Whoami?

One of the first tasks of the attacker after penetrating a system is to figure out what account status is associated with the presence established and what permissions and privileges are available. In some cases, the attacker may be very familiar with the exploit technology being used and may know ahead of time exactly what privilege level can be expected when access to the victim system is achieved. But in other case, this may not be clear and it can be important to determine. This usually requires techniques that are specific to the operating system on the system.

On Unix and Linux systems, the whoami command is built in and will show the current working username. This command is being replaced by the “id” command.

In windows, using “Control Panel” and then “User Accounts” should show you account and group information. There are other ways to retrieve this information depending on what is available.

Entering “set username” from a command prompt will display the current working username.

Right click the “Start” button – if you see “Open All Users” and “Explore All Users” you probably have administrative privileges

There is also a whoami command for windows, but it is not included with the OS.

Leave a Reply

You must be logged in to post a comment.