内网信息收集
利用cs手动收集
不管是在外网中还是在内网中,信息收集都是重要的第一步。对于内网中的一台机器,其所处内网的结构是什么样的、其角色是什么、使用这台机器的人的角色是什么,以及这台机器上安装了什么杀毒软件、这台机器是通过什么方式上网的、这台机器是笔记本电脑还是台式机等问题,都需要通过信息收集来解答。
注:一般命令前都要加shell
查看文件:
type 1.txt
网络配置信息:
获取本机的网络配置信息
ipconfig
操作系统和软件信息:
查询操作系统和版本信息:
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" systeminfo| findstr /B /C:"OS 名称" /C:"OS 版本"
查看系统体系结构:
echo %PROCESSOR_ARCHITECTURE%
查看安装的软件及版本:
wmic product get name,version powershell "Get‐WmiObject ‐class win32_product | Select‐Object ‐Property name,version"
本机服务信息
wmic service list brief
进程信息
tasklist wmic process list brief
启动程序信息
wmic startup get command,caption
计划任务信息
如果出现无法加载列资源 输入:chcp 437
schtasks /query /fo LIST /v
主机开机时间信息
net statistics workstation
用户列表信息
net user wmic useraccount get name ,SID
列出会话
net session
查询端口列表
netstat ‐ano
查看补丁列表
systeminfo wmic qfe get Caption,Description,HotFixID,InstalledOn
查询共享列表
net share wmic share get name,path,status
路由信息
route print
防火墙相关操作
1、查看防火墙是否开启
netsh firewall show state
2、关闭防火墙强
Windows server 2003:
netsh firewall set opmode disable
Windows server 2003之后:
netsh firewall set opmode disable
netsh advfirewall set allprofilesstate off
3、查看防火墙配置
netsh firewall show config
4、修改防火墙配置
2003及之前的版本,允许指定的程序进行全部的连接:
netsh firewall add allowedprogram c:\nc.exe "allownc" enable
2003之后的版本,允许指定的程序进行全部的连接
netsh advfirewall firewall add rule name="pass nc" dir=in action=allow program="C:\nc.exe"
允许指定程序退出,命令如下
netsh advfirewall firewall add rule name="Allownc" dir=out action=allow program="C: \nc.exe"
允许3389端口放行,命令如下
netsh advfirewall firewall add rule name="RemoteDesktop" protocol=TCP dir=in localport=3389 action=allow
#允许4444端口进站 netsh advfirewall firewall add rule name=test dir=in action=allow protocol=tcp localport=4444 #允许a.exe进站 netsh advfirewall firewall add rule name=test dir=in action=allow program=c:\a.exe #允许4444端口出站 netsh advfirewall firewall add rule name=test dir=out action=allow protocol=tcp localport=4444 #允许a.exe出站 netsh advfirewall firewall add rule name=test dir=out action=allow program=c:\a.exe
开启远程服务
1、在2003机器上
wmic path win32_terminalservicesetting where (_CLASS !="") call setallowtsconnections 1
2、在server2008和server 2021
#开启 REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f #关闭 REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 11111111 /f
WIFI密码收集
for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @echo %j | findstr ‐i ‐v echo | netsh wlan show profiles %j key=clear
查询RDP端口
eg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP‐ Tcp" /V PortNumber
0xd3d即为3389端口
查看代理配置信息
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
查看当前保存的登陆凭证
cmdkey /l
Arp信息
arp ‐a
查看最近打开的文档
dir %APPDATA%\Microsoft\Windows\Recent
查询本机用户组
net localgroup
管理员组成员列表
net localgroup administrators
RDP凭证
dir /a %userprofile%\AppData\Local\Microsoft\Credentials\*
浏览器密码获取
杀毒软件查询
wmic /node:localhost /namespace:\\root\securitycenter2 path antivirusproduct get displayname /format:list
常见杀软程序
avList = {
"360tray.exe": "360安全卫士‐实时保护"
"360safe.exe": "360安全卫士‐主程序"
"ZhuDongFangYu.exe": "360安全卫士‐主动防御"
"360sd.exe": "360杀毒"
"a2guard.exe": "a‐squared杀毒"
"ad‐watch.exe": "Lavasoft杀毒"
"cleaner8.exe": "The Cleaner杀毒"
"vba32lder.exe": "vb32杀毒"
"MongoosaGUI.exe": "Mongoosa杀毒"
"CorantiControlCenter32.exe": "Coranti2012杀毒"
"F‐PROT.exe": "F‐Prot AntiVirus"
"CMCTrayIcon.exe": "CMC杀毒"
"K7TSecurity.exe": "K7杀毒"
"UnThreat.exe": "UnThreat杀毒"
"CKSoftShiedAntivirus4.exe": "Shield Antivirus杀毒"
"AVWatchService.exe": "VIRUSfighter杀毒"
"ArcaTasksService.exe": "ArcaVir杀毒"
"iptray.exe": "Immunet杀毒"
PSafeSysTray.exe": "PSafe杀毒"
"nspupsvc.exe": "nProtect杀毒"
"SpywareTerminatorShield.exe": "SpywareTerminator反间谍软件"
"BKavService.exe": "Bkav杀毒"
MsMpEng.exe": "Microsoft Security Essentials"
"SBAMSvc.exe": "VIPRE"
"ccSvcHst.exe": "Norton杀毒"
"f‐secure.exe": "冰岛"
"avp.exe": "Kaspersky"
"KvMonXP.exe": "江民杀毒"
"RavMonD.exe": "瑞星杀毒"
"Mcshield.exe": "McAfee"
"Tbmon.exe": "McAfee"
"Frameworkservice.exe": "McAfee"
"egui.exe": "ESET NOD32"
"ekrn.exe": "ESET NOD32"
"eguiProxy.exe": "ESET NOD32"
"kxetray.exe": "金山毒霸"
"knsdtray.exe": "可牛杀毒"
"TMBMSRV.exe": "趋势杀毒"
"avcenter.exe": "Avira(小红伞)"
"avguard.exe": "Avira(小红伞)"
"avgnt.exe": "Avira(小红伞)"
"sched.exe": "Avira(小红伞)"
"ashDisp.exe": "Avast网络安全"
"rtvscan.exe": "诺顿杀毒"
"ccapp.exe": "SymantecNorton"
"NPFMntor.exe": "Norton杀毒软件"
"ccSetMgr.exe": "赛门铁克"
"ccRegVfy.exe": "Norton杀毒软件"
"ksafe.exe": "金山卫士"
"QQPCRTP.exe": "QQ电脑管家"
"avgwdsvc.exe": "AVG杀毒"
"QUHLPSVC.exe": "QUICK HEAL杀毒"
"mssecess.exe": "微软杀毒"
"SavProgress.exe": "Sophos杀毒"
"SophosUI.exe": "Sophos杀毒"
"SophosFS.exe": "Sophos杀毒"
"SophosHealth.exe": "Sophos杀毒"
"SophosSafestore64.exe": "Sophos杀毒"
"SophosCleanM.exe": "Sophos杀毒"
"fsavgui.exe": "F‐Secure杀毒"
"vsserv.exe": "比特梵德"
"remupd.exe": "熊猫卫士"
"FortiTray.exe": "飞塔"
"safedog.exe": "安全狗"
"parmor.exe": "木马克星"
"Iparmor.exe.exe": "木马克星"
"beikesan.exe": "贝壳云安全"
"KSWebShield.exe": "金山网盾"
"TrojanHunter.exe": "木马猎手"
"GG.exe": "巨盾网游安全盾"
"adam.exe": "绿鹰安全精灵"
"AST.exe": "超级巡警"
"ananwidget.exe": "墨者安全专家"
"AVK.exe": "AntiVirusKit"
"avg.exe": "AVG Anti‐Virus"
"spidernt.exe": "Dr.web"
"avgaurd.exe": "Avira Antivir"
"vsmon.exe": "Zone Alarm"
"cpf.exe": "Comodo"
"outpost.exe": "Outpost Firewall"
"rfwmain.exe": "瑞星防火墙"
"kpfwtray.exe": "金山网镖"
"FYFireWall.exe": "风云防火墙"
"MPMon.exe": "微点主动防御"
"pfw.exe": "天网防火墙"
"BaiduSdSvc.exe": "百度杀毒‐服务进程"
"BaiduSdTray.exe": "百度杀毒‐托盘进程"
"BaiduSd.exe": "百度杀毒‐主程序"
"SafeDogGuardCenter.exe": "安全狗"
"safedogupdatecenter.exe": "安全狗"
"safedogguardcenter.exe": "安全狗"
"SafeDogSiteIIS.exe": "安全狗"
"SafeDogTray.exe": "安全狗"
"SafeDogServerUI.exe": "安全狗"
"D_Safe_Manage.exe": "D盾"
"d_manage.exe": "D盾"
"yunsuo_agent_service.exe": "云锁"
"yunsuo_agent_daemon.exe": "云锁"
"HwsPanel.exe": "护卫神"
"hws_ui.exe": "护卫神"
"hws.exe": "护卫神"
"hwsd.exe": "护卫神"
"hipstray.exe": "火绒"
"wsctrl.exe": "火绒"
"usysdiag.exe": "火绒"
"SPHINX.exe": "SPHINX防火墙"
"bddownloader.exe": "百度卫士"
"baiduansvx.exe": "百度卫士‐主进程"
"AvastUI.exe": "Avast!5主程序"
"emet_agent.exe": "EMET"
"emet_service.exe": "EMET"
"firesvc.exe": "McAfee"
"firetray.exe": "McAfee"
"hipsvc.exe": "McAfee"
"mfevtps.exe": "McAfee"
"mcafeefire.exe": "McAfee"
"scan32.exe": "McAfee"
"shstat.exe": "McAfee"
"vstskmgr.exe": "McAfee"
"engineserver.exe": "McAfee"
"mfeann.exe": "McAfee"
"mcscript.exe": "McAfee"
"updaterui.exe": "McAfee"
"udaterui.exe": "McAfee"
"naprdmgr.exe": "McAfee"
"cleanup.exe": "McAfee"
"cmdagent.exe": "McAfee"
"frminst.exe": "McAfee"
"mcscript_inuse.exe": "McAfee"
"mctray.exe": "McAfee"
"_avp32.exe": "卡巴斯基"
"_avpcc.exe": "卡巴斯基"
"_avpm.exe": "卡巴斯基"
"aAvgApi.exe": "AVG"
"ackwin32.exe": "已知杀软进程名称暂未收录"
"alertsvc.exe": "Norton AntiVirus"
"alogserv.exe": "McAfee VirusScan"
"anti‐trojan.exe": "Anti‐Trojan Elite"
"arr.exe": "Application Request Route"
"atguard.exe": "AntiVir"
"atupdater.exe": "已知杀软进程名称暂未收录"
"atwatch.exe": "Mustek"
"au.exe": "NSIS"
"aupdate.exe": "Symantec"
"auto‐protect.nav80try.exe": "已知杀软进程名称暂未收录"
"autodown.exe": "AntiVirus AutoUpdater"
"avconsol.exe": "McAfee"
"avgcc32.exe": "AVG"
"avgctrl.exe": "AVG"
"avgemc.exe": "AVG"
"avgrsx.exe": "AVG"
"avgserv.exe": "AVG"
"avgserv9.exe": "AVG"
"avgw.exe": "AVG"
"avkpop.exe": "G DATA SOFTWARE AG"
"avkserv.exe": "G DATA SOFTWARE AG"
"avkservice.exe": "G DATA SOFTWARE AG"
"avkwctl9.exe": "G DATA SOFTWARE AG"
"avltmain.exe": "Panda Software Aplication"
"avnt.exe": "H+BEDV Datentechnik GmbH"
"avp32.exe": "Kaspersky Anti‐Virus"
"avpcc.exe": " Kaspersky AntiVirus"
"avpdos32.exe": " Kaspersky AntiVirus"
"avpm.exe": " Kaspersky AntiVirus"
"avptc32.exe": " Kaspersky AntiVirus"
"avpupd.exe": " Kaspersky AntiVirus"
"avsynmgr.exe": "McAfee"
"avwin.exe": " H+BEDV"
"bargains.exe": "Exact Advertising SpyWare"
"beagle.exe": "Avast"
"blackd.exe": "BlackICE"
"blackice.exe": "BlackICE"
"blink.exe": "micromedia"
"blss.exe": "CBlaster"
"bootwarn.exe": "Symantec"
"bpc.exe": "Grokster"
"brasil.exe": "Exact Advertising"
"ccevtmgr.exe": "Norton Internet Security"
"cdp.exe": "CyberLink Corp."
"cfd.exe": "Motive Communications"
"cfgwiz.exe": " Norton AntiVirus"
"claw95.exe": "已知杀软进程名称暂未收录"
"claw95cf.exe": "已知杀软进程名称暂未收录"
"clean.exe": "windows流氓软件清理大师"
"cleaner.exe": "windows流氓软件清理大师"
"cleaner3.exe": "windows流氓软件清理大师"
"cleanpc.exe": "windows流氓软件清理大师"
"cpd.exe": "McAfee"
"ctrl.exe": "已知杀软进程名称暂未收录"
"cv.exe": "已知杀软进程名称暂未收录"
"defalert.exe": "Symantec"
"defscangui.exe": "Symantec"
"defwatch.exe": "Norton Antivirus"
"doors.exe": "已知杀软进程名称暂未收录"
"dpf.exe": "已知杀软进程名称暂未收录"
"dpps2.exe": "PanicWare"
"dssagent.exe": "Broderbund"
"ecengine.exe": "已知杀软进程名称暂未收录"
"emsw.exe": "Alset Inc"
"ent.exe": "已知杀软进程名称暂未收录"
"espwatch.exe": "已知杀软进程名称暂未收录"
"ethereal.exe": "RationalClearCase"
"exe.avxw.exe": "已知杀软进程名称暂未收录"
"expert.exe": "已知杀软进程名称暂未收录"
"f‐prot95.exe": "已知杀软进程名称暂未收录"
"fameh32.exe": "F‐Secure"
"fast.exe": " FastUsr"
"fch32.exe": "F‐Secure"
"fih32.exe": "F‐Secure"
"findviru.exe": "F‐Secure"
"firewall.exe": "AshampooSoftware"
"fnrb32.exe": "F‐Secure"
"fp‐win.exe": " F‐Prot Antivirus OnDemand"
"fsaa.exe": "F‐Secure"
"fsav.exe": "F‐Secure"
"fsav32.exe": "F‐Secure"
"fsav530stbyb.exe": "F‐Secure"
"fsav530wtbyb.exe": "F‐Secure"
"fsav95.exe": "F‐Secure"
"fsgk32.exe": "F‐Secure"
"fsm32.exe": "F‐Secure"
"fsma32.exe": "F‐Secure"
"fsmb32.exe": "F‐Secure"
"gbmenu.exe": "已知杀软进程名称暂未收录"
"guard.exe": "ewido"
"guarddog.exe": "ewido"
"htlog.exe": "已知杀软进程名称暂未收录"
"htpatch.exe": "Silicon Integrated Systems Corporation"
"hwpe.exe": "已知杀软进程名称暂未收录"
"iamapp.exe": "Symantec"
"iamserv.exe": "Symantec"
"iamstats.exe": "Symantec"
"iedriver.exe": " Urlblaze.com"
"iface.exe": "Panda Antivirus Module"
"infus.exe": "Infus Dialer"
"infwin.exe": "Msviewparasite"
"intdel.exe": "Inet Delivery"
"intren.exe": "已知杀软进程名称暂未收录"
"jammer.exe": "已知杀软进程名称暂未收录"
"kavpf.exe": "Kapersky"
"kazza.exe": "Kapersky"
"keenvalue.exe": "EUNIVERSE INC"
"launcher.exe": "Intercort Systems"
"ldpro.exe": "已知杀软进程名称暂未收录"
"ldscan.exe": "Windows Trojans Inspector"
"localnet.exe": "已知杀软进程名称暂未收录"
"luall.exe": "Symantec"
"luau.exe": "Symantec"
"lucomserver.exe": "Norton"
"mcagent.exe": "McAfee"
"mcmnhdlr.exe": "McAfee"
"mctool.exe": "McAfee"
"mcupdate.exe": "McAfee"
"mcvsrte.exe": "McAfee"
"mcvsshld.exe": "McAfee"
"mfin32.exe": "MyFreeInternetUpdate"
"mfw2en.exe": "MyFreeInternetUpdate"
"mfweng3.02d30.exe": "MyFreeInternetUpdate"
"mgavrtcl.exe": "McAfee"
"mgavrte.exe": "McAfee"
"mghtml.exe": "McAfee"
"mgui.exe": "BullGuard"
"minilog.exe": "Zone Labs Inc"
"mmod.exe": "EzulaInc"
"mostat.exe": "WurldMediaInc"
"mpfagent.exe": "McAfee"
"mpfservice.exe": "McAfee"
"mpftray.exe": "McAfee"
"mscache.exe": "Integrated Search Technologies Spyware"
"mscman.exe": "OdysseusMarketingInc"
"msmgt.exe": "Total Velocity Spyware"
"msvxd.exe": "W32/Datom‐A"
"mwatch.exe": "已知杀软进程名称暂未收录"
"nav.exe": "Reuters Limited"
"navapsvc.exe": "Norton AntiVirus"
"navapw32.exe": "Norton AntiVirus"
"navw32.exe": "Norton Antivirus"
"ndd32.exe": "诺顿磁盘医生"
"neowatchlog.exe": "已知杀软进程名称暂未收录"
"netutils.exe": "已知杀软进程名称暂未收录"
"nisserv.exe": "Norton"
"nisum.exe": "Norton"
"nmain.exe": "Norton"
"nod32.exe": "ESET Smart Security"
"norton_internet_secu_3.0_407.exe": "已知杀软进程名称暂未收录"
"notstart.exe": "已知杀软进程名称暂未收录"
"nprotect.exe": "Symantec"
"npscheck.exe": "Norton"
"npssvc.exe": "Norton"
"ntrtscan.exe": "趋势反病毒应用程序"
"nui.exe": "已知杀软进程名称暂未收录"
"otfix.exe": "已知杀软进程名称暂未收录"
"outpostinstall.exe": "Outpost"
"patch.exe": "趋势科技"
"pavw.exe": "已知杀软进程名称暂未收录"
"pcscan.exe": "趋势科技"
"pdsetup.exe": "已知杀软进程名称暂未收录"
"persfw.exe": "Tiny Personal Firewall"
"pgmonitr.exe": "PromulGate SpyWare"
"pingscan.exe": "已知杀软进程名称暂未收录"
"platin.exe": "已知杀软进程名称暂未收录"
"pop3trap.exe": "PC‐cillin"
"poproxy.exe": "NortonAntiVirus"
"popscan.exe": "已知杀软进程名称暂未收录"
"powerscan.exe": "Integrated Search Technologies"
"ppinupdt.exe": "已知杀软进程名称暂未收录"
"pptbc.exe": "已知杀软进程名称暂未收录"
"ppvstop.exe": "已知杀软进程名称暂未收录"
"prizesurfer.exe": "Prizesurfer"
"prmt.exe": "OpiStat"
"prmvr.exe": "Adtomi"
"processmonitor.exe": "Sysinternals"
"proport.exe": "已知杀软进程名称暂未收录"
"protectx.exe": "ProtectX"
"pspf.exe": "已知杀软进程名称暂未收录"
"purge.exe": "已知杀软进程名称暂未收录"
"qconsole.exe": "Norton AntiVirus Quarantine Console"
"qserver.exe": "Norton Internet Security"
"rapapp.exe": "BlackICE"
"rb32.exe": "RapidBlaster"
"rcsync.exe": "PrizeSurfer"
"realmon.exe": "Realmon "
"rescue.exe": "已知杀软进程名称暂未收录"
"rescue32.exe": "卡巴斯基互联网安全套装"
"rshell.exe": "已知杀软进程名称暂未收录"
"rtvscn95.exe": "Real‐time virus scanner "
"rulaunch.exe": "McAfee User Interface"
"run32dll.exe": "PAL PC Spy"
"safeweb.exe": "PSafe Tecnologia"
"sbserv.exe": "Norton Antivirus"
"scrscan.exe": "360杀毒"
"sfc.exe": "System file checker"
"sh.exe": "MKS Toolkit for Win3"
"showbehind.exe": "MicroSmarts Enterprise Component "
"soap.exe": "System Soap Pro"
"sofi.exe": "已知杀软进程名称暂未收录"
"sperm.exe": "已知杀软进程名称暂未收录"
"supporter5.exe": "eScorcher反病毒"
"symproxysvc.exe": "Symantec"
"symtray.exe": "Symantec"
"tbscan.exe": "ThunderBYTE"
"tc.exe": "TimeCalende"
"titanin.exe": "TitanHide"
"tvmd.exe": "Total Velocity"
"tvtmd.exe": " Total Velocity"
"vettray.exe": "eTrust"
"vir‐help.exe": "已知杀软进程名称暂未收录"
"vnpc3000.exe": "已知杀软进程名称暂未收录"
"vpc32.exe": "Symantec"
"vpc42.exe": "Symantec"
"vshwin32.exe": "McAfee"
"vsmain.exe": "McAfee"
"vsstat.exe": "McAfee"
"wfindv32.exe": "已知杀软进程名称暂未收录"
"zapro.exe": "Zone Alarm"
"zonealarm.exe": "Zone Alarm"
"AVPM.exe": "Kaspersky"
"A2CMD.exe": "Emsisoft Anti‐Malware"
"A2SERVICE.exe": "a‐squared free"
"A2FREE.exe": "a‐squared Free"
"ADVCHK.exe": "Norton AntiVirus"
"AGB.exe": "安天防线"
"AHPROCMONSERVER.exe": "安天防线"
"AIRDEFENSE.exe": "AirDefense"
"ALERTSVC.exe": "Norton AntiVirus"
"AVIRA.exe": "小红伞杀毒"
"AMON.exe": "Tiny Personal Firewall"
"AVZ.exe": "AVZ"
"ANTIVIR.exe": "已知杀软进程名称暂未收录"
"APVXDWIN.exe": "熊猫卫士"
"ASHMAISV.exe": "Alwil"
"ASHSERV.exe": "Avast Anti‐virus"
"ASHSIMPL.exe": "AVAST!VirusCleaner"
"ASHWEBSV.exe": "Avast"
"ASWUPDSV.exe": "Avast"
"ASWSCAN.exe": "Avast"
"AVCIMAN.exe": "熊猫卫士"
"AVCONSOL.exe": "McAfee"
"AVENGINE.exe": "熊猫卫士"
"AVESVC.exe": "Avira AntiVir Security Service"
"AVEVL32.exe": "已知杀软进程名称暂未收录"
"AVGAM.exe": "AVG"
"AVGCC.exe": "AVG"
"AVGCHSVX.exe": "AVG"
"AVGCSRVX": "AVG"
"AVGNSX.exe": "AVG"
"AVGCC32.exe": "AVG"
"AVGCTRL.exe": "AVG"
"AVGEMC.exe": "AVG"
"AVGFWSRV.exe": "AVG"
"AVGNTMGR.exe": "AVG"
"AVGSERV.exe": "AVG"
"AVGTRAY.exe": "AVG"
"AVGUPSVC.exe": "AVG"
"AVINITNT.exe": "Command AntiVirus for NT Server"
"AVPCC.exe": "Kaspersky"
"AVSERVER.exe": "Kerio MailServer"
"AVSCHED32.exe": "H+BEDV"
"AVSYNMGR.exe": "McAfee"
"AVWUPSRV.exe": "H+BEDV"
"BDSWITCH.exe": "BitDefender Module"
"BLACKD.exe": "BlackICE"
"CCEVTMGR.exe": "Symantec"
"CFP.exe": "COMODO"
"CLAMWIN.exe": "ClamWin Portable"
"CUREIT.exe": "DrWeb CureIT"
"DEFWATCH.exe": "Norton Antivirus"
"DRWADINS.exe": "Dr.Web"
"DRWEB.exe": "Dr.Web"
"DEFENDERDAEMON.exe": "ShadowDefender"
"EWIDOCTRL.exe": "Ewido Security Suite"
"EZANTIVIRUSREGISTRATIONCHECK.exe": "e‐Trust Antivirus"
"FIREWALL.exe": "AshampooSoftware"
"FPROTTRAY.exe": "F‐PROT Antivirus"
"FPWIN.exe": "Verizon"
"FRESHCLAM.exe": "ClamAV"
"FSAV32.exe": "F‐Secure"
"FSBWSYS.exe": "F‐secure"
"FSDFWD.exe": "F‐Secure"
"FSGK32.exe": "F‐Secure"
"FSGK32ST.exe": "F‐Secure"
"FSMA32.exe": "F‐Secure"
"FSMB32.exe": "F‐Secure"
"FSSM32.exe": "F‐Secure"
"GUARDGUI.exe": "网游保镖"
"GUARDNT.exe": "IKARUS"
"IAMAPP.exe": "Symantec"
"INOCIT.exe": "eTrust"
"INORPC.exe": "eTrust"
"INORT.exe": "eTrust"
"INOTASK.exe": "eTrust"
"INOUPTNG.exe": "eTrust"
"ISAFE.exe": "eTrust"
"KAV.exe": "Kaspersky"
"KAVMM.exe": "Kaspersky"
"KAVPF.exe": "Kaspersky"
"KAVPFW.exe": "Kaspersky"
"KAVSTART.exe": "Kaspersky"
"KAVSVC.exe": "Kaspersky"
"KAVSVCUI.exe": "Kaspersky"
"KMAILMON.exe": "金山毒霸"
"MCAGENT.exe": "McAfee"
"MCMNHDLR.exe": "McAfee"
"MCREGWIZ.exe": "McAfee"
"MCUPDATE.exe": "McAfee"
"MCVSSHLD.exe": "McAfee"
"MINILOG.exe": "Zone Alarm"
"MYAGTSVC.exe": "McAfee"
"MYAGTTRY.exe": "McAfee"
"NAVAPSVC.exe": "Norton"
"NAVAPW32.exe": "Norton"
"NAVLU32.exe": "Norton"
"NAVW32.exe": "Norton Antivirus"
"NEOWATCHLOG.exe": "NeoWatch"
"NEOWATCHTRAY.exe": "NeoWatch"
"NISSERV.exe": "Norton"
"NISUM.exe": "Norton"
"NMAIN.exe": "Norton"
"NOD32.exe": "ESET NOD32"
"NPFMSG.exe": "Norman个人防火墙"
"NPROTECT.exe": "Symantec"
"NSMDTR.exe": "Norton"
"NTRTSCAN.exe": "趋势科技"
"OFCPFWSVC.exe": "OfficeScanNT"
"ONLINENT.exe": "已知杀软进程名称暂未收录"
"OP_MON.exe": " OutpostFirewall"
"PAVFIRES.exe": "熊猫卫士"
"PAVFNSVR.exe": "熊猫卫士"
"PAVKRE.exe": "熊猫卫士"
"PAVPROT.exe": "熊猫卫士"
"PAVPROXY.exe": "熊猫卫士"
"PAVPRSRV.exe": "熊猫卫士"
"PAVSRV51.exe": "熊猫卫士"
"PAVSS.exe": "熊猫卫士"
"PCCGUIDE.exe": "PC‐cillin"
"PCCIOMON.exe": "PC‐cillin"
"PCCNTMON.exe": "PC‐cillin"
"PCCPFW.exe": "趋势科技"
"PCCTLCOM.exe": "趋势科技"
"PCTAV.exe": "PC Tools AntiVirus"
"PERSFW.exe": "Tiny Personal Firewall"
"PERVAC.exe": "已知杀软进程名称暂未收录"
"PESTPATROL.exe": "Ikarus"
"PREVSRV.exe": "熊猫卫士"
"RTVSCN95.exe": "Real‐time Virus Scanner"
"SAVADMINSERVICE.exe": "SAV"
"SAVMAIN.exe": "SAV"
"SAVSCAN.exe": "SAV"
"SDHELP.exe": "Spyware Doctor"
"SHSTAT.exe": "McAfee"
"SPBBCSVC.exe": "Symantec"
"SPIDERCPL.exe": "Dr.Web"
"SPIDERML.exe": "Dr.Web"
"SPIDERUI.exe": "Dr.Web"
"SPYBOTSD.exe": "Spybot "
"SWAGENT.exe": "SonicWALL"
"SWDOCTOR.exe": "SonicWALL"
"SWNETSUP.exe": "Sophos"
"SYMLCSVC.exe": "Symantec"
"SYMPROXYSVC.exe": "Symantec"
"SYMSPORT.exe": "Sysmantec"
"SYMWSC.exe": "Sysmantec"
"SYNMGR.exe": "Sysmantec"
"TMLISTEN.exe": "趋势科技"
"TMNTSRV.exe": "趋势科技"
"TMPROXY.exe": "趋势科技"
"TNBUTIL.exe": "Anti‐Virus"
"VBA32ECM.exe": "已知杀软进程名称暂未收录"
"VBA32IFS.exe": "已知杀软进程名称暂未收录"
"VBA32PP3.exe": "已知杀软进程名称暂未收录"
"VCRMON.exe": "VirusChaser"
"VRMONNT.exe": "HAURI"
"VRMONSVC.exe": "HAURI"
"VSHWIN32.exe": "McAfee"
"VSSTAT.exe": "McAfee"
"XCOMMSVR.exe": "BitDefender"
"ZONEALARM.exe": "Zone Alarm"
"360rp.exe": "360杀毒"
"afwServ.exe": " Avast Antivirus "
"safeboxTray.exe": "360杀毒"
"360safebox.exe": "360杀毒"
"QQPCTray.exe": "QQ电脑管家"
"KSafeTray.exe": "金山毒霸"
"KSafeSvc.exe": "金山毒霸"
"KWatch.exe": "金山毒霸"
"gov_defence_service.exe": "云锁"
"gov_defence_daemon.exe": "云锁"
"smartscreen.exe": "Windows Defender" }
自动收集bat
自建bat脚本
echo 表示显示此命令后的字符
echo off 表示在此语句后所有运行的命令都不显示命令行本身
@与echo off相象,但它是加在每个命令行的最前面,表示运行时不显示这一行的命令行(只能影响当前行)。
call 调用另一个批处理文件(如果不用call而直接调用别的批处理文件,那么执行完那个批处理文件后将无法返回当前文件并执行当前文件的后续命令)。
pause 运行此句会暂停批处理的执行并在屏幕上显示Press any key to continue...的提示,等待用户按任意键后继续
rem 表示此命令后的字符为解释行(注释),不执行,只是给自己今后参考用的(相当于程序中的注释)。
@echo off 不显示后续命令行及当前命令行 dir c:\*.* >a.txt 将c盘文件列表写入a.txt call c:\ucdos\ucdos.bat 调用ucdos echo 你好 显示"你好" pause 暂停,等待按键继续 rem 准备运行wps 注释:准备运行wps cd ucdos 进入ucdos目录 wps 运行wps echo 123 >1.txt 输出123到1.txt echo 456 >>1.txt 追加456到1.txt
@echo off echo ############################## >>1.txt ipconfig >>1.txt echo ############################## >>1.txt systeminfo | findstr /B /C:"OS Name" /C:"OS Version" >>1.txt systeminfo| findstr /B /C:"OS 名称" /C:"OS 版本" >>1.txt echo ############################## >>1.txt echo %PROCESSOR_ARCHITECTURE% >>1.txt
自动信息收集就是将之前讲的命令写成bat脚本运行,省去了我们手工的麻烦
其他脚本
for /f "delims=" %%A in ('dir /s /b %WINDIR%\system32\*htable.xsl') do set
"var=%%A"
wmic process get CSName,Description,ExecutablePath,ProcessId /format:"%var%" >>
out.html
wmic service get Caption,Name,PathName,ServiceType,Started,StartMode,StartName
/format:"%var%" >> out.html
wmic USERACCOUNT list full /format:"%var%" >> out.html
wmic group list full /format:"%var%" >> out.html
wmic nicconfig where IPEnabled='true' get
Caption,DefaultIPGateway,Description,DHCPEnabled,DHCPServer,IPAddress,IPSubnet,M
ACAddress /format:"%var%" >> out.html
wmic volume get Label,DeviceID,DriveLetter,FileSystem,Capacity,FreeSpace
/format:"%var%" >> out.html
wmic netuse list full /format:"%var%" >> out.html
wmic qfe get Caption,Description,HotFixID,InstalledOn /format:"%var%" >>
out.html
wmic startup get Caption,Command,Location,User /format:"%var%" >> out.html
wmic PRODUCT get
Description,InstallDate,InstallLocation,PackageCache,Vendor,Version
/format:"%var%" >> out.html
wmic os get
name,version,InstallDate,LastBootUpTime,LocalDateTime,Manufacturer,RegisteredUse
r,ServicePackMajorVersion,SystemDirectory /format:"%var%" >> out.html
wmic Timezone get DaylightName,Description,StandardName /format:"%var%" >>
out.html
扫一扫
1529
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
