Enumerar permisos de usuarios

whoami /all → Muestra TODOS los grupos y privilegios asociados al usuario actual (muy útil para detectar posibles escalaciones de privilegio).

Microsoft Windows [Version 10.0.14393]                                                       
(c) 2016 Microsoft Corporation. All rights reserved.                                         

l4mpje@BASTION C:\Users\L4mpje>whoami /all                                                   

USER INFORMATION                                                                             
----------------                                                                             

User Name      SID                                                                           
============== ==============================================                                
bastion\l4mpje S-1-5-21-2146344083-2443430429-1430880910-1002                                


GROUP INFORMATION                                                                            
-----------------                                                                            

Group Name                             Type             SID          Attributes              
                                                                                             
====================================== ================ ============ ========================
==========================                                                                   
Everyone                               Well-known group S-1-1-0      Mandatory group, Enabled
 by default, Enabled group                                                                   
BUILTIN\Users                          Alias            S-1-5-32-545 Mandatory group, Enabled
 by default, Enabled group                                                                   
NT AUTHORITY\NETWORK                   Well-known group S-1-5-2      Mandatory group, Enabled
 by default, Enabled group                                                                   
NT AUTHORITY\Authenticated Users       Well-known group S-1-5-11     Mandatory group, Enabled
 by default, Enabled group                                                                   
NT AUTHORITY\This Organization         Well-known group S-1-5-15     Mandatory group, Enabled
 by default, Enabled group                                                                   
NT AUTHORITY\Local account             Well-known group S-1-5-113    Mandatory group, Enabled
 by default, Enabled group                                                                   
NT AUTHORITY\NTLM Authentication       Well-known group S-1-5-64-10  Mandatory group, Enabled
 by default, Enabled group                                                                   
Mandatory Label\Medium Mandatory Level Label            S-1-16-8192                          
                                                                                             


PRIVILEGES INFORMATION                                                                       
----------------------                                                                       
                                                                                             
Privilege Name                Description                    State                           
============================= ============================== =======                         
SeChangeNotifyPrivilege       Bypass traverse checking       Enabled                         
SeIncreaseWorkingSetPrivilege Increase a process working set Enabled

net user → Lista todos los usuarios locales.

administrator@BASTION C:\Users\Administrator>net user                                        

User accounts for \\BASTION                                                                  

-------------------------------------------------------------------------------              
Administrator            DefaultAccount           Guest                                      
L4mpje                                                                                       
The command completed successfully.

net user nombre_usuario → Muestra detalles de un usuario en específico (si tiene habilitada la contraseña, cuándo caduca, etc.).

administrator@BASTION C:\Users\Administrator>net user L4mpje                                 
User name                    L4mpje                                                          
Full Name                    L4mpje                                                          
Comment                                                                                      
User's comment                                                                               
Country/region code          000 (System Default)                                            
Account active               Yes                                                             
Account expires              Never                                                           

Password last set            22-2-2019 14:42:58                                              
Password expires             Never                                                           
Password changeable          22-2-2019 14:42:58                                              
Password required            Yes                                                             
User may change password     No                                                              

Workstations allowed         All                                                             
Logon script                                                                                 
User profile                                                                                 
Home directory                                                                               
Last logon                   28-4-2025 05:31:47                                              

Logon hours allowed          All                                                             

Local Group Memberships      *Users                                                          
Global Group memberships     *None                                                           
The command completed successfully.

net localgroup → Lista los grupos locales (como Administrators, Remote Desktop Users, etc.).

administrator@BASTION C:\Users\Administrator>net localgroup                                  
                                                                                             
Aliases for \\BASTION                                                                        
                                                                                             
-------------------------------------------------------------------------------              
*Access Control Assistance Operators                                                         
*Administrators                                                                              
*Backup Operators                                                                            
*Certificate Service DCOM Access                                                             
*Cryptographic Operators                                                                     
*Distributed COM Users                                                                       
*Event Log Readers                                                                           
*Guests                                                                                      
*Hyper-V Administrators                                                                      
*IIS_IUSRS                                                                                   
*Network Configuration Operators                                                             
*Performance Log Users                                                                       
*Performance Monitor Users                                                                   
*Power Users                                                                                 
*Print Operators                                                                             
*RDS Endpoint Servers                                                                        
*RDS Management Servers                                                                      
*RDS Remote Access Servers                                                                   
*Remote Desktop Users                                                                        
*Remote Management Users                                                                     
*Replicator                                                                                  
*Storage Replica Administrators                                                              
*System Managed Accounts Group                                                               
*Users                                                                                       
The command completed successfully

net localgroup Administrators → Muestra quién pertenece al grupo de Administradores.

administrator@BASTION C:\Users\Administrator>net localgroup Administrators                   
Alias name     Administrators                                                                
Comment        Administrators have complete and unrestricted access to the computer/domain   
                                                                                             
Members                                                                                      
                                                                                             
-------------------------------------------------------------------------------              
Administrator                                                                                
The command completed successfully.

whoami /priv → muestra los permisos asociados al usuario actual

*Evil-WinRM* PS C:\temp> whoami /priv
                                                                                                                    
PRIVILEGES INFORMATION                                                                                              
----------------------                                                                                              
                                                                                                                    
Privilege Name                Description                          State                                            
============================= ==================================== =======                                          
SeShutdownPrivilege           Shut down the system                 Enabled                                          
SeChangeNotifyPrivilege       Bypass traverse checking             Enabled                                          
SeUndockPrivilege             Remove computer from docking station Enabled                                          
SeIncreaseWorkingSetPrivilege Increase a process working set       Enabled                                          
SeTimeZonePrivilege           Change the time zone                 Enabled

Last updated 6 months ago