Information Gatthering & Enumeration

System Information

# Using the tasklist command to look at running processes
tasklist /svc

# Display All Environment Variables
set

# View Detailed Configuration Information
systeminfo

# Patches and Updates, qfe(Quick Fix Engineering)
wmic qfe 
Get-HotFix | ft -AutoSize 

# Installed Programs
wmic product get name
Get-WmiObject -Class Win32_Product |  select Name, Version

# Display Running Processes
netstat -ano

Network Information

# Interface(s), IP Address(es), DNS Information
ipconfig /all

# ARP Table
arp -a

# Routing Table
route print

# Display Active Network Connections
netstat -ano

# Listing Named Pipes with Pipelist
pipelist.exe /accepteula

# Additionally, we can use PowerShell to list named pipes using gci (Get-ChildItem)
gci \\\\.\\pipe\\

# Reviewing LSASS Named Pipe Permissions
accesschk.exe /accepteula \\.\Pipe\lsass -v

User & Group Information

# Logged-In Users
query user 

# Current User
echo %USERNAME%

# Current User Privilege
whoami /priv

# Current User Group Information
whoami /groups

# Get All Users
net user

# Get All Groups
net localgroup

# Details About a Group
net localgroup administrators

# Get Password Policy & Other Account Information
net accounts

Enumerating Protections

# Check Windows Defender Status
Get-MpComputerStatus

# List AppLocker Rules
Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections

# Test AppLocker Policy
Get-AppLockerPolicy -Local | Test-AppLockerPolicy -path C:\\Windows\\System32\\cmd.exe -User Everyone

PreviousWindows Users Privileges NextPrivilege Escalation Techniques

Last updated 1 year ago