Powershell For Enumeration :Part 3

Hello people ¯\_()_/¯ This is the part 3 in our journey

Lets start the enumeration part of Poweshell.

P.S> Get-LocalUser

This command will grab all the users on the machine.

P.S> Get-LocalUser | Get-Member

Listing all the property we can try with Get-LocalUser cmdlet.

Lets see How many users have there password required value set to false.

P.S> Get-LocalUser | Where-object -Property PasswordRequired -Match false

Enumerate Existing Local Group

P.S> Get-LocalGroup | measure //measure is used for numeric counting

IP Address Info

P.S> Get-NetAddress

Information About Listening Internal Ports

P.S> Get-NetTCPConnection 

Sorry for this one I can’t show you internal ports.

P.S> Get-NetTCPConnection -State Listen | measure

Patches We have Applied

P.S> Get-Hotfix

Searching for all files containing API_Key

P.S> Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY

Sorry for the editing but there is some potential data which I can’t show to you.

All the Running Process

P.S> Get-Process

Cronjobs Or Scheduled tasks

P.S> Get-Scheduletask

Enumerating Access Control List(ACL)

ACL:- The acl specifies the permissions that users and user groups have to access the resources.

P.S> Get-Acl C:\

That all for this post . Time to time I will update this post as well for better enumeration.

Author: Harsh Dushyant Singh

I am a student, Bug Bounty Hunter, CTF player and a geek for sure. Who is currently sharpening the axe.