How To Use systeminfo.exe
I am a firm believer that having a solid understanding of how "normal" tools operate is just as useful as understanding the latest security/pentesting application. When we use systeminfo and, let's say we are able to grab system info from a different machine on the network. We learn not only the valuable specs of another target, but the fact that the new target has an RPC server enabled, potentially a firewall rule allowing RPC. We can speculate even further that if the admin of the target machines allowed RPC through firewall there is a chance that they have allowed something else through.
Not only this with the specs of the new target we can begin researching avenues of new exploitation.
These inferences were reached through the use of a default windows application. Awesome!
In this article we are going to learn typical usage of systeminfo.exe followed by some interesting ways to manipulate your command line to streamline your enumerating.
For your benefit article is broken into two parts.
-Part 1: Basic Usage
-Part 2: Power Usage
-Part 3: Security Function
Part 1:Basic Usage
Syntax:
systeminfo [/s <computer> [/u <domain>\<username> [/p <password>]]] [/fo {TABLE | LIST | CSV}] [/nh]
show available commands and usage example
#systeminfo /?
In the above image you can see that the default commands are referring primarily to remote connections and the display of retrieved data.
If in the terminal we just type
#systeminfo
you will be shown everything. The default is showing you data on the machine to which you are running the command.
#systeminfo /FO LIST
will present everything in a list format. Which is very nice too look at.
#systeminfo /FO CSV > systemStuff.csv
allows us to output the csv content to a CSV file
In this image here we can see the CSV content when opened in notepad.exe
Part 2: Power Usage
If we go back and look a the /FO LIST we can see headings for the subject matter we are looking at. When enumerating a target, you may not actually want all the information. If in fact all you want is some key information you can search filter your command line for the content you want specifically.
In the image below we are looking for the "OS Name" and "System Type"
Below you can see that we go further and put the filtered content into a text file.
Part 3: Security Function
Now I feel like I need to be careful, because I could put this section in after every time I talk about any utility. I firmly believe that understanding default utilities, what they are, what they are use for, what their output is under normal circumstances, is critical skills for the security professional. In fact default utilities should be counted amongst our go-to tools in our tool box.
Look at the systeminfo tool. A rather simple tool. Honestly all one needs to do is type systeminfo in the terminal and voila you have used it. You could skip all the fancy switches and just go for the basic usage.
It is the simplicity of systeinfo that makes it's functionality so powerful. Just the basic function of the tool provides one with ALL the information about a system.
Put on your black hat. How can you exploit a machine? Well, in order to do that you need information about the machine you are exploiting. Patch levels, OS version, last update, etc. All this information is useful when you want to escalate your privileges or even potentially pivot to another target on the network.
Thanks for reading, simple elegant tools such as systeminfo.exe are ones we should definitely have in our toolboxes and bring out when we need it.
Reference:
