Last active
March 10, 2018 19:16
-
-
Save macostag/9daba072a7e8755f419b57aaa0469691 to your computer and use it in GitHub Desktop.
Windows powershell enumeration cmdlets
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Local enumeration | |
| #------------------------------ | |
| #Bios information | |
| Get-WmiObject -Class Win32_Bios | |
| #CPU info | |
| Get-WmiObject -Class Win32_Processor | |
| #Computer model info | |
| Get-WmiObject -Class Win32_ComputerSystem | |
| #General OS info | |
| Get-WmiObject -Class Win32_OperatingSystem | Select-Object Name,OSArchitecture,version,OSLanguage,InstallDate,LastBootUpTime,Description,CurrentTimeZone,LocalDateTime,countrycode| Format-List | |
| #User's logon sessions | |
| Get-WmiObject -Class Win32_LogonSession | |
| #Logical disk info | |
| Get-WmiObject -Class Win32_LogicalDisk | |
| #List Hotfix | |
| Get-WmiObject -Class Win32_QuickFixEngineering | |
| #Software installed | |
| #Windows installer | |
| Get-WmiObject -Class Win32_Product | Select-Object Name,Version,Vendor | |
| #Uninstall software | |
| ls HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | Foreach {$_.GetValue("Displayname")} | |
| #Processes that are running on the local computer | |
| Get-Process | Select-Object id,name,description,path | |
| #Services on a local computer | |
| Get-Service | Format-Table -AutoSize | |
| Get-WmiObject Win32_baseservice | Foreach {Write-Host $_.name $_.Displayname $_.state | |
| #Local users | |
| $con = [ADSI]"WinNT://PC" | |
| $con.Children | Where-Object {$_.schemaclassname -eq 'user'} | |
| #Local groups | |
| $con = [ADSI]"WinNT://PC" | |
| $con.Children | Where-Object {$_.schemaclassname -eq 'group'} | |
| #Domain enumeration | |
| #------------------------------ | |
| #Domain computers | |
| $con = [ADSI]"LDAP://DC=contoso,DC=lab" | |
| $s = New-Object System.DirectoryServices.DirectorySearcher($con) | |
| $s.Filter='(objectclass=computer)' | |
| $s.FindAll() | |
| Get-ADObject -LDAPFilter '(objectCategory=computer)' | |
| #Domain users | |
| $con = [ADSI]"LDAP://DC=contoso,DC=lab" | |
| $s = New-Object System.DirectoryServices.DirectorySearcher($con) | |
| $s.Filter='(&(objectclass=person)(objectclass=user))' | |
| $s.FindAll() | |
| Get-ADObject -LDAPFilter '(objectCategory=user)' | |
| #Domain groups | |
| $con = [ADSI]"LDAP://DC=contoso,DC=lab" | |
| $s = New-Object System.DirectoryServices.DirectorySearcher($con) | |
| $s.Filter='(objectclass=group)' | |
| $s.FindAll() | |
| Get-ADObject -LDAPFilter '(objectCategory=group)' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment