Skip to main content

Overview

The EnvironmentVariables command enumerates all environment variables for the system and current user. Environment variables often contain sensitive information like paths, credentials, API keys, proxy settings, and application configurations.

Syntax

Seatbelt.exe EnvironmentVariables

Remote Execution

Seatbelt.exe EnvironmentVariables -computername=TARGET.domain.com [-username=DOMAIN\user -password=pass]

Output

Returns environment variables including:
  • Variable name
  • Variable value
  • Scope (System/User)

Use Cases

  • Red Team
  • Blue Team
  • Discover credentials in environment variables
  • Find API keys and tokens
  • Identify proxy configurations
  • Locate application paths
  • Discover cloud credentials (AWS_ACCESS_KEY, etc.)

Example Output

====== EnvironmentVariables ======

System Environment Variables:
  COMPUTERNAME         : WORKSTATION01
  OS                   : Windows_NT
  PATH                 : C:\Windows\system32;C:\Windows;...
  PROCESSOR_ARCHITECTURE : AMD64
  SystemRoot           : C:\Windows
  TEMP                 : C:\Windows\TEMP
  TMP                  : C:\Windows\TEMP

User Environment Variables:
  APPDATA             : C:\Users\admin\AppData\Roaming
  LOCALAPPDATA        : C:\Users\admin\AppData\Local
  TEMP                : C:\Users\admin\AppData\Local\Temp
  USERNAME            : admin
  USERPROFILE         : C:\Users\admin

Remote Execution

This command supports remote execution using the -computername parameter.

Detection Considerations

Low detection risk - queries environment variables via WMI.