Living Off The Land - Enumeration

Reading time ~2 minutes

The Point

As a Penetration Tester or Red Team Member and even a Defender, it’s essential that you understand how to use the various capabilities of a system that you’ve gained access to. You may be thinking, I’ll just find a way to get a meterpreter shell on the target. Well I hate to burst your bubble but often times you won’t have that option. If your goal is to remain as quiet as possible then your best bet it to use what’s already available. It may be that you have limited access to the windows command line or an instance of PowerShell. If you’re lucky it will be PowerShell, but once again that’s in a perfect world. Personally, I want to be able to move throughout a system or target environment without getting caught. Often times you won’t have the option to load your tool set on the compromised host.

Utilizing various Living Off The Land Techniques, we’re going to learn how to enumerate as much information as possible about the host we’ve landed on and the target environment. Enumeration is a key phase in every engagement. As a Pentester, Red Teamer, and Defender you should be able get the lay of the land.

What we want to find out	Commands
Who we’re logged in as?	Whoami
What permissions do we have?	Whoami /priv
Can we find out more information about the account?	Whoami /all or net user “username”
What Groups do we belong to?	Net user “username”
What other accounts exist?	Net users or Net users /domain
What users are in certain groups?	net group Administrators or net localgroup Administrators

C:\> whoami

whoami

C:\> Whoami /priv

whoami_priv

C:\> Whoami /all

C:\> net user username

whoami_all

C:\> net user username

C:\> net user username /domain

netusername

C:\> net users

C:\> net users /domain

net_users

C:\> net group Administrators /domain

C:\> net localgroup Administrators

net_localgroup