Users

The command prompt and powershell of a Windows system can be used to list, manage and manipulate the users of a system. Here are some of the commands that can be used for enumeration and manipulation of a system,

Shell's Context

The username the shell is running as can be viewed using the following command,

whoami
whoami /groups #Groups that the user is part of
List Users and Groups

The users and groups within a domain can be listed by adding the domain to the end of the command "/<domain>"

net user
net groups
#Powershell
Get-LocalUser
Get-LocalGroup
Details about a User - password profile, groups, etc.
net user alice /<domain>
#Powershell
Get-LocalGroupMember <group name>
Get-LocalGroupMember Administrators
List of users and their attributes
List of Logged in Users

Powerview script from github to list logged in users.

Import-Module .\PowerView.ps1
Get-NetLoggedon -ComputerName p42176 #for locally logged in users
Get-NetSession -ComputerName p42 #for domain logged in users
Add new User
net user alice password123$ /add
Add User to Group
net localgroup administrators alice /add #There usually is a default administrator group
net localgroup "Remote Desktop Users" alice /add #This will allow an user to login through RDP

Last updated