Baric's knowledge Base

⌘Ctrlk

Windows common commands enum

When attackers initially gain access to a machine, they are known to run the following commands in a short period of time :

```
tasklist
```
```
ver
```
```
ipconfig
```
```
systeminfo
```
```
net time
```
```
netstat
```
```
whoami
```
```
net start
```
```
qprocess
```
```
query
```

After doing this, attackers then perform Recon on the wider environment using these commands :

```
dir
```
```
net view
```
```
ping
```
```
net use
```
```
type
```
```
net user
```
```
net localgroup
```
```
net group
```
```
net config
```
```
net share
```

After they have gained a foothold in a network and want to spread, they commonly use these commands :

PreviousMonitor connected remote clients for activity and status NextCommands Group policy updating an checking status

Last updated 1 year ago