How To

Forensics Investigation of Remote PC (Part 1)

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target.

Now type wmic /? Displays help

wmic cpu list full – get Name, Caption, MaxClockSpeed, DeviceID, and etc status

wmic memory chip – to get get Bank Label, Capacity, Caption, Creation ClassName, DataWidth, Description, Device locator, Form Factor, HotSwappable, Install Date etc.

wmic process list full – to get Caption, CommandLine, Handle, HandleCount, PageFaults, PageFileUsage, PArentProcessId, ProcessId, ThreadCount

wmic startup – to get Caption, Location, Command

wmic bios – get name, version, serial number

wmic bootconfig – get BootDirectory, Caption, TempDirectory, Lastdrive

wmic startup – get Caption, Location, Command

wmic useraccount – get Account Type, Description, Domain, Disabled, Local Account, Lockout, Password Changeable, Password Expires, Password Required, SID

wmic driver – get Caption, Name, PathName, ServiceType, State, Status

wmic share – get name, path, status

baseboardget Manufacturer, Model, Name, PartNumber, slotlayout, serialnumber, poweredon
cdromget Name, Drive, Volumename
computersystemget Name, domain, Manufacturer, Model, NumberofProcessors, PrimaryOwnerName,Username, Roles, totalphysicalmemory /format:list
datafilewhere name=’c:boot.ini’ get Archive, FileSize, FileType, InstallDate, Readable, Writeable, System, Version
dcomappget Name, AppID /format:list
desktopget Name, ScreenSaverExecutable, ScreenSaverActive, Wallpaper /format:list
desktopmonitorget screenheight, screenwidth
diskdriveget Name, Manufacturer, Model, InterfaceType, MediaLoaded, MediaType
diskquotaget User, Warninglimit, DiskSpaceUsed, QuotaVolume
environmentget Description, VariableValue
fsdirwhere name=’c:windows’ get Archive, CreationDate, LastModified, Readable, Writeable, System, Hidden, Status
groupget Caption, InstallDate, LocalAccount, Domain, SID, Status
idecontrollerget Name, Manufacturer, DeviceID, Status
irqget Name, Status
jobget Name, Owner, DaysOfMonth, DaysOfWeek, ElapsedTime, JobStatus, StartTime, Status
loadorderget Name, DriverEnabled, GroupOrder, Status
logicaldiskget Name, Compressed, Description, DriveType, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName
memcacheget Name, BlockSize, Purpose, MaxCacheSize, Status
memlogicalget AvailableVirtualMemory, TotalPageFileSpace, TotalPhysicalMemory, TotalVirtualMemory
memphysicalget Manufacturer, Model, SerialNumber, MaxCapacity, MemoryDevices
netclientget Caption, Name, Manufacturer, Status
netloginget Name, Fullname, ScriptPath, Profile, UserID, NumberOfLogons, PasswordAge, LogonServer, HomeDirectory, PrimaryGroupID
netprotocolget Caption, Description, GuaranteesSequencing, SupportsBroadcasting, SupportsEncryption, Status
netuseget Caption, DisplayType, LocalName, Name, ProviderName, Status
nicget AdapterType, AutoSense, Name, Installed, MACAddress, PNPDeviceID,PowerManagementSupported, Speed, StatusInfo
nicconfigget MACAddress, DefaultIPGateway, IPAddress, IPSubnet, DNSHostName, DNSDomain
ntdomainget Caption, ClientSiteName, DomainControllerAddress, DomainControllerName, Roles, Status
nteventwhere (LogFile=’system’ and SourceName=’W32Time’) get Message, TimeGenerated
onboarddeviceget Description, DeviceType, Enabled, Status
osget Version, Caption, CountryCode, CSName, Description, InstallDate, SerialNumber, ServicePackMajorVersion, WindowsDirectory /format:list
pagefileget Caption, CurrentUsage, Status, TempPageFile
pagefilesetget Name, InitialSize, MaximumSize
partitionget Caption, Size, PrimaryPartition, Status, Type
printerget DeviceID, DriverName, Hidden, Name, PortName, PowerManagementSupported, PrintJobDataType, VerticalResolution, Horizontalresolution
printjobget Description, Document, ElapsedTime, HostPrintQueue, JobID, JobStatus, Name, Notify, Owner, TimeSubmitted, TotalPages
productget Description, InstallDate, Name, Vendor, Version
qfeget description, FixComments, HotFixID, InstalledBy, InstalledOn, ServicePackInEffect
quotasettingget Caption, DefaultLimit, Description, DefaultWarningLimit, SettingID, State
recoverosget AutoReboot, DebugFilePath, WriteDebugInfo, WriteToSystemLog
Registryget CurrentSize, MaximumSize, ProposedSize, Status
scsicontrollerget Caption, DeviceID, Manufacturer, PNPDeviceID
serverget ErrorsAccessPermissions, ErrorsGrantedAccess, ErrorsLogon, ErrorsSystem, FilesOpen, FileDirectorySearches
serviceget Name, Caption, State, ServiceType, StartMode, pathname
sounddevget Caption, DeviceID, PNPDeviceID, Manufacturer, status
sysaccountget Caption, Domain, Name, SID, SIDType, Status
systemenclosureget Caption, Height, Depth, Manufacturer, Model, SMBIOSAssetTag, AudibleAlarm, SecurityStatus, SecurityBreach, PoweredOn, NumberOfPowerCords
systemslotget Number, SlotDesignation, Status, SupportsHotPlug, Version, CurrentUsage, ConnectorPinout
tapedriveget Name, Capabilities, Compression, Description, MediaType, NeedsCleaning, Status, StatusInfo
timezoneget Caption, Bias, DaylightBias, DaylightName, StandardName

Related Posts Plugin for WordPress, Blogger...

You Might Also Like