Red-Teaming/Enumeration at main · Saitle/Red-Teaming · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Linux
ls /etc/*-release
ls -lh /var/mail/
dpkg -i
sudo netstat -atupn
ps -ef | grep boorgir

Windows
systeminfo ---> my favourite, lol
wmic qfe get Caption, Description
wmic product get name,version,vendor
net <user> <localgroup> <administrators>
check files like
  C:\Unattend.xml
  C:\Windows\Panther\Unattend.xml
  C:\Windows\Panther\Unattend\Unattend.xml
  C:\Windows\system32\sysprep.inf
  C:\Windows\system32\sysprep\sysprep.xml
powershell history
type %userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

Saved passwords
cmdkey /list

IIS config
type C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config | findstr connectionString

Retrieve Credentials from Software: PuTTY
reg query HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\ /f "Proxy" /s

Network information:
netstat -anop | findstr LISTEN
net group "Domain Admins" /domain
Process List:
tasklist /v
System Host Information:
sysinfo
Get-WmiObject -class win32 operatingsystem | select -property * |
exportcsv c:\temp\os.txt
wmic qfe get Caption,Description,HotFixID,InstalledOn
Simple File Search:
dir /s *password*
findstr s n i p foo *
findstr /si pass *.txt | .xml | .ini
Information From Shares/Mounted Drives:
powershell -Command "get-WmiObject -class Win32_Share"
powershell -Command "get-PSDrive"
powershell -Command "Get-WmiObject -Class
Win32_MappedLogicalDisk | select Name, ProviderName”