Post Exploitation in Windows using dir Command

In this article you will learn how to use Windows Command Line Command “dir” and extract files, get information about Number of files of a particular extension and much more using Metasploit framework. 

dir Command: It displays a list of a directory’s files and subdirectories.

Syntax

dir [<Drive>:] [<Path>] [<FileName>] [/p] [/q] [/a [[:] <Attributes>]] [/s] [/b]

  1. [/p]: Displays one screen of the listing at a time.
  2. [/q]: Displays file ownership information.
  3. [/s]: Lists every occurrence of the specified file name within the specified directory and all subdirectories.
  4. [/b]: Displays a bare list of directories and files, with no additional information.
  5. [/a]: Attributes (Additional Options).

It is usually attached with options such as

  • [/ad]:  Directories
  • [/ah]:  Hidden files
  • [/as]:  System files
  • [/a-attribute]: Not (It is used when opposite of the attribute is to be obtained)

Now to use dir for Post Exploitation, we will need an Administrator Privileged shell, which can be found here.

Now we will use different combinations of the attributes and parameters to extract data from victim’s system.

Find Directories using a search string

Here, we are using following options with dir command:

  • [/b] to get a bare search,
  • [/s] to get a verbose result,
  • [/ad] to get the list of directories,

Containing string *sales* in their name.

Syntax: dir /b /s /ad [directory]\*string*

Example:  dir /b /s /ad d:\*sales*

Find the Number of Files/Directories in a Directory

If we need the Number of files, i.e. no. of files we have to add find command by piping [|] it with dir.

 Example: dir /b | find /c /v “”

Here [/b] to get a bare search and [/c] switch tells the find tool to Number how many lines contain your search terms, and [/v] switch will show any lines that don’t contain the string of words which you have specified in this case “”. As a file name cannot be nothing (“”) so it will Number all the file names.

Here, we are using

Above command return number of files in the Directory you are currently in. In my case it returns 22, which means victim has 22 files in his D:\ directory.

Find the Number of files

Here, we are using

Example: dir /b /s /a-d d:\*sales* | find /c /v “”

[/ad] is for Directories.

[-] is used as NOT so [/a-d] is for not directories i.e. files

Also find /c /v “” is used to get the Number. From given below image you can observe here it found 5 files inside sales folder.

Find the Number of Directories

Syntax: dir /b /s /ad [directory]\*string* | find /c /v “”

Example: dir /b /s /ad d:\*sales* | find /c /v ””

Here we need to get the Number of directories named *sales* It can be anything mentioned in *string*.

[/ad] is for Directories

Here find /c /v ”” is used to get a Number and from given below image you can observe here it found 5 subdirectories inside sales folder.

Find Files of a Particular Extension

In the given example, I searched for .xlsx files which are MS-Excel Files, but we can use it for any extension file like pdf, png, exe, docs etc.

Syntax: dir /b /s [directory]\*extension*

Example: dir /b /s d:\*.xlsx*

From given below image you can read name of excel files inside D: drive.

Find the Number of Files of a particular Extension

If we add find /c /v”” we will get the Number of files of a particular extension as shown below.

Example: dir /b /s d:\*.xlsx* | find /c /v “”

 From given below image you can observe here it found 4 excel files inside D: drive.

Find the Number of Hidden Files/Directories

To get hidden files we will use the attribute [/ah].

And when combined with find /c /v “”, we will get the Number of the hidden files/directories in the given directory as shown below.

Syntax: dir /b /ah [directory] | find /c /v “”

Example: dir /b /ah d:\ | find /c /v “”

From given below image you can observe here it found 3 hidden files inside D: drive.

Find the Hidden Files/Directories in a Directory

To view the Hidden Files in the give directory we will use attribute [/ah] with [/b] to get a bare result of the hidden files.

Syntax: dir /b /ah [directory]

Example: dir /b /ah d:\

From given below image you can read name of hidden files inside D: drive.

 

Find the System Files Stored in a Directory

To get the System Files we will use another attribute which is [/as], combined with [/b] it will give the names of the system files stored in the given directory.

Example: dir /b /as d:\

From given below image you can read name of system files inside D: drive.

Author: Pavandeep Singh is An Ethical HackerCyber Security Expert, Penetration Tester, India. Contact here

Leave a Reply

Your email address will not be published. Required fields are marked *