Nmap Development mailing list archives
RE: Ron/command line options
From: mike <dmciscobgp () hotmail com>
Date: Sun, 11 Oct 2009 19:35:11 +0000
Ron/all: this is in response to you needing some command line options in windows for use in your PSutils-like script for SMB extraction to query all running/available services of the remote user, you could run " sc queryex" (sc being the interface to the service control manager) you could also try the netsh (netshell) suite of commands to pull many things related to the routing and interface configurations of windows machines (RRAS must be running to pull up alot of these statistics) here is an example of one without RRAS needed: ------------------------------------------------------------------- netsh int ip c (c is config) Configuration for "Local Area Connection" DHCP Enable: Yes InterfaceMetric: 0 DNS Servers configured through DHCP: None WINS Servers configured through DHCP: None Register with which suffix: Primary Only ------------------------------------------------------------------- the use of a remote netsh query would come in really handy when you wanted to pull up routing info from every interface that you normally would not be able to do with a portscan (for instance, checking for OSPF/RIP activity in detail something i did want to mention in all of this. if all you are trying to do is load up a PSutility-type script with a bunch of different ways to extract info from a user, and since your script has the ability to install a remote service through the SVCTL and WINREG named pipes (pwpasswd/etc for registry key /hash extractions), why would you not just remotely install an SNMP server that can provide you with all that you are after and more!? heck, you could even have uploaded the one that comes with most windows machines already available. if the agent offers MIBs for HOST, then you could easily dump EVERYTHING....shares, users, every program installed, paths, interfaces, route tables, etc it just seems to me that if i was after what you are trying to pursue, i would go that route. i don't code, i am simply a network knowledgable guy, so hats off to what you have already done so far, but my idea i think would be far easier with better results thank you m|ke _________________________________________________________________ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141664/direct/01/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- RE: Ron/command line options mike (Oct 11)
- Re: Ron/command line options Ron (Oct 11)