🟢Living Off the Land
Basic Enumeration Commands
Command | Result |
| Prints the PC's Name |
| Prints out the OS version and revision level |
| Prints the patches and hotfixes applied to the host |
| Prints out network adapter state and configurations |
| Displays a list of environment variables for the current session (ran from CMD-prompt) |
| Displays the domain name to which the host belongs (ran from CMD-prompt) |
| Prints out the name of the Domain controller the host checks in with (ran from CMD-prompt) |
|
Firewall Checks
Windows Defender Check (from CMD.exe)
Am I Alone?
Network Information
Networking Commands | Description |
| Lists all known hosts stored in the arp table. |
| Prints out adapter settings for the host. We can figure out the network segment from here. |
| Displays the routing table (IPv4 & IPv6) identifying known networks and layer three routes shared with the host. |
| Displays the status of the host's firewall. We can determine if it is active and filtering traffic. |
Quick WMI checks
Command | Description |
| Prints the patch level and description of the Hotfixes applied |
| Displays basic host information to include any attributes within the list |
| A listing of all processes on host |
| Displays information about the Domain and Domain Controllers |
| Displays information about all local accounts and any domain accounts that have logged into the device |
| Information about all local groups |
| Dumps information about any system accounts that are being used as service accounts. |
This cheatsheet has some useful commands for querying host and domain info using wmic.
Table of Useful Net Commands
Command | Description |
| Information about password requirements |
| Password and lockout policy |
| Information about domain groups |
| List users with domain admin privileges |
| List of PCs connected to the domain |
| List PC accounts of domains controllers |
| User that belongs to the group |
| List of domain groups |
| All available groups |
| List users that belong to the administrators group inside the domain (the group |
| Information about a group (admins) |
| Add user to administrators |
| Check current shares |
| Get information about a user within the domain |
| List all users of the domain |
| Information about the current user |
| Mount the share locally |
| Get a list of computers |
| Shares on the domains |
| List shares of a computer |
| List of PCs of the domain |
Dsquery DLL
All we need is elevated privileges on a host or the ability to run an instance of Command Prompt or PowerShell from a SYSTEM
context. Below, we will show the basic search function with dsquery
and a few helpful search filters.
User Search
Computer Search
Wildcard Search
Searching for Domain Controllers
Last updated