Thoughts, stories and ideas.

Chaining windows commands is done with the "&" unlike in Linux where we can execute two commands by splitting them with the ";"

Windows: dir & whoami
Linux: uname -a;uptime

System Information

whoami Returns the name of currently logged in user
systeminfo Shows system information including installed Hotfixes(interesting for privilege escalation)
wmic qfe get Caption,Description,HotFixID,InstalledOn list of installed Hotfixes, can be used with | findstr /C:"KB4552931" /C:"KB4517245" to find missing hotfixes
hostname Prints the hostname machine
echo %path% Returns environment variables similar to $PATH in linux
tree /a /f Lists folders and files in tree structure

Files and Folders

del /f fileName Delete a file
copy file1.doc file2.doc /a Copy file1 into file2 in the same drive
copy file.pdf c:\pdf-files Copy file.pdf into the destionation path c:
move grades.doc c:\grades Moving a file to a specific path

To combine multiple files into one we use "+", To simply move multiple file names we use "," To move all the files with a specific extention we use a wildcard *.txt

copy test.txt + test1.txt + test2.txt alltext.txt
move 1.jpg, 2.jpg C:\Users\admin\Pictures
copy *.txt Combined.txt

md folderName Create a directory
dir /A Show all the files including hidden ones
type example.txt Print out the contents of a file
Get-Content file.txt Print out contents of a file (for PowerShell)
findstr /si password *.txt Search a particular word (password) within files with extension (txt)
findstr /b /s creds.pdf Find a file in the current and all sub directories

Network

netstat -an Show network connections
netstat /anto Prints network statistics
ipconfig /all Display all the network adapters information
ping IP Ping another machine/ip address
tracert Display the route across an Internet Protocol network

Processes

tasklist Displays a list of currently running processes on the machine
taskkill /PID 1234 /F Terminate a process by pid
taskkill /F /IM cmd.exe Terminate a process by it's name

Users

whoami /all check all your priviledges
net localgroup /domain check if you are part of a domain
net localgroup Returns the list of groups on the system
net users /domain list all the users in the domain
net share Get the list of locally shared drives
route print Print the routing table
arp /A Returns the arp cache

Others

shutdown /r /t 0 Restards the system
set Shows environmental variables
help cd This is the equivalent of 'man' from Linux, it displays the user manual
time Current time
sc stop|start Start/Stop a service
Get-Acl fileName | fl * Prints the file permission (PowerShell)

Mapping

wmic logicaldisk get deviceid, volumename, description Get the most detailed results of what drives are mapped to your system
wmic logicaldisk get name This works aswell but it returns only the drive names
get-psdrive -psprovider filesystem Same action as the first command but performed in PowerShell
Mounting in windows is done with the command net use
net use \\IP address\SHARE$ "" /u:"" Connect to other share folder on other system
net use f: \\192.168.1.123\SYSVOL Mounts a share to the drive f
net use * \\192.168.1.123\SYSVOL mounts the share to the first available drive letter
net use f: /del Will remove the drive ( unmount )

Interested in reading about Linux Basics ?

Updating...

You've successfully subscribed to Flaviu Popescu
Welcome back! You've successfully signed in.
Great! You've successfully signed up.
Success! Your account is fully activated, you now have access to all content.