# Enumeration

## <mark style="color:yellow;">ABOUT</mark>

In any situation, whether daily life or a network penetration test, <mark style="color:orange;">**understanding our surroundings is crucial**</mark>. This awareness allows us to make informed, proactive decisions. We may discover accessible hosts, protections to bypass, or tools incompatible with the target system.&#x20;

This is basically enumeration section, but most of it is about <mark style="color:yellow;">**Living Off The Land**</mark> enumeration, which is more stealthy and uses built-in tools. If there are command which requires not built in tool, I'll write about it. If you are inside domain environment, look for <mark style="color:yellow;">**LOL**</mark> subsections in **Enum** Section [**\[LINK\]**](https://venator17.gitbook.io/bibliotheque/active-directory/reconnaissance/enumeration)

## <mark style="color:yellow;">Data Sources</mark>

* **Installed applications**
* **Installed services**
  * Websites
  * File Shares
  * Databases
  * Directory Services (such as Active Directory, Azure AD, etc.)
  * Name Servers
  * Deployment Services
  * Certificate Authority
  * Source Code Management Server
  * Virtualization
  * Messaging
  * Monitoring and Logging Systems
  * Backups
* **Sensitive Data**
  * Keylogging
  * Screen Capture
  * Network Traffic Capture
  * Previous Audit reports
* **User Information**
  * History files, interesting documents (.doc/x,.xls/x,password./pass., etc)
  * Roles and Privileges
  * Web Browsers
  * IM Clients&#x20;

## <mark style="color:yellow;">NAMED PIPES</mark>

#### **Listing Named Pipes**

```powershell
C:\> pipelist.exe /accepteula
```

```powershell
PS C:\> gci \\.\pipe\
```

#### **Reviewing LSASS Named Pipe Permissions**

```powershell
C:\> accesschk.exe /accepteula \\.\Pipe\lsass -v
```

## <mark style="color:yellow;">SCHEDULED TASKS</mark>

```powershell
C:\> schtasks /query /fo LIST /v
```

```powershell
PS C:\> Get-ScheduledTask | select TaskName,State
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://venator17.gitbook.io/bibliotheque/windows/post-exploitation/enumeration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.