Enumerating Windows Information

After you have gained access to a box, the main thing you need to do as a pen analyzer is acquire as much data about the machine/organize.

The main Aim of the below command is to enumerate host/network information from a Windows machine. Which is for Windows XP/Vista/7 except if expressed something else.

Operating System Detail
> ver

> systeminfo

You are logged in as
> set username

In which domain/workgroup is the machine apart of
> set userdomain

What is the machine called
> set computername

Windows 7 only

> whoami

To List user groups on the machine
> net localgroup

To List users on the machine
> net user

To List users in administrative group
> net localgroup administrators

To View all mapped logical/shared drives on the machine
> wmic logicaldisk get caption,description,providername

List out all listening services on the system
> netstat –nao

To see which other machines the system has been communicating with
> arp –a

View directories from which it has been shared
> net share

View firewall configuration
> netsh firewall show config

Windows 7 only

> netsh advfirewall firewall show rule name=all more


> netsh advfirewall firewall show rule name=all dir=<inout>

See all currently running processes
> tasklist

Find a specific task from Process ID, in which x is an arbitrary PID
> tasklist /fi “pid eq x”


> tasklist find “x”

Obtain tasks running under a specific user name, where x is an arbitrary username
> tasklist /fi “username eq x”