common listing
systeminfo
hostname
echo %username%
list users
net users
net user <username>
network
ipconfig /all
route print
arp -A
netstat -ano # active network connections
firewall status
netsh firewall show state
netsh firewall show config
netsh advfirewall firewall show rule all
Search patches for given patch
wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB.." /C:"KB.."
Kernel
systeminfo
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
Registry Checks for Passwords
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon"
reg query "HKLM\SYSTEM\Current\ControlSet\Services\SNMP"
reg query "HKCU\Software\SimonTatham\PuTTY\Sessions"
reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password
Places to Check for Credentials
C:\sysprep.inf
C:\sysprep\sysprep.xml
%WINDIR%\Panther\Unattend\Unattended.xml
%WINDIR%\Panther\Unattended.xml
dir /b /s unattend.xml
dir /b /s web.config
dir /b /s sysprep.inf
dir /b /s sysprep.xml
dir /b /s *pass*
dir /b /s vnc.ini
Find writable files
dir /a-r-d /s /b
/a
: search for attributes (r is read only and d is directory)/s
: recurse subdirectories/b
: bare format, Path and filename only