Once you got the meterpreter
session use ‘shell ‘command to get command prompt of the target.
Now type wmic /? Displays
help
wmic memory chip – to
get get Bank Label, Capacity, Caption, Creation ClassName, DataWidth,
Description, Device locator, Form
Factor, HotSwappable, Install Date etc.
wmic process list full – to
get Caption, CommandLine, Handle, HandleCount, PageFaults, PageFileUsage,
PArentProcessId, ProcessId, ThreadCount
wmic startup – to get Caption, Location, Command
wmic bios – get name, version, serial number
wmic bootconfig – get BootDirectory, Caption, TempDirectory, Lastdrive
wmic useraccount – get
Account Type, Description, Domain, Disabled, Local Account, Lockout, Password
Changeable, Password Expires, Password Required, SID
wmic sysdriver – get Caption, Name, PathName, ServiceType, State, Status
wmic share – get name, path, status
baseboard
|
get Manufacturer, Model, Name,
PartNumber, slotlayout, serialnumber, poweredon
|
cdrom
|
get Name, Drive, Volumename
|
computersystem
|
get Name, domain, Manufacturer,
Model, NumberofProcessors, PrimaryOwnerName,Username, Roles,
totalphysicalmemory /format:list
|
datafile
|
where name=’c:\\boot.ini’ get
Archive, FileSize, FileType, InstallDate, Readable, Writeable, System,
Version
|
dcomapp
|
get Name, AppID /format:list
|
desktop
|
get Name, ScreenSaverExecutable,
ScreenSaverActive, Wallpaper /format:list
|
desktopmonitor
|
get screenheight, screenwidth
|
diskdrive
|
get Name, Manufacturer, Model,
InterfaceType, MediaLoaded, MediaType
|
diskquota
|
get User, Warninglimit,
DiskSpaceUsed, QuotaVolume
|
environment
|
get Description, VariableValue
|
fsdir
|
where name=’c:\\windows’ get
Archive, CreationDate, LastModified, Readable, Writeable, System, Hidden,
Status
|
group
|
get Caption, InstallDate,
LocalAccount, Domain, SID, Status
|
idecontroller
|
get Name, Manufacturer, DeviceID,
Status
|
irq
|
get Name, Status
|
job
|
get Name, Owner, DaysOfMonth,
DaysOfWeek, ElapsedTime, JobStatus, StartTime, Status
|
loadorder
|
get Name, DriverEnabled,
GroupOrder, Status
|
logicaldisk
|
get Name, Compressed, Description,
DriveType, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName
|
memcache
|
get Name, BlockSize, Purpose,
MaxCacheSize, Status
|
memlogical
|
get AvailableVirtualMemory,
TotalPageFileSpace, TotalPhysicalMemory, TotalVirtualMemory
|
memphysical
|
get Manufacturer, Model,
SerialNumber, MaxCapacity, MemoryDevices
|
netclient
|
get Caption, Name, Manufacturer,
Status
|
netlogin
|
get Name, Fullname, ScriptPath,
Profile, UserID, NumberOfLogons, PasswordAge, LogonServer, HomeDirectory,
PrimaryGroupID
|
netprotocol
|
get Caption, Description,
GuaranteesSequencing, SupportsBroadcasting, SupportsEncryption, Status
|
netuse
|
get Caption, DisplayType,
LocalName, Name, ProviderName, Status
|
nic
|
get AdapterType, AutoSense, Name,
Installed, MACAddress, PNPDeviceID,PowerManagementSupported, Speed,
StatusInfo
|
nicconfig
|
get MACAddress, DefaultIPGateway,
IPAddress, IPSubnet, DNSHostName, DNSDomain
|
ntdomain
|
get Caption, ClientSiteName,
DomainControllerAddress, DomainControllerName, Roles, Status
|
ntevent
|
where (LogFile=’system’ and
SourceName=’W32Time’) get Message, TimeGenerated
|
onboarddevice
|
get Description, DeviceType,
Enabled, Status
|
os
|
get Version, Caption, CountryCode,
CSName, Description, InstallDate, SerialNumber, ServicePackMajorVersion,
WindowsDirectory /format:list
|
pagefile
|
get Caption, CurrentUsage, Status,
TempPageFile
|
pagefileset
|
get Name, InitialSize, MaximumSize
|
partition
|
get Caption, Size,
PrimaryPartition, Status, Type
|
printer
|
get DeviceID, DriverName, Hidden,
Name, PortName, PowerManagementSupported, PrintJobDataType,
VerticalResolution, Horizontalresolution
|
printjob
|
get Description, Document,
ElapsedTime, HostPrintQueue, JobID, JobStatus, Name, Notify, Owner,
TimeSubmitted, TotalPages
|
product
|
get Description, InstallDate,
Name, Vendor, Version
|
qfe
|
get description, FixComments,
HotFixID, InstalledBy, InstalledOn, ServicePackInEffect
|
quotasetting
|
get Caption, DefaultLimit,
Description, DefaultWarningLimit, SettingID, State
|
recoveros
|
get AutoReboot, DebugFilePath,
WriteDebugInfo, WriteToSystemLog
|
Registry
|
get CurrentSize, MaximumSize, ProposedSize,
Status
|
scsicontroller
|
get Caption, DeviceID,
Manufacturer, PNPDeviceID
|
server
|
get ErrorsAccessPermissions,
ErrorsGrantedAccess, ErrorsLogon, ErrorsSystem, FilesOpen,
FileDirectorySearches
|
service
|
get Name, Caption, State,
ServiceType, StartMode, pathname
|
sounddev
|
get Caption, DeviceID,
PNPDeviceID, Manufacturer, status
|
sysaccount
|
get Caption, Domain, Name, SID,
SIDType, Status
|
systemenclosure
|
get Caption, Height, Depth,
Manufacturer, Model, SMBIOSAssetTag, AudibleAlarm, SecurityStatus,
SecurityBreach, PoweredOn, NumberOfPowerCords
|
systemslot
|
get Number, SlotDesignation,
Status, SupportsHotPlug, Version, CurrentUsage, ConnectorPinout
|
tapedrive
|
get Name, Capabilities,
Compression, Description, MediaType, NeedsCleaning, Status, StatusInfo
|
timezone
|
get Caption, Bias, DaylightBias,
DaylightName, StandardName
|
No comments:
Post a Comment