arp -a- display the ARP cache (find other machines on the network!)cmdkey /list- show saved credentialsdriverquery- list installed drivershostname- return system hostname- net accounts - local machine policies
- net accounts /domain - domain policies
- net group - list domain groups
- net group “Domain Admins” /domain - list domain admins
- net localgroup - list all (local) groups
- net localgroup administrators - list local admins
- net share - list all shares (made available by the current machine)
- net start - list all running services (lots!)
- net user - list all (local) users
- [[net|net user
USERNAME` - netstat - query open/listening ports
query session- list other users who are currently logged in- reg - query (and manipulate) registry entries
- sc - query (and manipulate) services (conflicts with a PowerShell built-in!)
- schtasks - list scheduled tasks
- systeminfo - return system info
- whoami /groups - list current user’s groups
- whoami /priv - current user + privileges