Enumerar permisos de usuarios
whoami /all → Muestra TODOS los grupos y privilegios asociados al usuario actual (muy útil para detectar posibles escalaciones de privilegio).
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
l4mpje@BASTION C:\Users\L4mpje>whoami /all
USER INFORMATION
----------------
User Name SID
============== ==============================================
bastion\l4mpje S-1-5-21-2146344083-2443430429-1430880910-1002
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
====================================== ================ ============ ========================
==========================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled
by default, Enabled group
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled
by default, Enabled group
NT AUTHORITY\NETWORK Well-known group S-1-5-2 Mandatory group, Enabled
by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled
by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled
by default, Enabled group
NT AUTHORITY\Local account Well-known group S-1-5-113 Mandatory group, Enabled
by default, Enabled group
NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled
by default, Enabled group
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== =======
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Enabled net user → Lista todos los usuarios locales.
administrator@BASTION C:\Users\Administrator>net user
User accounts for \\BASTION
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
L4mpje
The command completed successfully. net user nombre_usuario → Muestra detalles de un usuario en especÃfico (si tiene habilitada la contraseña, cuándo caduca, etc.).
administrator@BASTION C:\Users\Administrator>net user L4mpje
User name L4mpje
Full Name L4mpje
Comment
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never
Password last set 22-2-2019 14:42:58
Password expires Never
Password changeable 22-2-2019 14:42:58
Password required Yes
User may change password No
Workstations allowed All
Logon script
User profile
Home directory
Last logon 28-4-2025 05:31:47
Logon hours allowed All
Local Group Memberships *Users
Global Group memberships *None
The command completed successfully. net localgroup → Lista los grupos locales (como Administrators, Remote Desktop Users, etc.).
administrator@BASTION C:\Users\Administrator>net localgroup
Aliases for \\BASTION
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Certificate Service DCOM Access
*Cryptographic Operators
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Print Operators
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Storage Replica Administrators
*System Managed Accounts Group
*Users
The command completed successfullynet localgroup Administrators → Muestra quién pertenece al grupo de Administradores.
administrator@BASTION C:\Users\Administrator>net localgroup Administrators
Alias name Administrators
Comment Administrators have complete and unrestricted access to the computer/domain
Members
-------------------------------------------------------------------------------
Administrator
The command completed successfully. whoami /priv → muestra los permisos asociados al usuario actual
*Evil-WinRM* PS C:\temp> whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ==================================== =======
SeShutdownPrivilege Shut down the system Enabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Enabled
SeTimeZonePrivilege Change the time zone Enabled Last updated