Manual Enumeration

System, user, network, password, and AV

System Enumeration

List all system information:

systeminfo

Grep the essence from systeminfo:

systeminfo | findstr /b /c:"OS Name" /c:"OS Versoin" /c:"System Type"

Enumerate patches:

wmic qfe

wmic qfe with better format:

wmic qfe Caption,Description,HotFixID,InstalledOn

Enumerate disks:

wmic logicaldisk

wmic logicaldisk with better format:

wmic logicaldisk get caption,description,providername

List only the drive names (such as "C:" and "D:"):

wmic logicaldisk get caption

User Enumeration

Enumerate the current user:

whoami

Enumerate the current user's privilege:

whoami /priv

Enumerate the current user's groups:

whoami /groups

Enumerate all users:

net user

Enumerate a specific user:

net user <username>

Verify the administrator group:

net localgroup administrators

Network Enumeration

Enumerate network information:

ipconfig

ipconfig with more details:

ipconfig /all

Enumerate the ARP table:

arp -a

Enumerate the routing table:

route print

Enumerate open ports:

netstat -ano

Password Hunting

Search for the keyword "password" in files with certain file extensions:

findstr /si password *.txt *.ini *.config

Search for password in registry:

reg query HKLM /f password /t REG_SZ /s

AV Enumeration

Search the phase "password" in text files (in the current directory):

findstr /si password *.txt

Enumerate Windows Defender:

sc query windefend

Enumerate all running services:

sc queryex type= service

Enumerate firewall (older machines):

netsh firewall show state

Enumerate firewall (newer machines):

netsh advfirewall firewall dump

Enumerate firewall configuration:

netsh firewall show config
PreviousWindows Privilege EscalationNextAutomated Tools

Last updated

Was this helpful?