Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Post-exploitation host/domain survey using native Windows commands.
whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1
@mubix

This comment has been minimized.

Copy link

commented Jun 26, 2016

gpresult /z

@mubix

This comment has been minimized.

Copy link

commented Jun 26, 2016

  • net view
  • new view /domain
  • net user %USERNAME% /domain
  • nltest /dclist
@mubix

This comment has been minimized.

Copy link

commented Jun 26, 2016

set

@filipesam

This comment has been minimized.

Copy link

commented Jun 26, 2016

ARP -a

@filipesam

This comment has been minimized.

Copy link

commented Jun 26, 2016

Route print

@leesoh

This comment has been minimized.

Copy link

commented Jul 6, 2016

net localgroup "Remote Desktop Users"
netstat -ano

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.