arp -a— display the ARP cache (find other machines on the network!)cmdkey /list— show saved credentialsdriverquery— list installed drivershostname— return system hostname- net accounts — local machine policies
- net accounts /domain — domain policies
- net group — list domain groups
- net group “Domain Admins” /domain — list domain admins
- net localgroup — list all (local) groups
- net localgroup administrators — list local admins
- net share — list all shares (made available by the current machine)
- net start — list all running services (lots!)
- net user — list all (local) users
- net user $USERNAME — get details for user
$USERNAME - netstat — query open/listening ports
query session— list other users who are currently logged in- reg — query (and manipulate) registry entries
- sc — query (and manipulate) services (conflicts with a PowerShell built-in!)
- schtasks — list scheduled tasks
- systeminfo — return system info
- whoami /groups — list current user’s groups
- whoami /priv — current user + privileges