whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/enumeration/windows/manual_enum.md

495 B
Raw Blame History

Manual Windows Enumeration

  • whoami /priv
  • whoami /groups
  • Looking for non-default services:
wmic service get name,displayname,pathname,startmode | findstr /v /i "C:\Windows"

* **Unquoted Service Path** Ideally there is a path without quotation
* Check which account the service the services run as
```sh
sc qc <ServiceName>
```
  • Check if directory is writeable
powershell "get-acl -Path 'C:\Program Files (x86)\System Explorer' | format-list"