Skip to content

Basic Windows Enumeration

As I have been running these commands for years, I’ve often made little notes here and there on what has been helpful. To simplify the process and consolidate what is useful in one place, I created this list. It's not mind boggling by any means, however this information can be helpful when you've yet to memorize them all.

Note

This format draws inspiration from g0tmilk's Linux Privilege Escalation

Operating System

What version of Windows is running? Is it 32 or 64-bit?

ver
systeminfo
more c:\boot.ini
wmic os get osarchitecture

Hostname?

set computername
hostname

What drives are there? Are any being shared?

wmic logicaldisk get caption,description,providername
net share
wmic share
net use

What can the OS variables tell you?

more C:\WINDOWS\System32\drivers\etc\hosts
more C:\WINDOWS\System32\drivers\etc\networks
more C:\Users\username\AppData\Local\Temp
path
echo %path%
set
tree (massive output)
wmic context
wmic bootconfig
wmic environment
wmic loadorder
wmic startup

What patches are installed?

wmic qfe

What services are installed/running?

wmic service
net start
sc query

Network

What is the current network config? What is this machine talking to?

ipconfig /allcompartments /all
getmac
wmic nicconfig get description,IPAddress,MACaddress
route PRINT
netstat -ano
arp -a
nbtstat
wmic nicconfig get macaddress,caption

What is the firewall configuration?

netsh dump
netsh firewall show state
netsh firewall show config
netsh advfirewall firewall show rule name=all
netsh advfirewall export "firewallinfo.txt"

Is the machine on a domain?

set userdomain
net view /domain

Installed Software

What software is currently running? What is installed?

tasklist
tasklist /svc
tasklist /fi "pid eq PID"
tasklist /fi "username eq USERNAME"
qprocess
driverquery /v
assoc
wmic sysdriver
wmic product

User Info

Who is logged in? Who is an administrator? Who belongs to what group/domain?

set username
whoami
echo %username%
net users
wmic group
net localgroup
net localgroup administrators
qusers
qwinsta
wmic useraccount

Registry

What is in the registry?

reg query
reg query "HKLM\Software\Microsoft\Windows NT\Currentversion\Winlogon" /v LastUsedUsername

Hardware Information

What is installed in this PC?

wmic bios
wmic baseboard get manufacturer
wmic cdrom
wmic cpu list full
wmic csproduct

Automation

All of these commands are conveniently buttoned up in this .bat file I made.