Windows Essential Commands
Chaining windows commands is done with the "&" unlike in Linux where we can execute two commands by splitting them with the ";"
Windows: dir & whoami
Linux: uname -a;uptime
System Information
whoami
Returns the name of currently logged in user
systeminfo
Shows system information including installed Hotfixes(interesting for privilege escalation)
wmic qfe get Caption,Description,HotFixID,InstalledOn
list of installed Hotfixes, can be used with | findstr /C:"KB4552931" /C:"KB4517245"
to find missing hotfixes
hostname
Prints the hostname machine
echo %path%
Returns environment variables similar to $PATH in linux
tree /a /f
Lists folders and files in tree structure
Files and Folders
del /f fileName
Delete a file
copy file1.doc file2.doc /a
Copy file1 into file2 in the same drive
copy file.pdf c:\pdf-files
Copy file.pdf into the destionation path c:
move grades.doc c:\grades
Moving a file to a specific path
To combine multiple files into one we use "+", To simply move multiple file names we use "," To move all the files with a specific extention we use a wildcard *.txt
copy test.txt + test1.txt + test2.txt alltext.txt
move 1.jpg, 2.jpg C:\Users\admin\Pictures
copy *.txt Combined.txt
md folderName
Create a directory
dir /A
Show all the files including hidden ones
type example.txt
Print out the contents of a file
Get-Content file.txt
Print out contents of a file (for PowerShell)
findstr /si password *.txt
Search a particular word (password) within files with extension (txt)
findstr /b /s creds.pdf
Find a file in the current and all sub directories
Network
netstat -an
Show network connections
netstat /anto
Prints network statistics
ipconfig /all
Display all the network adapters information
ping IP
Ping another machine/ip address
tracert
Display the route across an Internet Protocol network
Processes
tasklist
Displays a list of currently running processes on the machine
taskkill /PID 1234 /F
Terminate a process by pid
taskkill /F /IM cmd.exe
Terminate a process by it's name
Users
whoami /all
check all your priviledges
net localgroup /domain
check if you are part of a domain
net localgroup
Returns the list of groups on the system
net users /domain
list all the users in the domain
net share
Get the list of locally shared drives
route print
Print the routing table
arp /A
Returns the arp cache
Others
shutdown /r /t 0
Restards the system
set
Shows environmental variables
help cd
This is the equivalent of 'man' from Linux, it displays the user manual
time
Current time
sc stop|start
Start/Stop a service
Get-Acl fileName | fl *
Prints the file permission (PowerShell)
Mapping
wmic logicaldisk get deviceid, volumename, description
Get the most detailed results of what drives are mapped to your system
wmic logicaldisk get name
This works aswell but it returns only the drive names
get-psdrive -psprovider filesystem
Same action as the first command but performed in PowerShell
Mounting in windows is done with the command net use
net use \\IP address\SHARE$ "" /u:""
Connect to other share folder on other system
net use f: \\192.168.1.123\SYSVOL
Mounts a share to the drive f
net use * \\192.168.1.123\SYSVOL
mounts the share to the first available drive letter
net use f: /del
Will remove the drive ( unmount )
Interested in reading about Linux Basics ?
Updating...