handbook/tools/5.Machine/2.Windows/Notes/4.Manual-Enumeration.md


## Manual Enumeration

- System Enumeration
```
systeminfo
- provides basic system information
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System
Type"

- Pulls down those three pieces of information quickly
wmic qfe

- Pulls down patching information
wmic qfe get Caption,Description,HotFixID,InstalledOn

- Pulls down that specific information on patches - makes it
cleaner

wmic logicaldisk get caption,description,providername
- List out all the drives
```

- User Enumeration
```
whoami /priv
- list of privs we have
- useful for token impersonation

whoami /groups
- list of groups the user is in

net user
- list of users on the machine

net user <username>
- enumerate specific information on a user

net localgroup
- list of local groups

net localgroup <groupname>
- See who is part of a specific group (i.e. administrator group)
```

- Network Enumeration
```
ipconfig /all- See network architecture of the machine
arp -a
- Look to see if there are other IPs or machines we can move to
route print
- Pull down the routing table to see what is communicating
netstat -ano
- See which ports are open and communicating
```

- Password Hunting
```
findstr /si password *.txt
- search for passwords with .txt filename in current directory
- can add others such as .ini and .config

netsh wlan show profile
- See which wireless networks user has connected to

netsh wlan show profile <SSID> key=clear
- Show clear-text password of the wireless networks

AV Enumeration
sc query <AV service>
- Pull down information on the specific service
- i.e. sc query windefend

sc queryex type= service
- Show all services running on the machine

netsh advfirewall firewall dump
- Dump firewall information

netsh firewall show state
- Older way to dump firewall informatoin

netsh firewall configuration
- Look at firwall configuratoinAutomated Enumeration--
```
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## Manual Enumeration`

			`- System Enumeration`
			```
			`systeminfo`
			`- provides basic system information`
			`systeminfo \| findstr /B /C:"OS Name" /C:"OS Version" /C:"System`
			`Type"`

			`- Pulls down those three pieces of information quickly`
			`wmic qfe`

			`- Pulls down patching information`
			`wmic qfe get Caption,Description,HotFixID,InstalledOn`

			`- Pulls down that specific information on patches - makes it`
			`cleaner`

			`wmic logicaldisk get caption,description,providername`
			`- List out all the drives`
			```

			`- User Enumeration`
			```
			`whoami /priv`
			`- list of privs we have`
			`- useful for token impersonation`

			`whoami /groups`
			`- list of groups the user is in`

			`net user`
			`- list of users on the machine`

			`net user <username>`
			`- enumerate specific information on a user`

			`net localgroup`
			`- list of local groups`

			`net localgroup <groupname>`
			`- See who is part of a specific group (i.e. administrator group)`
			```

			`- Network Enumeration`
			```
			`ipconfig /all- See network architecture of the machine`
			`arp -a`
			`- Look to see if there are other IPs or machines we can move to`
			`route print`
			`- Pull down the routing table to see what is communicating`
			`netstat -ano`
			`- See which ports are open and communicating`
			```

			`- Password Hunting`
			```
			`findstr /si password *.txt`
			`- search for passwords with .txt filename in current directory`
			`- can add others such as .ini and .config`

			`netsh wlan show profile`
			`- See which wireless networks user has connected to`

			`netsh wlan show profile <SSID> key=clear`
			`- Show clear-text password of the wireless networks`

			`AV Enumeration`
			`sc query <AV service>`
			`- Pull down information on the specific service`
			`- i.e. sc query windefend`

			`sc queryex type= service`
			`- Show all services running on the machine`

			`netsh advfirewall firewall dump`
			`- Dump firewall information`

			`netsh firewall show state`
			`- Older way to dump firewall informatoin`

			`netsh firewall configuration`
			`- Look at firwall configuratoinAutomated Enumeration--`
			```