Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Ron/command line options

From: mike <dmciscobgp () hotmail com>
Date: Sun, 11 Oct 2009 19:35:11 +0000

Ron/all:
 
this is in response to you needing some command line options in windows for use in your PSutils-like script for SMB 
extraction
 
to query all running/available services of the remote user, you could run " sc queryex" (sc being the interface to the 
service control manager)
 
you could also try the netsh (netshell) suite of commands to pull many things related to the routing and interface 
configurations of windows machines (RRAS must be running to pull up alot of these statistics)
here is an example of one without RRAS needed:
 
-------------------------------------------------------------------
netsh int ip c (c is config)
 
Configuration for "Local Area Connection"
DHCP Enable: Yes
InterfaceMetric: 0
DNS Servers configured through DHCP: None
WINS Servers configured through DHCP: None
Register with which suffix: Primary Only
-------------------------------------------------------------------
the use of a remote netsh query would come in really handy when you wanted to pull up routing info from every interface 
that you normally would not be able to do with a portscan (for instance, checking for OSPF/RIP activity in detail
 
 
something i did want to mention in all of this. if all you are trying to do is load up a PSutility-type script with a 
bunch of different ways to extract info from a user, and since your script has the ability to install a remote service 
through the SVCTL and WINREG named pipes (pwpasswd/etc for registry key /hash extractions), why would you not just 
remotely install an SNMP server that can provide you with all that you are after and more!? heck, you could even have 
uploaded the one that comes with most windows machines already available. if the agent offers MIBs for HOST, then you 
could easily dump EVERYTHING....shares, users, every program installed, paths, interfaces, route tables, etc
 
it just seems to me that if i was after what you are trying to pursue, i would go that route. i don't code, i am simply 
a network knowledgable guy, so hats off to what you have already done so far, but my idea i think would be far easier 
with better results
 
thank you
 
m|ke

 

 
                                          
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141664/direct/01/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: