CMD For Pentesters

CMD For Pentesters

- 2 mins
Tips CMD Ethical Hacking Pentesting Windows Active Directory CLI

Overview

This blog covers the principle commands in windows used in different stages of a penetration test like system enumeration, domain recon, post exploitation…

Basic Windows Commands

List all users

net users
wmic USERACCOUNT Get Name

Alt text

Alt text

Get user info

net user %username%

Alt text

Get the current user & privilege info

whoami /all
whoami /priv

Alt text

Alt text

Create user

net user /add [username] [password]

List all groups

net localgroup

Alt text

Add user to a group

net localgroup [groupname] [username] /add

List password requirements info

net accounts

Alt text

List content of a directory

dir /b /ad "C:\\Users"

Alt text

List stored credentials

cmdkey /list

Alt text

List all environment variables

set

Alt text

View current network shares

net share

Alt text

View info about interfaces

ipconfig /all

Alt text

arp -a

Alt text

List open ports

netstat -ano | findstr /i listening

Alt text

Get file permissions

icacls flag.txt

Alt text

List startup programs

 wmic startup list brief

Alt text

List running services

sc query type=service

Alt text


Summary

Every penetration tester should be fluent with the Windows command prompt since various commands could be used in different stages of a penetration test like domain recon and post exploitation. That’s why being fluent in CMD is a must for pentesters.


That was the end of the blog, thanks for reading, I hope you learnt something new.

Happy Hacking!

Related Posts

Hicham Ouardi

Hicham Ouardi

Cybersecurity Engineer | Offensive Security Intern