内网渗透之信息收集（更新中）

基本信息

安全防护进程

msf信息收集模块

auxitiary系列
post系列

获取目标机器的分区情况

run post/windows/gather/arp_scanner 
Device Name:                    Type:   Size (bytes):
------------                    -----   -------------
<Physical Drives:>
<Logical Drives:>
\\.\A:                               4702111234474983745
\\.\D:                               4702111234474983745

判断是否为虚拟机

run post/windows/gather/checkvm

[*] Checking if WIN-PAK5LLUK1FA is a Virtual Machine ...
[+] This is a VMware Virtual Machine

开启那些服务

run post/windows/gather/enum_services

安装那些应用

run post/windows/gather/enum_applications

查看共享

run post/windows/gather/enum_shares

获取主机最近的系统操作

run post/windows/gather/dumplinks

查看补丁

run post/windows/gather/enum_applications

scraper脚本 获取系统信息

winenum脚本
run winenum 同上脚本大同

操作记录

配置文件敏感信息
浏览器访问记录
浏览器记录密码

主机信息收集

IP、域名、计算机名、DNS等：ipconfig /all

本地用户、会话信息：net user

net localgroup administrators

query user

net session
域内用户名：net user /domain

dquery user
wmic useraccount get /all

域管理组成员：net group “domain admins” /domain

域控制器列表：net group “domain controllers” /domain

路由信息：arp -a

route print

域或工作组计算机列表：net view /domain

域控域名、时间：net time /domain

本地详细信息：systeminfo

本地端口信息：netstat -anp
netstat -ano

本地进程信息：tasklist /svc

wmic process list brief

本地服务信息：wmic service list brief

域内共享信息：net share

wmic share get name,path,status

本地启动信息：wmic startup get command,caption

计划任务信息：schtasks /query /fo LIST /v
本地补丁信息：wmic qfe get Caption,Description,HotFixID,InstalledOn
本地安装程序信息：wmic product get name,version

powershell “Get-WmiObject -class Win32_Product | Select-Object -Property name, version”

常见杀软进程

    					 {"360tray.exe",    "360安全卫士"},
                            {"360sd.exe",      "360杀毒"},
                            {"a2guard.exe",    "a-squared杀毒"},
                            {"ad-watch.exe",    "Lavasoft杀毒"},
                            {"cleaner8.exe",    "The Cleaner杀毒"},
                            {"vba32lder.exe",    "vb32杀毒"},
                            {"MongoosaGUI.exe",    "Mongoosa杀毒"},
                            {"CorantiControlCenter32.exe",    "Coranti2012杀毒"},
                            {"F-PROT.EXE",    "F-PROT杀毒"},
                            {"CMCTrayIcon.exe",    "CMC杀毒"},
                            {"K7TSecurity.exe",    "K7杀毒"},
                            {"UnThreat.exe",    "UnThreat杀毒"},
                            {"CKSoftShiedAntivirus4.exe",    "Shield Antivirus杀毒"},
                            {"AVWatchService.exe",    "VIRUSfighter杀毒"},
                            {"ArcaTasksService.exe",    "ArcaVir杀毒"},
                            {"iptray.exe",    "Immunet杀毒"},
                            {"PSafeSysTray.exe",    "PSafe杀毒"},
                            {"nspupsvc.exe",    "nProtect杀毒"},
                            {"SpywareTerminatorShield.exe",    "SpywareTerminator杀毒"},
                            {"BKavService.exe",    "Bkav杀毒"},
                            {"MsMpEng.exe",    "Microsoft Security Essentials"},
                            {"SBAMSvc.exe",    "VIPRE"},
                            {"ccSvcHst.exe",    "Norton杀毒"},
                            {"QQ.exe",    "QQ"},
                            {"f-secure.exe",    "冰岛"},
                            {"avp.exe",        "卡巴斯基"},
                            {"KvMonXP.exe",    "江民杀毒"},
                            {"RavMonD.exe",    "瑞星杀毒"},
                            {"Mcshield.exe",   "麦咖啡"},
                            {"egui.exe",       "NOD32"},
                            {"kxetray.exe",    "金山毒霸"}, 
                            {"knsdtray.exe",   "可牛杀毒"},
                            {"TMBMSRV.exe",    "趋势杀毒"},
                            {"avcenter.exe",   "Avira(小红伞)"},
                            {"ashDisp.exe",    "Avast网络安全"}, 
                            {"rtvscan.exe",    "诺顿杀毒"}, 
                            {"ksafe.exe",      "金山卫士"}, 
                            {"QQPCRTP.exe",    "QQ电脑管家"},
                            {"Miner.exe",    "流量矿石"},
                            {"AYAgent.aye",    "韩国胶囊"},
                            {"patray.exe",    "安博士"},
                            {"V3Svc.exe",    "安博士V3"},
                            {"avgwdsvc.exe",    "AVG杀毒"},
                            {"ccSetMgr.exe",    "赛门铁克"},
                            {"QUHLPSVC.EXE",    "QUICK HEAL杀毒"},
                            {"mssecess.exe",    "微软杀毒"},
                            {"SavProgress.exe",    "Sophos杀毒"},
                            {"fsavgui.exe",    "F-Secure杀毒"},
                            {"vsserv.exe",    "比特梵德"},
                            {"remupd.exe",    "熊猫卫士"},
                            {"FortiTray.exe",    "飞塔"},
                            {"safedog.exe",    "安全狗"},
                            {"parmor.exe",    "木马克星"},
                            {"beikesan.exe",    "贝壳云安全"},
                            {"KSWebShield.exe",    "金山网盾"},
                            {"TrojanHunter.exe",    "木马猎手"},
                            {"GG.exe",    "巨盾网游安全盾"},
                            {"adam.exe",    "绿鹰安全精灵"},
                            {"AST.exe",    "超级巡警"},
                            {"ananwidget.exe",    "墨者安全专家"},
                            {"AVK.exe",    "GData"},
                            {"ccapp.exe",    "Symantec Norton"},
                            {"avg.exe",    "AVG Anti-Virus"},
                            {"spidernt.exe",    "Dr.web"},
                            {"Mcshield.exe",    "Mcafee"},
                            {"avgaurd.exe",    "Avira Antivir"},
                            {"F-PROT.exe",    "F-Prot AntiVirus"},
                            {"vsmon.exe",    "ZoneAlarm"},
                            {"avp.exee",    "Kaspersky"},
                            {"cpf.exe",    "Comodo"},
                            {"outpost.exe",    "Outpost Firewall"},
                            {"rfwmain.exe",    "瑞星防火墙"},
                            {"kpfwtray.exe",    "金山网镖"},
                            {"FYFireWall.exe",    "风云防火墙"},
                            {"MPMon.exe",    "微点主动防御"},
                            {"pfw.exe",    "天网防火墙"},
                            {"S.exe",    "在抓鸡"},
                            {"1433.exe",    "在扫1433"},
                            {"DUB.exe",    "在爆破"},
                            {"ServUDaemon.exe",    "发现S-U"},
                           {"BaiduSdSvc.exe",    "百度杀软"},



安全狗
SafeDogGuardCenter.exe
safedogupdatecenter.exe
safedogguardcenter.exe
SafeDogSiteIIS.exe
SafeDogTray.exe
SafeDogServerUI.exe
D盾
D_Safe_Manage.exe
d_manage.exe
云锁
yunsuo_agent_service.exe
yunsuo_agent_daemon.exe
护卫神
HwsPanel.exe  护卫神·入侵防护系统（状态托盘）
hws_ui.exe    护卫神·入侵防护系统 - www.huweishen.com
hws.exe       护卫神·入侵防护系统 服务处理程序
hwsd.exe      护卫神·入侵防护系统 监控组件
火绒
hipstray.exe
wsctrl.exe
usysdiag.exe