Built-in Applications
Enumeration
cmd
cmd.exe
The classic command prompt.
powershell
powershell.exe
The modern command line.
systeminfo
systeminfo.exe
Lists OS version, installed patches/hotfixes, network configuration, and hardware.
whoami
whoami.exe
Quickly identify the current user. Use whoami /all for detailed group membership.
ipconfig
ipconfig.exe
Displays network configuration. Use ipconfig /all to see detailed info.
netstat
netstat.exe
Shows active network connections and listening ports. Use netstat -ano to see the associated PID for each connection.
nltest
nltest.exe
Crucial for domain environments. Use nltest /domain_trusts to enumerate domain trusts.
wmic
wmic.exe
Command-line interface for WMI.
Privilege Escalation & Misconfiguration
taskschd.msc
Task Scheduler
GUI for viewing scheduled tasks.
services.msc
Services
GUI for viewing system services.
compmgmt.msc
Computer Management
Combines Local Users and Groups, Event Viewer, Services, Disk Management, and more.
secpol.msc
Local Security Policy
View and analyze security settings.
eventvwr.msc
Event Viewer
Look for sensitive information or errors in logs.
regedit
Registry Editor
Search for stored passwords, check for insecure settings like AlwaysInstallElevated, and establish persistence via Run/RunOnce keys.
lusrmgr.msc
Local Users and Groups
GUI for managing local users and groups.
Persistence & Lateral Movement
gpedit.msc
Group Policy Editor
Configure logon/logoff scripts, scheduled tasks, and other settings for persistence.
dsa.msc
AD Users and Computers
Enumerate and manage all users, groups, and computers in the domain.
gpmc.msc
Group Policy Management
Manage GPOs for the entire domain.
wf.msc
Windows Firewall
View and configure the Windows Firewall.
certmgr.msc
Certificate Manager
View certificates stored in the machine.
Bypasses & Execution
rundll32.exe
rundll32.exe
A classic application whitelisting bypass.
mshta.exe
mshta.exe
Executes HTML Applications (HTAs).
control
control.exe
Opens the Control Panel.
Last updated