User Enumeration

1. User Information Commands

Commands:

echo %USERNAME%
whoami

Or, using PowerShell:

$env:USERNAME

Description: Displays the username of the currently logged-in user.

Output: The current username is shown.

Commands:

net user

Or, for a more detailed view in PowerShell:

Get-LocalUser | Format-Table Name, Enabled, LastLogon

Or, to list user profiles:

Get-ChildItem C:\Users -Force | Select-Object Name

Description: Lists all local user accounts, showing their status and last logon time.

Output: A list of all users on the system.

Commands:

To display privileges:

whoami /priv

To view group memberships:

whoami /groups

For comprehensive user details:

whoami /all

Description: These commands provide detailed information about user privileges and group memberships.

Output: Displays user privileges, group memberships, and other detailed information.

Commands:

net localgroup

Or, using PowerShell:

Get-LocalGroup | Format-Table Name

Description: Lists all local groups on the system.

Output: Displays a list of local groups.

Commands:

To view members of a specific group (e.g., Administrators):

net localgroup administrators

For detailed member information using PowerShell:

Get-LocalGroupMember Administrators | Format-Table Name, PrincipalSource

Description: Provides details about the members of a specified local group.

Output: Lists the group members, including their source (local or domain).

Commands:

To list domain controllers:

nltest /DCLIST:DomainName

To get the current domain controller:

nltest /DCNAME:DomainName

To query for a domain controller based on specific criteria:

nltest /DSGETDC:DomainName

Description: Queries the domain for information about domain controllers.

Output: Displays domain controllers' names and details, useful for network configuration and security assessments.

Last updated 11 months ago