User & Group Enumeration

Check privileges of current user. Good for token impersonation

C:\Users>whoami
whoami
pwnme0\bstarch

C:\Users>whoami /priv
whoami /priv

PRIVILEGES INFORMATION
----------------------

Privilege Name Description State
========================================= ================================================================== ========
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeMachineAccountPrivilege Add workstations to domain Disabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Disabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled
SeCreatePagefilePrivilege Create a pagefile Disabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled
SeUndockPrivilege Remove computer from docking station Disabled
SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
SeDelegateSessionUserImpersonatePrivilege Obtain an impersonation token for another user in the same session Disabled

Check what groups  the current user is a member of

C:\Users>whoami /groups
whoami /groups

GROUP INFORMATION
-----------------

Group Name Type SID Attributes
============================================= ================ ============================================= ===============================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Pre-Windows 2000 Compatible Access Alias S-1-5-32-554 Mandatory group, Enabled by default, Enabled group
BUILTIN\Certificate Service DCOM Access Alias S-1-5-32-574 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
PWNME0\Group Policy Creator Owners Group S-1-5-21-1005202765-2145341796-1970445350-520 Mandatory group, Enabled by default, Enabled group
PWNME0\Domain Admins Group S-1-5-21-1005202765-2145341796-1970445350-512 Mandatory group, Enabled by default, Enabled group
PWNME0\Schema Admins Group S-1-5-21-1005202765-2145341796-1970445350-518 Mandatory group, Enabled by default, Enabled group
PWNME0\Enterprise Admins Group S-1-5-21-1005202765-2145341796-1970445350-519 Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1 Mandatory group, Enabled by default, Enabled group
PWNME0\Denied RODC Password Replication Group Alias S-1-5-21-1005202765-2145341796-1970445350-572 Mandatory group, Enabled by default, Enabled group, Local Group
Mandatory Label\High Mandatory Level Label S-1-16-12288

Check what users exist on the the system

C:\Users>net user
net user

User accounts for \\SERVER2019

-------------------------------------------------------------------------------
Administrator Alex backup
bstarch ecartman Guest
kbroff krbtgt smarsh
SQLService Sweps
The command completed successfully.

Check individual user information

C:\Users>net user smarsh
net user smarsh
User name smarsh
Full Name Stan Marsh
Comment
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never

Password last set 2/6/2021 7:45:18 AM
Password expires Never
Password changeable 2/7/2021 7:45:18 AM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 10/13/2021 1:32:45 PM

Logon hours allowed All

Local Group Memberships
Global Group memberships *Domain Users
The command completed successfully.

Check group memberships

C:\Users>net localgroup administrators
net localgroup administrators
Alias name administrators
Comment Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------
Administrator
Alex
bstarch
Domain Admins
ecartman
Enterprise Admins
Sweps
The command completed successfully.