Windows Enumeration

Manual and automated scripts for windows enumeration

WIN PAESS

Automatic priv esc profiling scripts

PEASS-ng/winPEAS at master · carlospolop/PEASS-ngGitHub

Identity

whoami
whoami /priv
whoami /groups
whoami /all

System

hostname

set

echo %COMPUTERNAME%
echo %USERNAME%
echo %USERDOMAIN%
echo %USERDNSDOMAIN%

# wmic
wmic nicconfig get description,IPAddress,MACAddress
wmic product get name, version, vendor
wmic qfe get Caption, Description, HotFixID, InstalledOn

Users and Groups

Net

net user
net user administrator
net localgroup
net localgroup administrators

Shares, Account Policy, Autostart

net share
net accounts
net start

PowerShell

# powershell
Get-LocalUser
Get-LocalGroup
Get-LocalGroupMember Administrators

Network

arp -a
ifconfig /all
route print

Tasks

tasklist

tasklist /SVC

Disk and Registry

tree /a /f

search password

REG QUERY HKLM /F "password" /t REG_SZ /S /K

Windows EnumerationNoRed0x

PayloadsAllTheThings/Windows - Privilege Escalation.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

Checklist - Local Windows Privilege EscalationHackTricks