CRTP Certified Red Team Professional
AuthorDiscordHTB Pro LabsHTB CPTSHTB CDSA
  • 👨‍🚒Certified Red Team Professional
  • LAB Access
  • 🔥Assume Breach Execution Cycle
  • 😆Prepare your VM
    • 😅PowerShell Detections
    • 🔥AMSI Bypass
    • 🙃Tools
    • CMD Commands
    • 🤣Escape the Machine
  • Data Visualization
    • BloodHound
    • AzureHound
    • RustHound
  • Domain Enumeration
    • 1️⃣Tools
    • 2️⃣Domain Enumeration
    • 3️⃣Users, Groups, Computers Enumeration
    • 4️⃣Shares Enumeration
    • 5️⃣GPO Enumeration
    • 6️⃣ACLs Enumeration
    • 7️⃣Domain Trusts
    • Domain Forests
    • 9️⃣Miscellaneous Enumeration
    • User Hunting
  • Local Privilege Escalation
    • Theory
    • Automation Tools
    • Techniques
  • Lateral Movement
    • Thinking
    • WinRS
    • PowerShell Remoting
    • Invoke-MimiKatz
    • CrackMapExec
  • Domain Persistence
    • 🔥Golden tickets
    • 🥈Silver Tickets
    • 💎Diamond Tickets
    • 🚒Skeleton Keys
    • DSRM
    • Custom SSP - Track logons
    • ACLs
      • 1️⃣AdminSDHolder
      • 2️⃣DCsync
      • 3️⃣WMI
      • 4️⃣Remote Powershell
      • 5️⃣Remote Registry
  • Domain Privilege Escalation
    • 🟢Kerberoast
    • 🟢AS-REPS Roasting
    • 🟢Set SPN
    • 🟢Unconstrained Delegation
    • 🟢Constrained Delegation
    • 🟢DNS Admins
    • Enterprise Admins
      • Child to parent - Trust tickets
      • Child to parent - krbtgt hash
    • 🟢Crossforest attacks
    • AD CS
    • 🟢Abuse MSSQL Servers
Powered by GitBook
On this page
  • Local Users & Groups
  • Local Services Running
  • Local Machine Information
  • Local Network Shares

Was this helpful?

  1. Prepare your VM

CMD Commands

Live of The Land!

PreviousToolsNextEscape the Machine

Last updated 1 year ago

Was this helpful?

Here I will compile some CMD commands to enumerate local and domain accounts.

Ok, we have a low-level user and we want to enumerate our machine and AD, first, we need to understand who we are inside the machine and what type of privileges we have.

Local Users & Groups

Who We Are?

C:\Users\student459>whoami

What groups we are associated with?

C:\Users\student459>net localgroup

Enumerate Local Users

C:\Users\student459> net user

Enumerate Local Administrator Account

C:\Users\student459>net user Administrator

Local Services Running

Enumerate Local Services Running as System

TASKLIST /FI "USERNAME eq NT AUTHORITY\SYSTEM"

Local Machine Information

C:\Users\student459>

Local Network Shares

C:\Users\student459> net view \\dcorp-std459 /all

😆
Page cover image