Once you have escalated system privileges on a Windows host and some other times when you do some forensics, besides system information, running services, open ports, etc. some good information is what software is installed on the host to explore if the system could have other “doors open” to exploit or not.
With PowerShell you can get the entire list of the software installled, the information you get will depend on the parametrization of the command you use, on the following example we are collecting Display Name, Display Version, Publisher and Install Date of the software. But you can check the Object-Properties to check all available options.
To do that you can use the following command,
Note: You need to run as “Administrator” the application PowerShell.
PS C:\windows\system32> Get-ItemProperty HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
Also, if you don’t want to get the information on the window powershell, you can export that information to a plane text file. To do that you just need to add the following parameters at the end of the previous command,
Ex: | Format-Table -AutoSize > C:\securitytweak.txt
PS C:\windows\system32> Get-ItemProperty HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -AutoSize > C:\FILENAME.txt