Post Exploitation in Windows using dir Command

In this article, we will learn how to use Windows Command Line Command “dir”. We will also learn to extract files, get information about Number of files of a particular extension and much more using the Metasploit framework. 

dir Command: It displays a list of a directory’s files and subdirectories.

Syntax

dir [<Drive>:] [<Path>] [<FileName>] [/p] [/q] [/a [[:] <Attributes>]] [/s] [/b]

  1. [/p]: Displays one screen of the listing at a time.
  2. [/q]: Displays file ownership information.
  3. [/s]: Lists every occurrence of the specified file name within the specified directory and all subdirectories.
  4. [/b]: Displays a bare list of directories and files, with no additional information.
  5. [/a]: Attributes (Additional Options).

It is usually attached with options such as

  • [/ad]:  Directories
  • [/ah]:  Hidden files
  • [/as]:  System files
  • [/a-attribute]: Not (It is used when opposite of the attribute is to be obtained)

Now to use dir for Post Exploitation, we will need an Administrator Privileged shell. This can be found here.

We will use different combinations of the attributes and parameters to extract data from the victim’s system.

Find Directories using a search string

Here, we are using the following options with dir command:

  • [/b] to get a bare search,
  • [/s] to get a verbose result,
  • [/ad] to get the list of directories,

Containing string *sales* in their name.

Syntax: dir /b /s /ad [directory]\*string*

Find the Number of Files/Directories in a Directory

If we need the Number of files, i.e. no. of files we have to add find command by piping [|] it with dir.

Here [/b] to get a bare search and [/c] switch tells the find tool to Number how many lines contain our search terms, and [/v] switch will show any lines that don’t contain the string of words which we have specified in this case “”. As a file name can be nothing (“”) so it will Number all the file names.

Here, we are using

Above command return number of files in the Directory, we are currently in. In my case, it returns 22, which means the victim has 22 files in his D:\ directory.

Find the Number of files

Here, we are using

[/ad] is for Directories.

[-] is used as NOT so [/a-d] is for not directories i.e. files

Also, find /c /v “” is used to get the Number. From given below image we can observe here it found 5 files inside the sales folder.

Find the Number of Directories

Syntax: dir /b /s /ad [directory]\*string* | find /c /v “”

Here we need to get the Number of directories named *sales* It can be anything mentioned in *string*.

[/ad] is for Directories

Here find /c /v ”” is used to get a Number and from given below image we can observe here it found 5 subdirectories inside sales folder.

Find Files of a Particular Extension

In the given example, I searched for .xlsx files which are MS-Excel Files, but we can use it for an extension file like pdf, png, exe, docs etc.

Syntax: dir /b /s [directory]\*extension*

From given below image we can read the name of excel files inside D: drive.

Find the Number of Files of a particular Extension

If we add find /c /v”” we will get the Number of files of a particular extension as shown below.

 From given below image we can observe here it found 4 excel files inside D: drive.

Find the Number of Hidden Files/Directories

To get hidden files we will use the attribute [/ah].

And when combined with find /c /v “”, we will get the Number of the hidden files/directories in the given directory as shown below.

Syntax: dir /b /ah [directory] | find /c /v “”

From given below image we can observe here it found 3 hidden files inside D: drive.

Find the Hidden Files/Directories in a Directory

To view the Hidden Files in the given directory we will use attribute [/ah] with [/b] to get a bare result of the hidden files.

Syntax: dir /b /ah [directory]

From given below image we can read the name of hidden files inside D: drive.

 

Find the System Files Stored in a Directory

To get the System Files we will use another attribute which is [/as], combined with [/b] it will give the names of the system files stored in the given directory.

From given below image we can read the name of system files inside D: drive.

Author: Pavandeep Singh is An Ethical HackerCyber Security Expert, Penetration Tester, India. Contact here

Leave a Reply

Your email address will not be published. Required fields are marked *