The Net utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. [1]
Net has a great deal of functionality, [2] much of which is useful for an adversary, such as gathering system and network information for Discovery, moving laterally through SMB/Windows Admin Shares using net use
commands, and interacting with services. The net1.exe utility is executed for certain functionality when net.exe is run and can be used directly in commands such as net1 user
.
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1087 | .001 | Account Discovery: Local Account |
Commands under |
.002 | Account Discovery: Domain Account |
Net commands used with the |
||
Enterprise | T1136 | .001 | Create Account: Local Account |
The |
.002 | Create Account: Domain Account |
The |
||
Enterprise | T1070 | .005 | Indicator Removal: Network Share Connection Removal |
The |
Enterprise | T1135 | Network Share Discovery |
The |
|
Enterprise | T1201 | Password Policy Discovery |
The |
|
Enterprise | T1069 | .001 | Permission Groups Discovery: Local Groups |
Commands such as |
.002 | Permission Groups Discovery: Domain Groups |
Commands such as |
||
Enterprise | T1021 | .002 | Remote Services: SMB/Windows Admin Shares |
Lateral movement can be done with Net through |
Enterprise | T1018 | Remote System Discovery |
Commands such as |
|
Enterprise | T1049 | System Network Connections Discovery |
Commands such as |
|
Enterprise | T1007 | System Service Discovery |
The |
|
Enterprise | T1569 | .002 | System Services: Service Execution |
The |
Enterprise | T1124 | System Time Discovery |
The |