Windows
Domain | Comment |
net view | list computers on domain |
net view \\<target name> | list shares on host |
net view /domain | list domains |
net view /domain:<domain name> | list computers on a named domain |
net users <username> <password> /add | add user |
net localgroup Administrators <username> | add to administrators group |
nltest /dclist:<domain name> | Domain Controllers list |
User details:
Whoami
hostname
Echo %username%
Net users
Net user USERNAME
Get Windows User and Domain Information
set
whoami /all
Get-ADTrust
Information on current domain:
Domain information:
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
Domain Trusts:
([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()
Current forest info:
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
Trust relationship:
([System.DirectoryServices.ActiveDirectory.Forest]::GetForest((New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Forest', 'forest-of-interest.local')))).GetAllTrustRelationships()
Get current privileges:
whoami /priv
Show routes:
route print
Enumerate local administrators
net localgroup administrators
Check for missing patches:
wmic qfe get Caption,Description, HotFixID,InstalledOn
get DCs of a domain
net group "domain controllers" /domain
Launch a cmd prompt as another user:
runas /netonly /user:[Domain]\[username] cmd.exe
Get windows version:
ver
Systeminfo:
systeminfofindstr/B /C:"OS Name" /C:"OS Version
View password policy:
net accounts
On DC:
Get-ADDefaultDomainPasswordPolicy
List Drives:
gdr -PSProvider 'FileSystem'
Or
[System.IO.DriveInfo]::GetDrives() | Format-Table
Last updated