| Command |
|---|
| hostname |
| whoami /all |
| systeminfo |
| net users |
| systeminfo |
| ipconfig \all |
| tree C:\ /f /a > C:\output_of_tree.txt |
| route print |
| arp -A |
| netstat -bano |
| schtasks |
| tasklist |
| netsh firewall show state |
| net user |
| net accounts |
| dir /s pass == cred == vnc == .config |
| findstr /si password *.xml *.ini *.txt |
| reg query HKLM /f password /t REG_SZ /s |
| reg query HKCU /f password /t REG_SZ /s |
| type %WINDIR%\System32\drivers\etc\hosts |
| reg save HKLM\Security security.hive |
| reg save HKLM\System system.hive |
| reg save HKLM\SAM sam.hive |
| File |
|---|
| %SYSTEMDRIVE%\boot.ini |
| %WINDIR%\win.ini |
| %SYSTEMDRIVE%\pagefile.sys |
| %WINDIR%\debug\NetSetup.log |
| %WINDIR%\repair\sam |
| %WINDIR%\repair\system |
| %WINDIR%\repair\software |
| %WINDIR%\repair\security |
| %WINDIR%\iisX.log |
| %WINDIR%\system32\config\AppEvent.Evt |
| %WINDIR%\system32\config\SecEvent.Evt |
| %WINDIR%\system32\config\default.sav |
| %WINDIR%\system32\config\security.sav |
| %WINDIR%\system32\config\software.sav |
| %WINDIR%\system32\config\system.sav |
| %WINDIR%\system32\CCM\logs*.log |
| %USERPROFILE%\ntuser.dat |
| %WINDIR%\System32\drivers\etc\hosts |
| %WINDIR%\system32\sysprep.inf |
| %WINDIR%\system32\sysprep\sysprep.xml |