Enumeration

System Enumeration

System Information

systeminfo

systeminfo | findstr /b /c:"OS Name" /c:"OS Version" /c:"System Type"

Patching Information

wmic qfe

wmic qfe get Caption,Description,HotFixID,InstalledOn

Drives / Partition Information

wmic logicaldisk

wmic logicaldisk get caption,description,providername

wmic logicaldisk get caption

User / Group Enumeration

Current Logged in User

whoami

User Privileges

whoami /priv

User Group Membership

whoami /groups

User Accounts

net user

User Account Information

net user [USERNAME]

Groups

net localgroup

Group Membership Information

net localgroup [GROUP_NAME]

Network Enumeration

Network Configuration

ipconfig

ipconfig /all

ARP Table

arp -a

Routing Table

route print

Open Ports

netstat -ano

Password Hunting

Finding Passwords In Files

Navigate first to the directory where you want to search
Run the command

findstr /si password *.txt

findstr /si password *.txt *.ini *.config

Other Examples

findstr /si password *.txt
findstr /si password *.xml
findstr /si password *.ini

#Find all those strings in config files.
dir /s *pass* == *cred* == *vnc* == *.config*

# Find all passwords in all files.
findstr /spin "password" *.*
findstr /spin "password" *.*

Finding Passwords in Registry

reg query HKLM /f password /t REG_SZ /s

reg query HKCU /f password /t REG_SZ /s

reg query "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\Currentversion\\Winlogon"

Resources

AV Enumeration

Windows Defender

Check if Windows Defender is running via Services

sc query windefend

Other Anti-virus Application

Checks all Services
Check if there are any Anti-virus service running

sc queryex type= service

Windows Firewall

netsh advfirewall firewall dump

netsh firewall show state

netsh firewall show config

PreviousWindows Privilege Escalation NextAutomated Tools

Last updated 6 months ago