# Manual Windows Enumeration

## General Info

```sh
systeminfo
```

* Check installed updates
```sh
wmic qfe get Caption,Description
```

## Users

* `whoami /priv`
* `whoami /groups`
* `whoami /all`
* `net user`

* `net group`
* `net localgroup <groupname>`
* `net accounts`
* `net accounts /domain`

## Network Info

```sh
ipconfig
ipconfig /all
```

```sh
netstat -noba
```

```sh
arp -a
```

* Show shares
```sh
net share
```

## Services

```sh
net start
wmic service get name,version,vendor
```

### Non-Default Services

* Looking for non-default services:
```sh
wmic service get name,displayname,pathname,startmode | findstr /v /i "C:\Windows"
```

    * **Unquoted Service Path** Ideally there is a path without quotation
    * Check which account the service the services run as

    ```sh
    sc qc <ServiceName>
    ```

* Check if directory is writeable

```sh
powershell "get-acl -Path 'C:\Program Files (x86)\System Explorer' | format-list"
```

### Scheduled Services

* Check which services are scheduled via
```sh
schtasks
```
* Powershell's equivalent to scheduled tasks therefore is
```sh
ps
```

## Files

### Group permissions

* Check modification permissions on files and if the current user is able to modify via 
```sh
whoami /all
icacls <filename>
```