Enumerating Windows Information

After you have gained access to a box, the main thing you need to do as a pen analyzer is acquire as much data about the machine/organize.

The main Aim of the below command is to enumerate host/network information from a Windows machine. Which is for Windows XP/Vista/7 except if expressed something else.

Operating System Detail

> ver

> systeminfo

You are logged in as

> set username

In which domain/workgroup is the machine apart of

> set userdomain

What is the machine called

> set computername

Windows 7 only

> whoami

To List user groups on the machine

> net localgroup

To List users on the machine

> net user

To List users in administrative group

> net localgroup administrators

To View all mapped logical/shared drives on the machine

> wmic logicaldisk get caption,description,providername

List out all listening services on the system

> netstat –nao

To see which other machines the system has been communicating with

> arp –a

View directories from which it has been shared

> net share

View firewall configuration

> netsh firewall show config

Windows 7 only

> netsh advfirewall firewall show rule name=all more

or

> netsh advfirewall firewall show rule name=all dir=<inout>

See all currently running processes

> tasklist

Find a specific task from Process ID, in which x is an arbitrary PID

> tasklist /fi “pid eq x”

or

> tasklist find “x”

Obtain tasks running under a specific user name, where x is an arbitrary username

> tasklist /fi “username eq x”