The focus of this room was on built-in command-line tools in both Linux and MS Windows systems. Many commands exist in both systems, although the command arguments and resulting output are different. The following tables show the primary Linux and MS Windows commands that we relied on to get more information about the system.
| Linux Command | Description |
|---|---|
hostname | shows the systemโs hostname |
who | shows who is logged in |
whoami | shows the effective username |
w | shows who is logged in and what they are doing |
last | shows a listing of the last logged-in users |
ip address show | shows the network interfaces and addresses |
arp | shows the ARP cache |
netstat | prints network connections |
ps | shows a snapshot of the current processes |
| Windows Command | Description |
|---|---|
systeminfo | shows OS configuration information, including service pack levels |
whoami | shows the user name and group information along with the respective security identifiers |
netstat | shows protocol statistics and current TCP/IP network connections |
net user | shows the user accounts on the computer |
net localgroup | shows the local groups on the computer |
arp | shows the IP-to-Physical address translation tables |
This room focused on post-exploitation enumeration of a Linux or MS Windows machine. For enumeration related to Active Directory, we recommend that you join the Enumerating AD room.