killchain-compendium/Enumeration/Windows/Manual Enum.md

Manual Windows Enumeration

General Info

systeminfo

• Check installed updates

wmic qfe get Caption,Description

Users

• whoami /priv

• whoami /groups

• whoami /all

• net user

• net group

• net localgroup <groupname>

• net accounts

• net accounts /domain

Network Info

ipconfig
ipconfig /all

netstat -noba

arp -a

• Show shares

net share

Services

net start
wmic service get name,version,vendor

Non-Default Services

• Looking for non-default services:

wmic service get name,displayname,pathname,startmode | findstr /v /i "C:\Windows"

* **Unquoted Service Path** Ideally there is a path without quotation
* Check which account the service the services run as

```sh
sc qc <ServiceName>
```

• Check if directory is writeable

powershell "get-acl -Path 'C:\Program Files (x86)\System Explorer' | format-list"

Scheduled Services

• Check which services are scheduled via

schtasks

• Powershell's equivalent to scheduled tasks therefore is

ps

Files

Group permissions

• Check modification permissions on files and if the current user is able to modify via

whoami /all
icacls <filename>