Recon - Initial Access

Who we are

whoami /fqdn
whoami /upn

What are our privileges and which group do we belong to

whoami /priv
whoami /groups
whoami /all



Hotfix and KB information

wmic qfe get Caption,Description,HotFixID,InstalledOn

Antivirus Status


Which users/localgroups are on the machine

net users
net localgroups
net localgroup Administrators
net user morph3

Crosscheck local and domain groups too

net user morph3 /domain
net users /domain
net group "Domain Admins" /domain

Network information

ipconfig /all
route print
arp -A

# Network connections
netstat -ano

Network shares

net view

Logged on users

Get-NetLoggedon -ComputerName client251

File - Directory enumerations

Recursive string scan

findstr /spin "password" *.*

To list all the files recursively

dir /a-D /S /B

Search for writeable directories

dir /a-r-d /s /b

Running processes

tasklist /SVC

To check permissions of us on service vulnsvc

accesschk.exe /accepteula -uwcqv morph3 vulnsvc

Last updated