Windows Enumeration

Initial Windows System Enumeration

System Information

systeminfo                            # Show System Information
type C:\Windows\System32\eula.txt     # OS Version
wmic qfe                              # OS Arch

Local Services

tasklist /svc                         # View processes and services
sc query
wmic service list

Installed Applications

dir /a C:\PROGRA~1\                    # Check Program Files
dir /a C:\PROGRA~2\                    # Check Program Files (x86)
reg query HKEY_LOCAL_MACHINE\SOFTWARE  # Show Installed Software

Users

whoami                                # Check current user
whoami /user                          # Current user SID        
whoami /priv                          # Current user privileges
whoami /groups                        # Current users groups
net users                             # View list of users
net users username                    # View user information
net localgroup                        # View user groups
net localgroup Administrators         # View members of Administrators group

Network

ipconfig /all            # View IP configuration (gateway, subnet, dns, dc)
arp -a                   # View ARP table
route print              # View routing table
netstat -ano             # Active network connections
sc query windefend                     # State of Windows Defender
netsh advfirewall show state           # State of firewall
netsh advfirewall firewall dump        # Dump firewall settings
netsh firewall show config             # Firewall configuration
C:\Windows\System32\drivers\etc\hosts  # Hosts file
net use                                # Check network shares
wmic logicaldisk get caption,description,providername

File System

dir /b /ad "C:\Users\"                 # View Users directories
dir C:\                                # Check root of C:

# Check for full permissions
icacls "C:\Program Files\*" 2>nul | findstr "(F)" | findstr "Everyone"
icacls "C:\Program Files (x86)\*" 2>nul | findstr "(F)" | findstr "Everyone"
icacls "C:\Program Files\*" 2>nul | findstr "(F)" | findstr "BUILTIN\Users"
icacls "C:\Program Files (x86)\*" 2>nul | findstr "(F)" | findstr "BUILTIN\Users"

Scheduled Tasks

schtasks /query /fo LIST /v            # Show scheduled tasks
dir C:\Windows\Tasks

PreviousLinux Enumeration NextAD Enumeration

Last updated 2 years ago