rootđź’€bl4ck4non-sec:~#

Hack. Eat. Sleep. Repeat!!!

View on GitHub

Enumerating system information

Hotfixes you get from running the “systeminfo” command can be researched on. So, with this you’ll know the vulnerability that is being patched and also if the vulnerability still exists

To get hotfixes on windows, with their description and when it was installed

wmic qfe get Caption,Description,HotFixId,InstalledOn

Enumerating Users and Groups

To check for logged on users, a post exploitation module can be used. Backgrounding the previous session

use post/windows/gather/enum_logged_on_users
set SESSION
run

Checking the available privileges on the command shell

whoami /priv (this is different from the command used for the meterpreter shell)

Checking the logged on users on the command shell

query user

To learn more about a user

net user (username)

To enumerate all groups on the system

net localgroup

Enumerating Network Information

To check if the network was part of an internal network in the case of pivoting, running this command will show the ethernet adapter information for the internal network from there we can go ahead to add the route

ipconfig /all

To display the routing table

route print

To discover other devices on the network

arp -a

To display a list of open connections or the services that are currently running and the ports running on the target system

netstat -ano

To display the firewall state

netsh firewall show state
netsh advfirewall firewall show
netsh advfirewall show allprofiles

Enumerating Processes and Services

To obtain a list of started services

net start

To obtain a list of running services

wmic service list brief

To get the list of processes running as well as the services running under a particular process

tasklist /SVC

To get a list of scheduled tasks running

schtasks /query /fo LIST
schtasks /query /fo /v (displays additional information)

Automating local windows enumeration

A tool called JAWS (Just Another Windows (Enum) Script). It can be gotten from this link

To show mounted drives available on the target system

show_mount

Automating the available privileges for a user

use  post/windows/gather/win_privs
set SESSIOn
run

To check if it is a virtual machine

use post/windows/gather/checkvm

To enumerate for applications installed on the target’s machine

use post/windows/gather/enum_applications

Enumerating for computers connected to the target’s device

use post/windows/gather/enum_computers

To get a list of installed patches

use post/windows/gather/enum_patches

To enumerate for shares

use post/windows/gather/enum_shares