User Enumeration

1.Get Current Username

echo %USERNAME%
whoami

using powershell

$env:username

2. List User Privileges

whoami /priv
whoami /all

3. List user groups

whoami /groups

4. Copy whoami.exe from network share

Windows XP do not have whoami command, we can share it from a network drive

copy \\192.168.29.218\Public\whoami.exe whoami.exe

5. List All Users

Using net users

net users

Usin powershell

Get-LocalUser | ft Name,Enabled,Lastlogon

Directly from the Users directory

Get-ChildItem C:\Users -Force | select Name

6. Logon Requirements and Policies

display logon policies like password expiration, lockout duration, and complexity requirements- useful for brute-forcing stratgies

net accounts

7. Get Details about a User

net user Administrator
net user DevNull
net user '%USERNAME%'

8. Get Details about a group

net localgroup

Using powershell

Get-LocalGroup | ft name

9. Get Details about a group

net localgroup Administrator

Domain Admin

net group "Domain Admins"

using powershell

Get-LocalGroupName Administrators | ft Name, PrincipalSource
PreviousNet Services SuiteNextNetwork Enumeration

Last updated