Powershell For Enumeration :Part 3
3 min readFeb 13, 2021
--
Hello people ¯\_(ツ)_/¯ This is the part 3 in our journey
Lets start the enumeration part of Poweshell.
P.S> Get-LocalUser
This command will grab all the users on the machine.
P.S> Get-LocalUser | Get-Member
Listing all the property we can try with Get-LocalUser cmdlet.
Lets see How many users have there password required value set to false.
P.S> Get-LocalUser | Where-object -Property PasswordRequired -Match false
Enumerate Existing Local Group
P.S> Get-LocalGroup | measure //measure is used for numeric counting
IP Address Info
P.S> Get-NetAddress
Information About Listening Internal Ports
P.S> Get-NetTCPConnection
Sorry for this one I can’t show you internal ports.
P.S> Get-NetTCPConnection -State Listen | measure
Patches We have Applied
P.S> Get-Hotfix
Searching for all files containing API_Key
P.S> Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY
Sorry for the editing but there is some potential data which I can’t show to you.
All the Running Process
P.S> Get-Process
Cronjobs Or Scheduled tasks
P.S> Get-Scheduletask
Enumerating Access Control List(ACL)
ACL:- The acl specifies the permissions that users and user groups have to access the resources.
P.S> Get-Acl C:\
That all for this post . Time to time I will update this post as well for better enumeration.