Manual Enumeration

System Enumeration:

Display the system’s hostname: helps identify it among other devices.

hostname

Display detailed information about the system’s version and OS

systeminfo

Check Windows version

 wmic os get caption, version, osarchitecture
 systeminfo | findstr /B /C: "OS Name" /C: "OS Version" /C:"System Type"
    
 # wmic ( windows manager instrumentation command line ) 
 # qfe ( quick fix engineering ) 
 # to see whats patched
    
 wmic qfe get Caption,Description,HotFixID,InstalledOn
 wmic logicaldisk get caption,description,providername

User Enumeration:

Display Privilege for current user

whoami /priv

List groups the user belongs to

whoami /groups

List all users on the system

netstat

Show detailed info about a specific user

net user <username>

List members of a local group

net localgroup <groupName>

Network Enumeration

Show full network configuration

ipconfig /all

Show ARP table (IP ↔ MAC mapping)

arp -a

Display system routing table

route print

Show active network connections with PIDs

netstat -ano

Password Hunting

Search for "password" in common config files

findstr /si password *.txt *.ini *.config

Recursively search all files for password patterns

findstr /spin "password" *.*

Look for plaintext passwords in Windows setup files

type %WINDIR%\\Panther\\Unattend\\Unattended.xml

AV Enumeration

Check status of Windows Defender

sc query windefend

List all services, including antivirus software

sc queryex type= service

PreviousSecurity Policy NextAutomation Enumeration

Last updated 1 month ago