Useful Windows Commands

So after we’ve gained our first shell we’ll need to execute a series of commands on the compromised system in order to gain further control and solidify our footprint.  The following are some of the more common Windows commands in no particular order.  I’ll keep updating this list as needed 🙂

CREATE NEW ACCOUNT 

net user /add username password

or alternatively if you do not want to enter the password in plain text, run the following:

net user /add username *

and then enter the password in twice when prompted at the command line

SEE CURRENT USER

whoami

SEE CURRENT USER’S PERMISSIONS 

whoami /PRIV

SEE LOCAL ADMIN GROUP MEMBERS 

net localgroup administrators

SEE LOCAL USERS GROUP MEMBERS

net localgroup users

REMOTE SHUTDOWN OR RESTART 

shutdown -r -m \\computername

CONFIGURING UAC

Disable UAC:

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Enable UAC:

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

SEEING INSTALLED APPLICATIONS

wmic product Name — (this will enumerate all installed software on the system)

To narrow these results or check for specific applications try playing with the following:

wmic product where “Name like %Malwarebytes%” get Name, Version

wmic product where “Name=’Malwarebytes’” get Name, Version

TO UNINSTALL APPLICATIONS SILENTLY

wmic product where “Name=’Malwarebytes’” call uninstall /nointeractive