Host Enumeration

System Info

systeminfo outputs lots of information, but it might be monitored, so it is good to know alternative ways of obtainining the required information.

# general info
systeminfo
# hostname
hostname
# operating system version
ver

# network information
ipconfig
# irp cache for checking recent interactions
arp /a

Current User

# all user info
whoami /all
# domain/NetsBIOS name and username
whoami
# privileges
whoami /priv
# groups
whoami /groups

Other Users

# list all host users
net user
# list local groups
net localgroup
# list domain groups (only works on a DC)
net group

Resources

# list resources
net share
net view