Initial Enumeration

System Enumeration

systeminfo

systeminfo | findstr /b /c:"OS Name" /c:"OS Version" /c:"System Type"

Enumerating Quick Fixes

wmic qfe

wmic qfe get Caption,Description,HotFixID,InstalledOn

Enumerate Drives

wmic logicaldisk

wmic logicaldisk get caption,description,providername

User Enumeration

whoami

Current User Privileges

whoami /priv

Current User Groups

whoami /groups

Users on Current Machine

net user

Details about a single user including group memberships

net user Administrator

Enumerate Groups

net localgroup

Check the members of a group

net localgroup administrators

Network Enumeration

ipconfig /all

Check arp table

arp -a

Check Routing Table

route print

Check Open Ports

netstat -ano

AV and Firewall Enumeration

sc query windefend

List all services

sc queryex type= service

This lists all active services on the machine, including their process IDs (PIDs) and status. We can manually check if some antivirus is running on target.

Firewall Enumeration

netsh advfirewall firewall dump

Displays or "dumps" the entire current configuration and rule set of the Windows Defender Firewall.

If it does not work use the older command.

netsh firewall show state

netsh: A command-line utility that allows you to display or modify the network configuration of a computer that is currently running.
firewall: Enters the context for managing the Windows Firewall.
show state: Specifically requests the current operational status of the firewall.

netsh firewall show config

PreviousWindows Priv esc NextAutomated Enumeration Tools

Last updated 12 days ago