Skip to content

Instantly share code, notes, and snippets.

@KyleHanslovan KyleHanslovan/DomainEnumeration.bat
Created Jun 25, 2016

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Post-exploitation host/domain survey using native Windows commands.
Raw
DomainEnumeration.bat
whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1
@mubix

This comment has been minimized.

Sign in to view
Copy link

mubix commented Jun 26, 2016

gpresult /z
@mubix

This comment has been minimized.

Sign in to view
Copy link

mubix commented Jun 26, 2016

  • net view
  • new view /domain
  • net user %USERNAME% /domain
  • nltest /dclist
@mubix

This comment has been minimized.

Sign in to view
Copy link

mubix commented Jun 26, 2016

set
@filipesam

This comment has been minimized.

Sign in to view
Copy link

filipesam commented Jun 26, 2016

ARP -a
@filipesam

This comment has been minimized.

Sign in to view
Copy link

filipesam commented Jun 26, 2016

Route print
@leesoh

This comment has been minimized.

Sign in to view
Copy link

leesoh commented Jul 6, 2016

net localgroup "Remote Desktop Users"
netstat -ano
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.