Check System Info

Verify permitions in Linux and Windows

Windows

Privileges

whoami /all
whoami /priv
whoami /groups

System info

systeminfo 
type <file> | findstr "text_to_search" 
netstat -a # See active connections (ports)
wmic qfe # Show us a list of installed and updated software       

Permitions

icacls 

Find files with powershell

Get-ChildItem -Path C:\ -Filter f.txt -Recurse -ErrorAction SilentlyContinue -Force

Registers

To list installed programs

cmd /c REG QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Execute command as any user

$p = ConvertTo-SecureString 'CONTRASEÑA' -AsPlainText -Force
$c = New-Object System.Management.Automation.PSCredential ('USUARIO',$p)
Start-Process -Credential $c -NoNewWindow -ArgumentList "-Command & { whoami }" -FilePath "powershell"

Internal hosts

Para descubrir dispositivos que esten en la misma interfaz nuestra, podemos usar PowerShell, creamos un archivo .ps1 con el siguiente contenido y ejecutamos:

$ips = 1..254 | ForEach-Object { "192.168.40.$_" }  # Generamos IPS

foreach ($ip in $ips) {
  $job = Start-Job -ScriptBlock { param($ip) ping -n 1 $ip | Out-Null } -ArgumentList $ip

  Start-Sleep -Seconds 1

  if ($job.State -eq "Running") {
    Stop-Job -Job $job
  } else {
    Write-Output "IP Activa: $ip"
  }

  Remove-Job -Job $job
}

Sysinternals Tools

The SysInternals Tools suite is a set of portable Windows applications that can be used to administer Windows systems (for the most part without requiring installation). The tools can be either downloaded from the Microsoft website or by loading them directly from an internet-accessible file share by typing \\live.sysinternals.com\tools into a Windows Explorer window.

\\live.sysinternals.com\tools\procdump.exe -accepteula

...

xfreerdp /v:IP /u:USER /p:PASSWORD

Get-WmiObject -Class win32_OperatingSystem 	Get information about the operating system
icacls <directory> 	View the permissions set on a directory
icacls c:\users /grant joe:f 	Grant a user full permissions to a directory
icacls c:\users /remove joe 	Remove a users' permissions on a directory
New-Alias -Name "Show-Files" Get-ChildItem 	Create a new PowerShell alias
Get-ExecutionPolicy -List 	View the PowerShell execution policy
Set-ExecutionPolicy Bypass -Scope Process 	Set the PowerShell execution policy to bypass for the current session
wmic os list brief 	Get information about the operating system with wmic
Get-MpComputerStatus 	Check which Defender protection settings are enabled
wmic useraccount get name,sid     Show Name and SID from system users with wmic

Linux

Privileges

sudo -l

System info

uname -a
hostname
lsof -i:4433

Internal hosts

#!/bin/bash

for last_octet in $(seq 1 254); do
        IP="172.18.100.$last_octet"
        timeout 1 ping -c 1 "$IP" >/dev/null && echo "IP Activa: $IP" &
done; wait

Internal ports

#!/bin/bash

IP="172.18.100.21"

for port in $(seq 1 65535); do
        (timeout 1 bash -c "</dev/tcp/$IP/$port") >/dev/null 2>&1 && echo "Puerto Abierto: $IP:$port" &
done; wait