add systeminfo command to windows_cmd_config.md --- windows/windows_cmd_config.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/windows/windows_cmd_config.md b/windows/windows_cmd_config.md index 892a106..aa4eae6 100755 --- a/windows/windows_cmd_config.md +++ b/windows/windows_cmd_config.md @@ -56,6 +56,13 @@ Commands that display information about the configuration of the victim and are * **Output**: *
**Windows 2008:** Show/Hide
C:\Users\johndoe>whoami
lab\johndoe

C:\Users\johndoe>whoami/all

USER INFORMATION
----------------

User Name SID
=========== ===========================================
lab\johndoe S-1-5-21-60789211-843652525-1994898995-1001


GROUP INFORMATION
-----------------

Group Name Type SID Attributes
========================================== ================ ============ ==================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only
BUILTIN\Pre-Windows 2000 Compatible Access Alias S-1-5-32-554 Group used for deny only
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
Mandatory Label\Medium Mandatory Level Unknown SID type S-1-16-8192 Mandatory group, Enabled by default, Enabled group


PRIVILEGES INFORMATION
----------------------

Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
+### systeminfo + * **Command**: `systeminfo` + * **Command with arguments**: NA + * **Description**:In computing, systeminfo.exe, a command-line utility shipped with Microsoft Windows versions from Windows XP onwards, produces summary output of Windows hardware/software operating-environment parameters. + * **Output**: + *
**Windows 2008:** Show/Hide
C:\Windows\system32>systeminfo

Host Name: ADMIN-PC
OS Name: Microsoft Windows 2008
OS Version: 6.1.7601 Service Pack 1 Build 7601
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: johndoe
Registered Organization:
Product ID: 00426-OEM-8992662-00400
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
...
+ ### type * **Command**: `type` * **Command with arguments**: `type %WINDIR%\System32\drivers\etc\hosts` @@ -251,4 +258,4 @@ Logon server share SYSVOL C:\Windows\SYSVOL\sysvol * **Command with arguments**: `wmic useraccount [list full]` * **Description**: Retrieve information about the user accounts on the system. * **Output**: - *
**Windows 2008:** Show/Hide
C:\Users\johndoe>wmic useraccount list full


AccountType=512
Description=Built-in account for administering the computer/domain
Disabled=FALSE
Domain=LAB
FullName=
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=Administrator
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-500
SIDType=1
Status=OK


AccountType=512
Description=Key Distribution Center Service Account
Disabled=TRUE
Domain=LAB
FullName=
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=krbtgt
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-502
SIDType=1
Status=Degraded


AccountType=512
Description=
Disabled=FALSE
Domain=LAB
FullName=John Doe
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=johndoe
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-1001
SIDType=1
Status=OK
\ No newline at end of file + *
**Windows 2008:** Show/Hide
C:\Users\johndoe>wmic useraccount list full


AccountType=512
Description=Built-in account for administering the computer/domain
Disabled=FALSE
Domain=LAB
FullName=
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=Administrator
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-500
SIDType=1
Status=OK


AccountType=512
Description=Key Distribution Center Service Account
Disabled=TRUE
Domain=LAB
FullName=
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=krbtgt
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-502
SIDType=1
Status=Degraded


AccountType=512
Description=
Disabled=FALSE
Domain=LAB
FullName=John Doe
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=johndoe
PasswordChangeable=TRUE
PasswordExpires=TRUE
PasswordRequired=TRUE
SID=S-1-5-21-60789211-843652525-1994898995-1001
SIDType=1
Status=OK