Manual Enumeration
System, user, network, password, and AV
System Enumeration
List all system information:
systeminfo
Grep the essence from systeminfo
:
systeminfo | findstr /b /c:"OS Name" /c:"OS Versoin" /c:"System Type"
Enumerate patches:
wmic qfe
wmic qfe
with better format:
wmic qfe Caption,Description,HotFixID,InstalledOn
Enumerate disks:
wmic logicaldisk
wmic logicaldisk
with better format:
wmic logicaldisk get caption,description,providername
List only the drive names (such as "C:" and "D:"):
wmic logicaldisk get caption
User Enumeration
Enumerate the current user:
whoami
Enumerate the current user's privilege:
whoami /priv
Enumerate the current user's groups:
whoami /groups
Enumerate all users:
net user
Enumerate a specific user:
net user <username>
Verify the administrator group:
net localgroup administrators
Network Enumeration
Enumerate network information:
ipconfig
ipconfig
with more details:
ipconfig /all
Enumerate the ARP table:
arp -a
Enumerate the routing table:
route print
Enumerate open ports:
netstat -ano
Password Hunting
Search for the keyword "password" in files with certain file extensions:
findstr /si password *.txt *.ini *.config
Search for password in registry:
reg query HKLM /f password /t REG_SZ /s
AV Enumeration
Search the phase "password" in text files (in the current directory):
findstr /si password *.txt
Enumerate Windows Defender:
sc query windefend
Enumerate all running services:
sc queryex type= service
Enumerate firewall (older machines):
netsh firewall show state
Enumerate firewall (newer machines):
netsh advfirewall firewall dump
Enumerate firewall configuration:
netsh firewall show config
Last updated
Was this helpful?