LOLBIN Enumeration
| Prints the PC's Name |
| Prints out the OS version and revision level |
| Prints the patches and hotfixes applied to the host |
| Prints out network adapter state and configurations |
| Displays a list of environment variables for the current session (ran from CMD-prompt) |
| Displays the domain name to which the host belongs (ran from CMD-prompt) |
| Prints out the name of the Domain controller the host checks in with (ran from CMD-prompt) |
| Lists available modules loaded for use. |
| Will print the execution policy settings for each scope on a host. |
| This will change the policy for our current process using the |
| With this string, we can get the specified user's PowerShell history. This can be quite helpful as the command history may contain passwords or point us towards configuration files or scripts that contain passwords. |
| Return environment values such as key paths, users, computer information, etc. |
| This is a quick and easy way to download a file from the web using PowerShell and call it from memory. |
Networking Commands | Description |
| Lists all known hosts stored in the arp table. |
| Prints out adapter settings for the host. We can figure out the network segment from here. |
| Displays the routing table (IPv4 & IPv6) identifying known networks and layer three routes shared with the host. |
| Displays the status of the host's firewall. We can determine if it is active and filtering traffic. |
| Prints the patch level and description of the Hotfixes applied |
| Displays basic host information to include any attributes within the list |
| A listing of all processes on host |
| Displays information about the Domain and Domain Controllers |
| Displays information about all local accounts and any domain accounts that have logged into the device |
| Information about all local groups |
| Dumps information about any system accounts that are being used as service accounts. |
[[WMI - Windows Management Instrumentation]] [[Enumerate WMI events]] [[WMI service creation]]
Command | Description |
| Information about password requirements |
| Password and lockout policy |
| Information about domain groups |
| List users with domain admin privileges |
| List of PCs connected to the domain |
| List PC accounts of domains controllers |
| User that belongs to the group |
| List of domain groups |
| All available groups |
| List users that belong to the administrators group inside the domain (the group |
| Information about a group (admins) |
| Add user to administrators |
| Check current shares |
| Get information about a user within the domain |
| List all users of the domain |
| Information about the current user |
| Mount the share locally |
| Get a list of computers |
| Shares on the domains |
| List shares of a computer |
| List of PCs of the domain |
More here.
Last updated