1. Check the current shell permissions
whoami /user
SID: A typical SID: S-1-5-21-1683771068-12213551888-624655398-1001. The pattern it follows is: S-R-IA-SA-SA-RID.
The following is a specific explanation:
The letter S indicates that this is an SID identifier, which marks the number as an SID.
R stands for Revision, and all SIDs generated by Windows use revision level 1.
IA stands for issuing authority. In Widnwos, almost all SIDs designate the NT organization as the issuing authority, and its ID number is 5. However, the SID representing known groups and accounts is an exception.
SA represents a sub-organization. SA designates special groups or functions. For example, 21 indicates that the SID is issued by a domain controller or a single machine. The following long series of numbers (1683771068-12213551888-624655398) is the SA of the domain or machine that issued the SID.
RID: The RID assigned to users, computers, and groups starts at 1000. 500-999 RIDs are reserved specifically to represent accounts and groups that are common in every Windows computer and domain. They are called "known RIDs". Some known RIDs are attached to a domain SID to form a unique Identifier. Others are attached to BuiltinSID (S-1-5-32), pointing out that they are builtin accounts that may have privileges. The privileges are either hard-coded into the operating system or assigned in a secure database.
2. View system information
systeminfo
3. Network connection status information
netstat -ano
4. View machine name
hostname
5. View current operating system version information
wmic os get caption, csdversion, osarchitecture, version
6. View antivirus software
wmic /node:localhost / namespace:\root\securitycenter2 path antivirusproduct get displayname /format:list
7. View installed application and version information
wmic product get name, version
8. View current online user
quser
9. View network configuration
ipconfig /all
10. View process information
tasklist /v
11. View the current login domain
net coonfig workstation
12. Remote desktop connection history
cmdkey /l
13. View the list of user accounts on the machine
net user
14. View the information of specific users on the machine
net user aiyou
net user /domain Display the list of users in the domain
net user domain user /domain Get the detailed information of a domain user
net user /domain aiyou 123321 To modify the domain user password, domain administrator authority is required.
15. View the local administrators
net localgroup administrators
16. Other commands
net localgroup administrators /domain Log in to the domain administrators of this machine
net localgroup administrators workgroup\aiyou /add add domain users to this machine
net view View the list of machines in the same domain
net view \ip View an ip shared
net view \aiyou View the list of shared resources of aiyou computer
net view /domain View how many domains exist in the intranet
net view /domain:xyz View the list of machines in the xyz domain
net accounts /domain Query domain user password expiration and other information