OSCP Notes
Search…
Automated enumeration script

Windows-exploit-suggester.py

windowsEnum.bat by Azmatt

WindowsEnum.ps1 by Absolomb

JAWS - Just Another Windows (Enum) Script

windows-privesc-check by pentestmonkey

wmic_info.bat by FuzzySecurity

    use WMIC to extract the following information: processes, services, user accounts, user groups, network interfaces, Hard Drive information, Network Share information, installed Windows patches, programs that run at startup, list of installed software, information about the operating system and timezone.
1
for /f "delims=" %%A in ('dir /s /b %WINDIR%\system32*htable.xsl') do set "var=%%A"
2
3
wmic process get CSName,Description,ExecutablePath,ProcessId /format:"%var%" >> out.html
4
wmic service get Caption,Name,PathName,ServiceType,Started,StartMode,StartName /format:"%var%" >> out.html
5
wmic USERACCOUNT list full /format:"%var%" >> out.html
6
wmic group list full /format:"%var%" >> out.html
7
wmic nicconfig where IPEnabled='true' get Caption,DefaultIPGateway,Description,DHCPEnabled,DHCPServer,IPAddress,IPSubnet,MACAddress /format:"%var%" >> out.html
8
wmic volume get Label,DeviceID,DriveLetter,FileSystem,Capacity,FreeSpace /format:"%var%" >> out.html
9
wmic netuse list full /format:"%var%" >> out.html
10
wmic qfe get Caption,Description,HotFixID,InstalledOn /format:"%var%" >> out.html
11
wmic startup get Caption,Command,Location,User /format:"%var%" >> out.html
12
wmic PRODUCT get Description,InstallDate,InstallLocation,PackageCache,Vendor,Version /format:"%var%" >> out.html
13
wmic os get name,version,InstallDate,LastBootUpTime,LocalDateTime,Manufacturer,RegisteredUser,ServicePackMajorVersion,SystemDirectory /format:"%var%" >> out.html
14
wmic Timezone get DaylightName,Description,StandardName /format:"%var%" >> out.html
Copied!

PowerUp

    PowerUp is an extremely useful script for quickly checking for obvious paths to privilege escalation on Windows. It is not an exploit itself, but it can reveal vulnerabilities such as administrator password stored in registry and similar.
Last modified 1yr ago