So in this series of blog articles so far we have identified a number of different baseline scripts written in PowerShell. We hope that auditors and others will be able to take this scripts, modify them for their own purposes and use them for baselining the systems that they are evaluating.
This week we found ourselves in the position of having to gather some information about both the MAC addresses and the logical (IP) addresses of the adapters on a set of machines. Unfortunately that meant we had to change our strategy from using simple WMI calls of the Win32 namespace. Since we’re dealing with Microsoft Windows machines, we thought, why not go to the grand-daddy of all network configuration utilities – NETSH? So this week we primarily will use NETSH to gather the information.
We didn’t do much parsing this week (we do have day jobs too), but to query the information on a system’s adapters, we would use the following script:
echo “The following is the list of adapters and MAC Addresses as supplied by WMI calls:”
Get-WmiObject win32_networkadapter | Select-Object Name,MACAddress
echo “The following is the IPv4 network configuration as supplied by the netsh command:”
netsh interface ip show config
echo “The following is the IPv6 network configuration as supplied by the netsh command:”
netsh interface ipv6 show interfaces
netsh interface ipv6 show subinterfaces
netsh interface ipv6 show dnsservers
netsh interface ipv6 show addresses
netsh interface ipv6 show global
netsh interface ipv6 show teredo
As always, this script, as well as others for baselining systems, can be found at https://enclavesecurit.wpengine.com/scripts/.
There will be more NETSH scripts to come, but we figured we would show you the basics first. Enjoy!