Win32 Classes (Windows)

Windows Post Exploitation Cmdlets Execution (PowerShell)

Presence

This section focuses on information gathering about the victim host and the network that it’s attached to.

System

shows-all-current-environmental-variables-macos

WMI

Networking

Users

Configs

Finding important files

Files to pull

Remote system access

Software

Auto­Start directories


Persistance

This section focuses on gaining a foothold to re­gain, or re­obtain access to a system through means of authentication, backdoors, etc..

Download

Compress or expand ZIP archive

Reg command exit

Deleting logs

Uninstalling software „Antivirus“

Invasive or altering commands

Adquisición de datos volátiles

Cmdlets for TCP/IP Model Layers

Cmdlets for TCP/IP Model Layers
The architecture of the TCP/IP protocol suite by Microsoft (https://technet.microsoft.com/en-us/library/bb726993.aspx)

 

Layer 1. Network Interface Layer

Hardware information of the network adapter


Returns all physical network adapters


Networking statistics from the network adapter. The statistics include broadcast, multicast, discards, and errors

 

Layer 2. Internet Layer

MAC (Media Access Control)

Get the current MAC


Neighbor cache entries (The neighbor cache maintains information for each on-link neighbor, including the IP address and the associated link-layer address. In IPv4, the neighbor cache is commonly known as the Address Resolution Protocol (ARP) cache)

 

IP (Internet Protocol)

Get the current IP address


IP version supported by the network adapter


Information about IP version


Assign a static IP address


IP route information from the IP routing table

 

NAT (Network Address Translation)

Information about NAT

 

Firewall

Information about firewall

 

ICMP (Internet Control Message Protocol)

Sends ICMP echo request packets („pings“) to one or more computers

 

Layer 3. Transport Layer

TCP (Transmission Control Protocol)

Settings


Gets information about current connection statistics


Ports

 

UDP (User Datagram Protocol)

Settings


Gets information about current connection statistics


Ports

 

Layer 4. Application Layer

HTTP/HTTPS (Hypertext Transfer Protocol/Hypertext Transfer Protocol Secure)

Information about HTTP/HTTPS

 

Proxy

Information about proxy

 

DNS (Domain Name System)

Information about DNS


Performs a DNS name resolution for the specified name


Resolves a host name or IP address to an IPHostEntry instance


Clears the contents of the DNS client cache


Clears resource records from a cache on the DNS server

 

FTP (File Transfer Protocol)

Upload file using FTP

 

SMTP (Simple Mail Transfer Protocol)

Send an email

Cmdlets relacionados con tareas básicas y de administración en el sistema operativo Windows

  • Gestión del hardware
  • Gestión de archivos
  • Agregar/Eliminar software
  • Actualizar
  • Gestión de procesos
  • Programación de tareas
  • Gestión de usuarios
  • Gestión del almacenamiento
  • Gestión de la red
  • Copias de seguridad
  • Reparación del sistema
  • Rendimiento del sistema

Gestión del hardware

Ejemplos


Gestión de archivos

Ejemplos

 

Agregar/Eliminar software

Ejemplos

 

Actualizar

Ejemplos

 

Gestión de procesos

Ejemplos

 

Programación de tareas

Ejemplos

 

Gestión de usuarios

 

Gestión del almacenamiento

Ejemplos

 

Gestión de la red

Ejemplos

 

Copias de seguridad

 

Reparación del sistema

Ejemplos

 

Rendimiento del sistema

Ejemplos

Obtener información de los equipos de una red: direcciones, velocidad y más información

 

Network Adapter: Speed and MAC Address (using WMI)

 

Find MAC Address

PowerShell 5.0

List computers using net view, compare the MAC and search in the Public MA-L Listing