Powershell For Enumeration :Part 3

Hello people ¯\_(ツ)_/¯ This is the part 3 in our journey

Lets start the enumeration part of Poweshell.

P.S> Get-LocalUser

This command will grab all the users on the machine.

Getting all the users

P.S> Get-LocalUser | Get-Member

Listing all the property we can try with Get-LocalUser cmdlet.

Lets see How many users have there password required value set to false.

P.S> Get-LocalUser | Where-object -Property PasswordRequired -Match false

password required

Enumerate Existing Local Group

P.S> Get-LocalGroup | measure //measure is used for numeric counting

measure

IP Address Info

P.S> Get-NetAddress

Ip addresses

Information About Listening Internal Ports

P.S> Get-NetTCPConnection 

Sorry for this one I can’t show you internal ports.

Photo by Minh Pham on Unsplash

P.S> Get-NetTCPConnection -State Listen | measure

Patches We have Applied

P.S> Get-Hotfix

recent patches

Searching for all files containing API_Key

P.S> Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY

API_key

Sorry for the editing but there is some potential data which I can’t show to you.

All the Running Process

P.S> Get-Process

Running Process

Cronjobs Or Scheduled tasks

P.S> Get-Scheduletask

schedule task

Enumerating Access Control List(ACL)

ACL:- The acl specifies the permissions that users and user groups have to access the resources.

P.S> Get-Acl C:\

owner

That all for this post . Time to time I will update this post as well for better enumeration.

Author: Harsh Dushyant Singh