What is whoami and why does it matter for security?
whoami returns the domain and username of the current process. It seems simple, but in administration and pentesting it is essential to confirm the execution context before launching privileged commands.
CMD — Current user
whoamiFull qualified domain name
whoami /fqdnAudit token privileges with whoami /priv
The /priv parameter shows all privileges of the security token: which are enabled, disabled or removed. Essential for detecting processes with excessive privileges.
View all token privileges
whoami /privView security groups
whoami /groupsFull info: user + groups + privileges
whoami /allKey privileges to watch
| Privilege | Risk | Description |
|---|---|---|
SeDebugPrivilege | High | Allows debugging any process, including LSASS |
SeImpersonatePrivilege | High | Can be used for privilege escalation |
SeBackupPrivilege | Medium | Allows reading any file bypassing ACLs |
SeShutdownPrivilege | Low | Can shut down the system |
Cerewro Tip: Ask "What user and privileges is Cerewro running with?" and the AI runs
whoami /all, analyzes the privileges and warns you if any high-risk privilege is enabled.