System Information

MITRE ATT&CK™ System Information Discovery - Technique T1082

Theory

This page provides useful commands for Windows system enumeration that can be used to query important OS related informations.

Practice

Windows Version

Following commands can be use to enumerate Windows OS version

#Displays the operating system version number.
ver

#Displays detailed configuration information about the computer
systeminfo

Hotfixes & Service Packs

Following commands can be use to enumerate Windows hotfixes and service Packs

#Display hotfixes and service packs
wmic qfe list

#Display detailed configuration information about the computer
systeminfo

Architecture

Following commands can be use to enumerate Windows OS architecture

#The existence of "Program Files (x86)" means machine is a 64bits
dir /a c:\

#Display OS architecture
wmic cpu get datawidth /format:list

#Displays detailed configuration information about the computer
systeminfo

.NET Versions

Following powershell commands allows to enumerate installed .NET Framework versions. It can be usefull to target specific version when dealing with malware development.

# Using registries and Get-ChildItem
Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse | Get-ItemProperty -Name Version -ErrorAction SilentlyContinue | Select-Object PSChildName, Version

#Using dotnet.exe For .NET Core and .NET (formerly .NET Core 5+):
dotnet --list-runtimes

Last updated 10 months ago

hashtagTheory

hashtagPractice

hashtagWindows Version

hashtagHotfixes & Service Packs

hashtagArchitecture

hashtag.NET Versions