Automated Host Recon, Persistence and Exfiltration

Batch script to automate collection, credential dumping, discovery and exfiltration techniques

Bank Security
2 min readJan 8, 2020


Each time during a red team or a PT we always find ourselves performing manual reconnaissance actions before deciding how to move laterally or perform more aggressive post exploitation actions.

This article will give you a vision of how to automate the initial reconnaissance actions without user interaction by presenting “actionable” results. Let’s see how …


Automatically collected information:

The script then automatically loads all the data collected on Pastebin using this script: link, copy itself in the Startup folder as persistence mechanism and opens a reverse shell to your C2 (link).

There are also a couple of extras that can be added at will. One dedicated to taking a screenshot (different techniques here: link), the other to recover the outlook passwords (here a couple of techniques: link) and the last one recording the victim’s PC audio using the default microphone on Windows 7 and 8 (link) or for the others this could be fine but currently detected by different AVs: link

AUTO_RECON.bat script:

Putting all the techniques described above all together here the result:

Auto Recon Script

You can customize the script as you prefer and add techniques based on what you need.
In my GitHub you can find all the techniques and scripts used with even more or less undetectable variants:

At the time of writing, the script and the techniques contained within it bypass Windows Defender. As always, I recommend having a hunting team capable of detecting these normally “lawful” activities through custom alerts.

Enjoy Threat Hunting!

Follow me on Twitter:

and GitHub: