Initial Enumeration

System Enumeration

• systeminfo - gives you a long list of system information

  • You can grep this output as well, for example: systeminfo | findstr /B /C:" OS Name" /C:"OS Version" /C:"System Type"

• wmic qfe - Windows management instrumentation command line, returns information on the system we are running, specifically what has been patched and when it was patched

• wmic logicaldisk get caption,description,providername - gets drive information

User Enumeration

• whoami

• whoami /priv

• whoami /groups

• net user - shows user accounts on the machine

• net localgroup GROUP_NAME

Network Enumeration

• ipconfig

• arp -a

• route print

• netstat

Password Hunting

• finstr /si password *.txt

AV Enumeration

• sc query windefend

• sc queryex type= service

• netsh advfirewall firewall dump

• netsh firewall show state