Enumerating Windows Information
After you have gained access to a box, the main thing you need to do as a pen analyzer is acquire as much data about the machine/organize.
The main Aim of the below command is to enumerate host/network information from a Windows machine. Which is for Windows XP/Vista/7 except if expressed something else.
Operating System Detail
> ver > systeminfo
You are logged in as
> set username
In which domain/workgroup is the machine apart of
> set userdomain
What is the machine called
> set computername Windows 7 only > whoami
To List user groups on the machine
> net localgroup
To List users on the machine
> net user
To List users in administrative group
> net localgroup administrators
To View all mapped logical/shared drives on the machine
> wmic logicaldisk get caption,description,providername
List out all listening services on the system
> netstat –nao
To see which other machines the system has been communicating with
> arp –a
View directories from which it has been shared
> net share
View firewall configuration
> netsh firewall show config Windows 7 only > netsh advfirewall firewall show rule name=all more or > netsh advfirewall firewall show rule name=all dir=<inout>
See all currently running processes
> tasklist
Find a specific task from Process ID, in which x is an arbitrary PID
> tasklist /fi “pid eq x” or > tasklist find “x”
Obtain tasks running under a specific user name, where x is an arbitrary username
> tasklist /fi “username eq x”