Recon

Net.exe User/Group Enumeration

net group "<GROUPNAME>" /domain         **Lists all members of a group on the domain
net localgroup administrators           **List admins on the local machine
net localgroup administrators /domain   **List administrators in the domain
net user <username> /domain             **List details about a domain user
net view \\COMPUTERNAME /all            **List all shares provided by a remote computer

DSQuery

dsquery * -filter "(objectclass=trusteddomain)" -attr * -limit 2
dsquery * -filter "(&(objectclass=user)(samaccountname=*da*))" -attr samaccountname -d <DOMAINAME>
        Object Classes
            -computer (Attrs: description, samaccountname, name, operatingsystem, dnshostname)
            -user (Attrs: description, samaccountname, name)
            -trusteddomain (Attrs: flatname, trustdirection)
            -group (Attrs: description, samaccountname, name, member)

WEVTUTIL

wevtutil qe security /rd:true /f:text /q:"*[System/EventID=4624] and [EventData/Data[@Name='TargetUserName']='QUERIED_USER_NAME']" /c:20     (TO QUERY EVENT LOGS)

Windows SA

ipconfig /all
tasklist /v
 -tasklist /v /s \\<REMOTEIP> (Remote usage)
net user USERNAME /domain
netstat -anop tcp
wdigest (if system)
logonpasswords (if system)
screenshot (cs plugin)
keylogger (cs plugin)
architecture (dir c:/)
tree.com /F /A <C:\FILEPATH>
net use ((as user) mapped shares)
net session (active sessions::best for file/exchange server)
Powershell.exe get-hotfix (get patches)

Linux SA

ip addr
ps -ef
netstat -pantu
uname -a (linux version)
w (who is logged in)
last (recently logged in users)
cat /etc/fstab (mounted shares / creds)
cat /etc/hosts (DNS entries)
history (or cat histfile)