G4G0-2/Penetration Testing/Week 11/Lecture 11 - Enumeration.md

Collection of detailed information about a target system, ex OS, infra
After compromising, attackers perform enumeration to learn more about host, ex. location on lan, functionality (hostname, interfaces, routes, services.).
Gathering info ex. usernames, machine names, share names, directory names, os details, network infra, printer names, webserver details, etc.
Key component of ethical hacking and pentesting.

# Enumerating Windows System

- ipconfig - list interfaces, gateways, if mac addresses, ip addresses
	- /all - list additional info about if
	- /displaydns - show dns cache
- arp -a - display arp cache
- netstat -ano - list all connections on a specified port
- route print - display routing table
- net start / net stop - start / stop running service
- netsh - firewall rules
- netsh firewall set opmode disable - turn off firewall
- tasklist - enumerate all services running on host

# Enumerating Linux System

- ifconfig - similar to ipconfig, more explanatory
- pwd - print working directory
- ls - list items in directory
- find - find items
- who/last - displays currently logged in users
- whoami - displays information about current user
- uname - display kernel info
- touch - create empty file
- cat /etc/passwd - enumerate local users
- cat /etc/host - show hosts file
- cat /etc/group - enumerate all local groups
- cat /etc/resolv.conf - locate name servers on local machine

# Enumerating with Meterpreter

- sysinfo - gets info such as OS and name
- route - view / modify routing table
- ps - list processes
- getuid - get current uid
- getpid - get current process id
- cd - change directory
- cat - read and stdout contents of file
- ls - list items in directory
- enumdesktops - list all accessible desktops
- screenshot - grab screenshot of meterpreter desktop
- idletime - checks how long target has been idle