Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @echo off
- echo ---------------- Systeminfo ----------------
- systeminfo
- echo.
- echo ---------------- Hostname ----------------
- hostname
- echo.
- echo ---------------- Current User ----------------
- echo %username%
- echo.
- echo ---------------- Current user information ----------------
- net users %username%
- echo.
- echo ---------------- Administrator user information ----------------
- net users Administrator
- echo.
- echo ---------------- List all users ----------------
- net users
- echo.
- echo ---------------- Network information ----------------
- ipconfig /all & route print & arp -a
- echo.
- echo ---------------- Environment ----------------
- set
- echo.
- echo ---------------- List open connections ----------------
- netstat -aton
- echo.
- echo ---------------- Firewall information ----------------
- netsh firewall show state
- netsh firewall show config
- echo.
- echo ---------------- List scheduled tasks ----------------
- schtasks /query /fo LIST /v
- echo.
- echo ---------------- List windows services ----------------
- net start
- tasklist /SVC
- WHERE wmic
- IF %ERRORLEVEL% NEQ 1 wmic /locale:ms_409 service list brief > wmi.txt
- type wmi.txt
- echo.
- echo ---------------- Incorrect permissions in services ----------------
- WHERE wmic
- IF %ERRORLEVEL% NEQ 1 GOTO WMIC_PERM
- GOTO WMIC_NOT_FOUND:
- :WMIC_PERM
- for /f "tokens=2 delims='='" %%a in ('wmic service list full^|find /i "pathname"^|find /i /v "system32"') do @echo %%a >> permissions.txt
- for /f eol^=^"^ delims^=^" %%a in (permissions.txt) do cmd.exe /c icacls %%a
- :WMIC_NOT_FOUND:
- WHERE sc
- IF %ERRORLEVEL% NEQ 1 GOTO SC_PERM
- GOTO SC_NOT_FOUND:
- :SC_PERM
- sc query state= all | findstr "SERVICE_NAME:" >> servicenames.txt
- FOR /F "tokens=2 delims= " %%i in (servicenames.txt) DO @echo %%i >> services.txt
- FOR /F %%i in (services.txt) do @sc qc %%i | findstr "BINARY_PATH_NAME" >> path.txt
- :SC_NOT_FOUND:
- accesschk.exe -uwcqv "Authenticated Users" * /accepteula
- accesschk.exe -qdws "Authenticated Users" C:\Windows\ /accepteula
- accesschk.exe -qdws Users C:\Windows\ /accepteula
- accesschk.exe -uwqs Users C:\*.* /accepteula
- accesschk.exe -uwqs "Authenticated Users" c:\*.* /accepteula
- accesschk.exe -uwdqs Users C:\ /accepteula
- echo ---------------- Incorrect permissions in folders ----------------
- icacls "C:\Program Files\*" 2>nul | findstr "(F)" | findstr "Everyone"
- icacls "C:\Program Files (x86)\*" 2>nul | findstr "(F)" | findstr "Everyone"
- icacls "C:\Program Files\*" 2>nul | findstr "(F)" | findstr "BUILTIN\Users"
- icacls "C:\Program Files (x86)\*" 2>nul | findstr "(F)" | findstr "BUILTIN\Users"
- icacls "C:\Program Files\*" 2>nul | findstr "(M)" | findstr "Everyone"
- icacls "C:\Program Files (x86)\*" 2>nul | findstr "(M)" | findstr "Everyone"
- icacls "C:\Program Files\*" 2>nul | findstr "(M)" | findstr "BUILTIN\Users"
- icacls "C:\Program Files (x86)\*" 2>nul | findstr "(M)" | findstr "BUILTIN\Users"
- echo.
- echo ---------------- Find unquoted paths ----------------
- wmic service get name,displayname,pathname,startmode |findstr /i "Auto" |findstr /i /v "C:\Windows\\" |findstr /i /v """
- echo.
- echo ---------------- ClearText passwords ----------------
- findstr /si password *.txt
- findstr /si password *.xml
- findstr /si password *.ini
- dir /s *pass* == *cred* == *vnc* == *.config*
- findstr /spin "password" *.*
- findstr /spin "password" *.*
- type c:\sysprep.inf
- type c:\sysprep\sysprep.xml
- type c:\unattend.xml
- type %WINDIR%\Panther\Unattend\Unattended.xml
- type %WINDIR%\Panther\Unattended.xml
- dir c:*vnc.ini /s /b
- dir c:*ultravnc.ini /s /b
- dir c:\ /s /b | findstr /si *vnc.ini
- reg query HKLM /f password /t REG_SZ /s
- reg query HKCU /f password /t REG_SZ /s
- reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon"
- reg query "HKLM\SYSTEM\Current\ControlSet\Services\SNMP"
- reg query "HKCU\Software\SimonTatham\PuTTY\Sessions"
- reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password
- reg query HKLM /f password /t REG_SZ /s
- reg query HKCU /f password /t REG_SZ /s
- echo.
- echo ---------------- AlwaysInstallElevated ----------------
- reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
- reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
- echo.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement