Skip to content
Pen Test Cheatsheet

Windows Victim

Installed Software

List (32-bit)

Terminal window
Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname,comments

List (64-bit)

Terminal window
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname,comments

Services and Tasks

List “Non-Microsoft” Scheduled Tasks

Terminal window
Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*"} | ft TaskName,TaskPath,State
Terminal window
schtasks /query /fo LIST /v

List Services

Terminal window
Get-Service | Where-Object {$_.StartType -eq 'Auto' -or $_.StartType -eq 'Manual'} | Select-Object Name, DisplayName,StartType, Status

File System

Search for files

Terminal window
Get-ChildItem -Path C:\Users -Include *.txt,*.ini -File -Recurse -ErrorAction SilentlyContinue

Write to file

Terminal window
Add-Content -Value 'First line`r`nSecond line' -Path C:\temp\file.txt

Write multiple lines to file

Terminal window
Add-Content -Value @'
First line
Second line
And another one!
'@ -Path C:\temp\file.txt