Skip to content

Latest commit

 

History

History
85 lines (64 loc) · 1.48 KB

4.1-Windows-Enumeration.md

File metadata and controls

85 lines (64 loc) · 1.48 KB

Intrusion phase (Windows)

Enumeration

common listing

systeminfo
hostname
echo %username%

list users

net users
net user <username>

network

ipconfig /all
route print
arp -A
netstat -ano # active network connections

firewall status

netsh firewall show state
netsh firewall show config
netsh advfirewall firewall show rule all

Search patches for given patch

wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB.." /C:"KB.."

Kernel

systeminfo
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Registry Checks for Passwords

reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon"
reg query "HKLM\SYSTEM\Current\ControlSet\Services\SNMP"
reg query "HKCU\Software\SimonTatham\PuTTY\Sessions"
reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password

Places to Check for Credentials

C:\sysprep.inf
C:\sysprep\sysprep.xml
%WINDIR%\Panther\Unattend\Unattended.xml
%WINDIR%\Panther\Unattended.xml

dir /b /s unattend.xml
dir /b /s web.config
dir /b /s sysprep.inf
dir /b /s sysprep.xml
dir /b /s *pass*
dir /b /s vnc.ini

Find writable files

dir /a-r-d /s /b
  • /a: search for attributes (r is read only and d is directory)
  • /s: recurse subdirectories
  • /b: bare format, Path and filename only