Display the system’s hostname: helps identify it among other devices.
hostname
Display detailed information about the system’s version and OS
systeminfo
Check Windows version
wmic os get caption, version, osarchitecture
systeminfo | findstr /B /C: "OS Name" /C: "OS Version" /C:"System Type"
# wmic ( windows manager instrumentation command line )
# qfe ( quick fix engineering )
# to see whats patched
wmic qfe get Caption,Description,HotFixID,InstalledOn
wmic logicaldisk get caption,description,providername
Tasklist
tasklist /svc
Display All Environment Variables
set
Display Running process
netstat -ano
Enumerating Always Install Elevated Settings
# any app default install with system privilege
reg query HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Installer
reg query HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer
# if two option enabled then generate MSI payload and execute it to take a reverse shell
Display all service running with local system priv
Get-WmiObject Win32_Service | Where-Object { $_.StartName -eq "LocalSystem" } | Select-Object Name, DisplayName, StartName
Display all service you have Write permission
accesschk.exe /accepteula -uwcqv <userAccount> * > services.txt
# search on privilege for this service
sc qc <ServiceName>
Collect auto run app