System Enumeration
To find information about system os version & hostname
One liner to find os version and architecture
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type"
To find latest patch information
To list drives
To get better output for logical disk
wmic logicaldisk get caption,description,providername
User Enumeration
To find out which user you are
To find out what kind of priv's your user has
To find out which group your user belong's
To find out User's on your computer
To find out information about a specific user on the computer
To find out diiferent group's
To find information about a specific group
Network Enumeration
To find the ip address of the machine , subnets etc.......
To find arp table
To find out which port's are open and connected tcp , udp
Password Hunting
Checking windows defender
Checking other running services to look for some other antivirus
To Checking firewall
or
To Get more detailed overview of firewall to check different port's
Automatic Enumeration
Some best tool
Winpeas https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS/winPEASexe
Windows exploit suggester https://github.com/AonCyberLabs/Windows-Exploit-Suggester
Metasploit post/multi/recon/local_exploit_suggester
Wsl stand's for window's sub system for linux mean's you can run linux on windows system .
#update this
look for bash.exe
Impersonete Tokens
In this attack we can impersonete someone's token if we have any of these token SeAssignPrimaryToken
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md#eop---impersonation-privileges
In meterpreter u can try
U can also use local_exploit_suggester to find exploit's
Also try exploit/windows/local/ms16_075_reflection
exploit/windows/local/ms16_075_reflection_juicy
It's a feature in a feature in windows which let's you run a program as administrator . U can abuse this feature to get root .