# Information Gatthering & Enumeration

### System Information

```bash
# Using the tasklist command to look at running processes
tasklist /svc

# Display All Environment Variables
set

# View Detailed Configuration Information
systeminfo

# Patches and Updates, qfe(Quick Fix Engineering)
wmic qfe 
Get-HotFix | ft -AutoSize 

# Installed Programs
wmic product get name
Get-WmiObject -Class Win32_Product |  select Name, Version

# Display Running Processes
netstat -ano
```

### Network Information

```bash
# Interface(s), IP Address(es), DNS Information
ipconfig /all

# ARP Table
arp -a

# Routing Table
route print

# Display Active Network Connections
netstat -ano

# Listing Named Pipes with Pipelist
pipelist.exe /accepteula

# Additionally, we can use PowerShell to list named pipes using gci (Get-ChildItem)
gci \\\\.\\pipe\\

# Reviewing LSASS Named Pipe Permissions
accesschk.exe /accepteula \\.\Pipe\lsass -v
```

### User & Group Information

```bash
# Logged-In Users
query user 

# Current User
echo %USERNAME%

# Current User Privilege
whoami /priv

# Current User Group Information
whoami /groups

# Get All Users
net user

# Get All Groups
net localgroup

# Details About a Group
net localgroup administrators

# Get Password Policy & Other Account Information
net accounts
```

### Enumerating Protections

```bash
# Check Windows Defender Status
Get-MpComputerStatus

# List AppLocker Rules
Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections

# Test AppLocker Policy
Get-AppLockerPolicy -Local | Test-AppLockerPolicy -path C:\\Windows\\System32\\cmd.exe -User Everyone
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://strange-1.gitbook.io/notes/privilege-escalation/windows-privesc/information-gatthering-and-enumeration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.