-1

There are various suggestions on how to determine the current username on a windows command shell without using whoami, such as this question or this question. The generic answer seems to be echo %username%. However, when I do this (on Windows XP), the shell answers with %username%. Am I missing something?

Community
  • 1
countermode
  • 921
  • 4
  • 13
  • 22
  • It works in Windows7. – cliff2310 May 25 '15 at 22:41
  • 1
    @cliff2310 you say it works on 7 but can you not see he tagged this XP and is asking about XP (That said, it should work on XP too) – barlop May 25 '15 at 22:44
  • 1
    It works fine on my XP system. Your observation will happen only if `username` is either not set, or set to the literal string `%username%`. To find out which, type `set username`. Both are unlikely, but my best guess is that you have run a batch file which uses `username` as a work variable and clears it on exit, so search your batch files for the string `username` (case insensitive search). – AFH May 25 '15 at 23:00
  • "As I said, it's a pentesting lab with **deliberately broken machines**." -- voting to close as off topic – DavidPostill May 25 '15 at 23:43
  • "deliberately broken" is to be understood in the sense of badly maintained, not in the sense of artificially misconfigured machines that would never be seen in the wild. – countermode May 26 '15 at 00:34

3 Answers3

2

If you're doing this as part of a pentesting lab, you can use Kali's inbuilt whoami.exe located at

/usr/share/windows-binaries/whoami.exe

Just copy it over and run on the Win XP machine.

Ivan
  • 21
  • 3
1

maybe you are missing the USERNAME environment variable for some reason. Run the set command and it will list the environment variables and their values. My XP has USERNAME and I didn't add it, so XP has it.. it's strange yours doesn't. But run set and see what you have

A bunch of environment variables have the user 

TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERNAME=user
USERPROFILE=C:\Documents and Settings\user

Added

In an example similar to the one you are in.. Here I have logged into the machine remotely, it runs bvsshserver (bitvise ssh server aka winsshd) (which when logged into even from cygwin client, will give a windows command line) though openssh server via cygwin gives bash.. You can use the openssh client in cygwin to log into bitvise sshd and get a windows command line 

SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WINSSH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WINSSH~1\LOCALS~1\Temp
USERNAME=WinSSHD_VirtualUsers
USERPROFILE=C:\Documents and Settings\WinSSHD_VirtualUsers
VIRTGROUP=Virtual Users
VIRTUSER=user
windir=C:\WINDOWS


C:\>whoami
WinSSHD_VirtualUsers

C:\>

In this case "VIRTUSER" has the username, though different to the one shown by whoami.

What SSH server(or remote logging in program server) does your XP machine run?

barlop
  • 23,380
  • 43
  • 145
  • 225
  • Well, this popped up in a pentesting lab. I got a shell on this XP machine and I wondered who I am (i.e. whose privileges I have). `set` is a nice suggestion, although it didn't tell a lot in the particular situation. – countermode May 25 '15 at 22:53
  • @countermode what is the server? I guess it can depend on that – barlop May 25 '15 at 23:00
  • It's a Win XP, apparently no service packs installed. `username` is not set and `whoami` is not installed. – countermode May 25 '15 at 23:08
  • @countermode it can't be the no service packs.. 'cos are you're telling me he has no `%TEMP%` either? i'd be surprised if win xp pre sp1 was so limited! how many users are there! maybe look in c:\documents and settings see how many folders ther are. If the machine has so many things removed maybe it only has one user profile there! (that said.. no doubt i have no winsshd virtual user listed in my documents and settings). – barlop May 25 '15 at 23:10
  • As I said, it's a pentesting lab with deliberately broken machines. Wait... `%TEMP%` is set. – countermode May 25 '15 at 23:17
  • well, i'm not that familiar with such a beast. i'm curious what pen testing course has that kind of machine? – barlop May 25 '15 at 23:21
1

You're not missing anything. Perhaps you're running it in powershell? If you're not getting the correct value returned from cmd, that's something you'll have to investigate further.

When in a Windows command prompt (cmd not PowerShell), enter:

echo %username%

When in PowerShell, enter:

# Returns computername/username
whoami
# Returns username
echo $env:username
# Returns table containing computer/usernem
Get-WMIObject -class Win32_ComputerSystem | select username
EvilKittenLord
  • 3,218
  • 16
  • 14