# Manual Windows Enumeration

* `whoami /priv`
* `whoami /groups`
* Looking for non-default services:
```sh
wmic service get name,displayname,pathname,startmode | findstr /v /i "C:\Windows"
```
    * **Unquoted Service Path** Ideally there is a path without quotation
    * Check which account the service the services run as
    ```sh
    sc qc <ServiceName>
    ```
* Check if directory is writeable
```sh
powershell "get-acl -Path 'C:\Program Files (x86)\System Explorer' | format-list"
```