Windows Enumeration
Initial Windows System Enumeration
System Information
systeminfo # Show System Information
type C:\Windows\System32\eula.txt # OS Version
wmic qfe # OS ArchLocal Services
tasklist /svc # View processes and services
sc query
wmic service listInstalled Applications
dir /a C:\PROGRA~1\ # Check Program Files
dir /a C:\PROGRA~2\ # Check Program Files (x86)
reg query HKEY_LOCAL_MACHINE\SOFTWARE # Show Installed SoftwareUsers
whoami # Check current user
whoami /user # Current user SID
whoami /priv # Current user privileges
whoami /groups # Current users groups
net users # View list of users
net users username # View user information
net localgroup # View user groups
net localgroup Administrators # View members of Administrators group
Network
ipconfig /all # View IP configuration (gateway, subnet, dns, dc)
arp -a # View ARP table
route print # View routing table
netstat -ano # Active network connections
sc query windefend # State of Windows Defender
netsh advfirewall show state # State of firewall
netsh advfirewall firewall dump # Dump firewall settings
netsh firewall show config # Firewall configuration
C:\Windows\System32\drivers\etc\hosts # Hosts file
net use # Check network shares
wmic logicaldisk get caption,description,providernameFile System
dir /b /ad "C:\Users\" # View Users directories
dir C:\ # Check root of C:
# Check for full permissions
icacls "C:\Program Files\*" 2>nul | findstr "(F)" | findstr "Everyone"
icacls "C:\Program Files (x86)\*" 2>nul | findstr "(F)" | findstr "Everyone"
icacls "C:\Program Files\*" 2>nul | findstr "(F)" | findstr "BUILTIN\Users"
icacls "C:\Program Files (x86)\*" 2>nul | findstr "(F)" | findstr "BUILTIN\Users"
Scheduled Tasks
schtasks /query /fo LIST /v # Show scheduled tasks
dir C:\Windows\Tasks
Last updated