Baric's knowledge Base

Windows common commands enum

When attackers initially gain access to a machine, they are known to run the following commands in a short period of time :

```
tasklist
```
```
ver
```
```
ipconfig
```
```
systeminfo
```
```
net time
```
```
netstat
```
```
whoami
```
```
net start
```
```
qprocess
```
```
query
```

After doing this, attackers then perform Recon on the wider environment using these commands :

```
dir
```
```
net view
```
```
ping
```
```
net use
```
```
type
```
```
net user
```
```
net localgroup
```
```
net group
```
```
net config
```
```
net share
```

After they have gained a foothold in a network and want to spread, they commonly use these commands :

```
at
```
```
reg
```
```
wmic
```
```
wusa
```
```
netsh advfirewall
```
```
sc
```
```
rundll32
```

PreviousMonitor connected remote clients for activity and status NextCommands Group policy updating an checking status

Last updated 6 months ago