Manual

whoami # username/hostname
whoami /groups # check user is in which group

net user
net user <username>
Get-LocalUser # Powershell

net localgroup
net localgroup <groupname>
Get-localgroup # Powershell

systeminfo
netstat -ano

# Installed Apps # Powershell
Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname

Get-Process # Powershell - running process
Get-Process | Select ProcessName,Path # With Path

# Powershell
Get-ChildItem -Path C:\ -Include *.kdbx -File -Recurse -ErrorAction SilentlyContinue

# Powershell
Get-ChildItem -Path C:\Users\dave\ -Include *.txt,*.pdf,*.xls,*.xlsx,*.doc,*.docx -File -Recurse -ErrorAction SilentlyContinue
Get-ChildItem -Path C:\xampp -Include *.txt,*.ini -File -Recurse -ErrorAction SilentlyContinue

# Default xampp passwords
type C:\xampp\passwords.txt
type C:\xampp\mysql\bin\my.ini

# Change username
Get-ChildItem -Path C:\Users\dave\ -Include *.txt,*.pdf,*.xls,*.xlsx,*.doc,*.docx -File -Recurse -ErrorAction SilentlyContinue

Get-History # Powershell History
(Get-PSReadlineOption).HistorySavePath # Powershell History
PreviousKernel exploit NextQuick Wins
Last updated 1 year ago