# Recon - Initial Access

* <https://github.com/dafthack/HostRecon/blob/master/HostRecon.ps1>
* <https://gist.github.com/egre55/db41cc2df355e8591eacff561facf34e>

## Who we are&#x20;

```
whoami /fqdn
whoami /upn
whoami
```

## What are our privileges and which group do we belong to

```
whoami /priv
whoami /groups
whoami /all
```

## Systeminfo

```
systeminfo
hostname
```

Hotfix and KB information

```
wmic qfe get Caption,Description,HotFixID,InstalledOn
```

## Antivirus Status

```
Get-MpComputerStatus
```

## Which users/localgroups are on the machine

```
net users
net localgroups
net localgroup Administrators
net user morph3
```

Crosscheck local and domain groups too

```
net user morph3 /domain
net users /domain
net group "Domain Admins" /domain
```

## Network information

```
ipconfig /all
route print
arp -A

# Network connections
netstat -ano
```

Network shares

```
net view
```

## Logged on users

```
Get-NetLoggedon -ComputerName client251
```

## File - Directory enumerations

Recursive string scan

```
findstr /spin "password" *.*
```

To list all the files recursively

```
dir /a-D /S /B
```

Search for writeable directories

```
dir /a-r-d /s /b
```

## Running processes

```
tasklist /SVC
```

## Service related things

To check permissions of us on service vulnsvc

```
accesschk.exe /accepteula -uwcqv morph3 vulnsvc
```