-1
There are various suggestions on how to determine the current username on a windows command shell without using whoami, such as this question or this question. The generic answer seems to be echo %username%. However, when I do this (on Windows XP), the shell answers with %username%. Am I missing something?
countermode
Posted 2015-05-25T22:19:32.640
Reputation: 851
1
If you're doing this as part of a pentesting lab, you can use Kali's inbuilt whoami.exe located at
/usr/share/windows-binaries/whoami.exe
Just copy it over and run on the Win XP machine.
Ivan
Posted 2015-05-25T22:19:32.640
Reputation: 11
1
maybe you are missing the USERNAME environment variable for some reason. Run the set command and it will list the environment variables and their values. My XP has USERNAME and I didn't add it, so XP has it.. it's strange yours doesn't. But run set and see what you have
A bunch of environment variables have the user
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
Added
In an example similar to the one you are in.. Here I have logged into the machine remotely, it runs bvsshserver (bitvise ssh server aka winsshd) (which when logged into even from cygwin client, will give a windows command line) though openssh server via cygwin gives bash.. You can use the openssh client in cygwin to log into bitvise sshd and get a windows command line
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WINSSH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WINSSH~1\LOCALS~1\Temp
USERNAME=WinSSHD_VirtualUsers
USERPROFILE=C:\Documents and Settings\WinSSHD_VirtualUsers
VIRTGROUP=Virtual Users
VIRTUSER=user
windir=C:\WINDOWS
C:\>whoami
WinSSHD_VirtualUsers
C:\>
In this case "VIRTUSER" has the username, though different to the one shown by whoami.
What SSH server(or remote logging in program server) does your XP machine run?
barlop
Posted 2015-05-25T22:19:32.640
Reputation: 18 677
Well, this popped up in a pentesting lab. I got a shell on this XP machine and I wondered who I am (i.e. whose privileges I have). set is a nice suggestion, although it didn't tell a lot in the particular situation. – countermode – 2015-05-25T22:53:52.700
@countermode what is the server? I guess it can depend on that – barlop – 2015-05-25T23:00:35.853
It's a Win XP, apparently no service packs installed. username is not set and whoami is not installed. – countermode – 2015-05-25T23:08:38.690
@countermode it can't be the no service packs.. 'cos are you're telling me he has no %TEMP% either? i'd be surprised if win xp pre sp1 was so limited! how many users are there! maybe look in c:\documents and settings see how many folders ther are. If the machine has so many things removed maybe it only has one user profile there! (that said.. no doubt i have no winsshd virtual user listed in my documents and settings). – barlop – 2015-05-25T23:10:47.600
As I said, it's a pentesting lab with deliberately broken machines. Wait... %TEMP% is set. – countermode – 2015-05-25T23:17:27.983
well, i'm not that familiar with such a beast. i'm curious what pen testing course has that kind of machine? – barlop – 2015-05-25T23:21:45.827
1
You're not missing anything. Perhaps you're running it in powershell? If you're not getting the correct value returned from cmd, that's something you'll have to investigate further.
When in a Windows command prompt (cmd not PowerShell), enter:
echo %username%
When in PowerShell, enter:
# Returns computername/username
whoami
# Returns username
echo $env:username
# Returns table containing computer/usernem
Get-WMIObject -class Win32_ComputerSystem | select username
Alex Atkinson
Posted 2015-05-25T22:19:32.640
Reputation: 2 845
It works in Windows7. – cliff2310 – 2015-05-25T22:41:26.080
1@cliff2310 you say it works on 7 but can you not see he tagged this XP and is asking about XP (That said, it should work on XP too) – barlop – 2015-05-25T22:44:11.570
1It works fine on my XP system. Your observation will happen only if
usernameis either not set, or set to the literal string%username%. To find out which, typeset username. Both are unlikely, but my best guess is that you have run a batch file which usesusernameas a work variable and clears it on exit, so search your batch files for the stringusername(case insensitive search). – AFH – 2015-05-25T23:00:37.390"As I said, it's a pentesting lab with deliberately broken machines." -- voting to close as off topic – DavidPostill – 2015-05-25T23:43:21.937
"deliberately broken" is to be understood in the sense of badly maintained, not in the sense of artificially misconfigured machines that would never be seen in the wild. – countermode – 2015-05-26T00:34:56.850