73 lines
962 B
Markdown
73 lines
962 B
Markdown
|
# Manual Windows Enumeration
|
||
|
|
|
||
|
|
## General Info
|
||
|
|
|
||
|
|
```sh
|
||
|
|
systeminfo
|
||
|
|
```
|
||
|
|
|
||
|
|
* Check installed updates
|
||
|
|
```sh
|
||
|
|
wmic qfe get Caption,Description
|
||
|
|
```
|
||
|
|
|
||
|
|
## Users
|
||
|
|
|
||
|
|
* `whoami /priv`
|
||
|
|
* `whoami /groups`
|
||
|
|
* `whoami /all`
|
||
|
|
* `net user`
|
||
|
|
|
||
|
|
* `net group`
|
||
|
|
* `net localgroup <groupname>`
|
||
|
|
* `net accounts`
|
||
|
|
* `net accounts /domain`
|
||
|
|
|
||
|
|
## Network Info
|
||
|
|
|
||
|
|
```sh
|
||
|
|
ipconfig
|
||
|
|
ipconfig /all
|
||
|
|
```
|
||
|
|
|
||
|
|
```sh
|
||
|
|
netstat -noba
|
||
|
|
```
|
||
|
|
|
||
|
|
```sh
|
||
|
|
arp -a
|
||
|
|
```
|
||
|
|
|
||
|
|
* Show shares
|
||
|
|
```sh
|
||
|
|
net share
|
||
|
|
```
|
||
|
|
|
||
|
|
## Services
|
||
|
|
|
||
|
|
```sh
|
||
|
|
net start
|
||
|
|
wmic service get name,version,vendor
|
||
|
|
```
|
||
|
|
|
||
|
|
### Non-Default Services
|
||
|
|
|
||
|
|
* Looking for non-default services:
|
||
|
|
```sh
|
||
|
|
wmic service get name,displayname,pathname,startmode | findstr /v /i "C:\Windows"
|
||
|
|
```
|
||
|
|
|
||
|
|
* **Unquoted Service Path** Ideally there is a path without quotation
|
||
|
|
* Check which account the service the services run as
|
||
|
|
|
||
|
|
```sh
|
||
|
|
sc qc <ServiceName>
|
||
|
|
```
|
||
|
|
|
||
|
|
* Check if directory is writeable
|
||
|
|
|
||
|
|
```sh
|
||
|
|
powershell "get-acl -Path 'C:\Program Files (x86)\System Explorer' | format-list"
|
||
|
|
```
|
||
|
|
|