TwitterGithubLinkedinInstagramDiscord
Edit

Gathering Information of the System

1. Network & System Information

  • Network Configuration:

    • ipconfig /all β†’ View detailed network interface configurations (IP, DNS, etc.).

    • arp -a β†’ Display ARP cache (shows local network devices).

    • route print β†’ View the system's routing table.

  • Service Information:

    • tasklist /svc β†’ List all running processes along with their services.

    • netstat -ano β†’ Display active TCP/UDP connections and listening ports with process IDs.

  • System Info:

    • systeminfo β†’ Get a comprehensive overview of the system (OS version, architecture, hotfixes, etc.).

    • wmic product get name β†’ List installed software via the command line.

      • Get-WmiObject -Class Win32_Product | select Name, Version β†’ List installed software via PowerShell.

2. User & Privilege Enumeration

  • Current User & Privileges:

    • whoami /priv β†’ List current user privileges.

    • whoami /groups β†’ List group memberships for the current user.

    • net user β†’ Get a list of all user accounts.

    • query user β†’ Display logged-in users on the system.

  • Groups & Password Policies:

    • net localgroup β†’ List all local groups.

    • net localgroup "Backup Operators" β†’ List users in the Backup Operators group.

    • net accounts β†’ View password policies and other account-related configurations.

3. Security Tools & Configuration

  • Windows Defender:

    • Get-MpComputerStatus β†’ Check the status of Windows Defender (active, signatures, etc.).

  • AppLocker:

    • Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections β†’ List effective AppLocker rules.

    • Test-AppLockerPolicy -Path C:\Windows\System32\cmd.exe -User Everyone β†’ Test if a specific executable (cmd.exe) can be run for a specific user.

4. Named Pipes & Permission Enumeration

  • Listing Named Pipes:

    • pipelist.exe /accepteula β†’ List all named pipes on the system.

  • Access Rights to Named Pipes:

    • accesschk.exe /accepteula \\.\Pipe\lsass -v β†’ Check permissions for a specific named pipe (e.g., LSASS pipe).

    • accesschk.exe /accepteula -w \\.\Pipe\SQLLocal\SQLEXPRESS01 -v β†’ Check write access for a SQL pipe.

5. Environment Variables & Other Useful Commands

  • View Environment Variables:

    • set β†’ Display environment variables for the current session.

PreviousWindows Privilege EscalationNextUser Privileges

Last updated

Was this helpful?