# Gathering Information of the System

## 1. Network & System Information

* **Network Configuration:**
  * `ipconfig /all` → View detailed network interface configurations (IP, DNS, etc.).
  * `arp -a` → Display ARP cache (shows local network devices).
  * `route print` → View the system's routing table.
* **Service Information:**
  * `tasklist /svc` → List all running processes along with their services.
  * `netstat -ano` → Display active TCP/UDP connections and listening ports with process IDs.
* **System Info:**
  * `systeminfo` → Get a comprehensive overview of the system (OS version, architecture, hotfixes, etc.).
  * `wmic product get name` → List installed software via the command line.
    * `Get-WmiObject -Class Win32_Product | select Name, Version` → List installed software via PowerShell.

## **2. User & Privilege Enumeration**

* **Current User & Privileges:**
  * `whoami /priv` → List current user privileges.
  * `whoami /groups` → List group memberships for the current user.
  * `net user` → Get a list of all user accounts.
  * `query user` → Display logged-in users on the system.
* **Groups & Password Policies:**
  * `net localgroup` → List all local groups.
  * `net localgroup "Backup Operators"` → List users in the Backup Operators group.
  * `net accounts` → View password policies and other account-related configurations.

## **3. Security Tools & Configuration**

* **Windows Defender:**
  * `Get-MpComputerStatus` → Check the status of Windows Defender (active, signatures, etc.).
* **AppLocker:**
  * `Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections` → List effective AppLocker rules.
  * `Test-AppLockerPolicy -Path C:\Windows\System32\cmd.exe -User Everyone` → Test if a specific executable (cmd.exe) can be run for a specific user.

## **4. Named Pipes & Permission Enumeration**

* **Listing Named Pipes:**
  * `pipelist.exe /accepteula` → List all named pipes on the system.
* **Access Rights to Named Pipes:**
  * `accesschk.exe /accepteula \\.\Pipe\lsass -v` → Check permissions for a specific named pipe (e.g., LSASS pipe).
  * `accesschk.exe /accepteula -w \\.\Pipe\SQLLocal\SQLEXPRESS01 -v` → Check write access for a SQL pipe.

## **5. Environment Variables & Other Useful Commands**

* **View Environment Variables:**
  * `set` → Display environment variables for the current session.