Common Windows Commands for Pentesters

Every penetration tester should be fluent with the Windows command prompt since various commands could be used in different stages of a penetration test like domain recon and post exploitation.

Of course there are plenty of windows commands to use and the purpose of this post is not to cover all of them but only those that are needed during an exam certification, interview or a basic penetration test.

The following commands are considered the most common:

  • whoami – List the current user
  • net share – View current network shares
  • net use X: \\IP_Address\c$ – Mount a remote network share
  • net localgroup – Retrieve the local groups
  • net localgroup Administrators – Retrieve local administrators
  • net user pentestuser pentestpass /add – Add a new user to the current host
  • net localgroup Administrators pentestuser /add – Add pentestuser to the local administrators group
  • net user pentestuser /domain – View information about a domain user
  • net group “Domain Admins” /domain – Retrieve domain administrators
  • net config server/workstation – View the domain name of current host
  • net view – List all hosts in the current workgroup or domain
  • net view /domain – List all domains available
  • net user /domain – List all the domain users
Advertisements