# Gathering Information of the System ## 1. Network & System Information * **Network Configuration:** * `ipconfig /all` → View detailed network interface configurations (IP, DNS, etc.). * `arp -a` → Display ARP cache (shows local network devices). * `route print` → View the system's routing table. * **Service Information:** * `tasklist /svc` → List all running processes along with their services. * `netstat -ano` → Display active TCP/UDP connections and listening ports with process IDs. * **System Info:** * `systeminfo` → Get a comprehensive overview of the system (OS version, architecture, hotfixes, etc.). * `wmic product get name` → List installed software via the command line. * `Get-WmiObject -Class Win32_Product | select Name, Version` → List installed software via PowerShell. ## **2. User & Privilege Enumeration** * **Current User & Privileges:** * `whoami /priv` → List current user privileges. * `whoami /groups` → List group memberships for the current user. * `net user` → Get a list of all user accounts. * `query user` → Display logged-in users on the system. * **Groups & Password Policies:** * `net localgroup` → List all local groups. * `net localgroup "Backup Operators"` → List users in the Backup Operators group. * `net accounts` → View password policies and other account-related configurations. ## **3. Security Tools & Configuration** * **Windows Defender:** * `Get-MpComputerStatus` → Check the status of Windows Defender (active, signatures, etc.). * **AppLocker:** * `Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections` → List effective AppLocker rules. * `Test-AppLockerPolicy -Path C:\Windows\System32\cmd.exe -User Everyone` → Test if a specific executable (cmd.exe) can be run for a specific user. ## **4. Named Pipes & Permission Enumeration** * **Listing Named Pipes:** * `pipelist.exe /accepteula` → List all named pipes on the system. * **Access Rights to Named Pipes:** * `accesschk.exe /accepteula \\.\Pipe\lsass -v` → Check permissions for a specific named pipe (e.g., LSASS pipe). * `accesschk.exe /accepteula -w \\.\Pipe\SQLLocal\SQLEXPRESS01 -v` → Check write access for a SQL pipe. ## **5. Environment Variables & Other Useful Commands** * **View Environment Variables:** * `set` → Display environment variables for the current session. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.dollarboysushil.com/windows-privilege-escalation/gathering-information-of-the-system.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.