SlideShare uma empresa Scribd logo

Windows command line_sheet_v1

Ganesh Kumar Veerla
Ganesh Kumar Veerla

imp commands for windows

Tecnologia
1 de 2
Baixar para ler offline
Reg Command WMIC Windows Command Line Adding Keys and Values: Fundamental grammar: C:> reg add C:> wmic [alias] [where clause] [verb Cheat Sheet [TargetIPaddr][RegDomain][Key] clause] By Ed Skoudis POCKET REFERENCE GUIDE Add a key to the registry on machine Useful [aliases]: [TargetIPaddr] within the registry domain process service http://www.sans.org [RegDomain] to location [Key]. If no remote share nicconfig machine is specified, the current machine is startup useraccount Purpose assumed. qfe (Quick Fix Engineering – shows patches) The purpose of this cheat sheet is to provide tips on how to use various Windows Export and Import: Example [where clauses]: command that are frequently referenced in C:> reg export [RegDomain][Key] where name="nc.exe" SANS 504, 517, 531, and 560. [FileName] where (commandline like "%stuff") where (name="cmd.exe" and Process and Service Information Export all subkeys and values located in the domain parentprocessid!="[pid]") [RegDomain] under the location [Key] to the file List all processes currently running: [FileName] Example [verb clauses]: C:> tasklist list [full|brief] C:> reg import [FileName] get [attrib1,attrib2…] List all processes currently running and the DLLs call [method] each has loaded: Import all registry entries from the file [FileName] delete C:> tasklist /m Import and export can only be done from or to the List all attributes of [alias]: Lists all processes currently running which have the local machine. C:> wmic [alias] get /? specified [dll] loaded: C:> tasklist /m [dll] Query for a specific Value of a Key: List all callable methods of [alias]: C:> reg query C:> wmic [alias] call /? List all processes currently running and the services [TargetIPaddr][RegDomain][Key] /v hosted in those processes: [ValueName] Example: C:> tasklist /svc List all attributes of all running processes: Query a key on machine [TargetIPaddr] within C:> wmic process list full Query brief status of all services: the registry domain [RegDomain] in location C:> sc query [Key] and get the specific value [ValueName] Make WMIC effect remote [TargetIPaddr]: under that key. Add /s to recurse all values. C:> wmic /node:[TargetIPaddr] Query the configuration of a specific service: /user:[User] /password:[Passwd] process C:> sc qc [ServiceName] list full
Shutdown and Restart File Search and Counting Lines Invoking Useful GUIs at the Command Line Search directory structure for a file in a specific Local User Manager (includes group management): Shutdown Windows immediately: C:> lusrmgr.msc C:> shutdown /s /t 0 directory: C:> dir /b /s [Directory][FileName] Services Control Panel: Note: Command may not power down the hardware. C:> services.msc Count the number of lines on StandardOuy of Restart Windows immediately: [Command]: C:> [Command] | find /c /v "" Task Manager: C:> shutdown /r /t 0 C:> taskmgr.exe Abort shutdown/restart countdown: Finds the count (/c) of lines that do not contain (/v) Security Policy Manager: C:> shutdown /a nothing (""). Lines that do not have nothing are all C:> secpol.msc lines, even blank lines, which contain CR/LF Useful Netstat Syntax Event Viewer: C:> eventvwr.msc Show all TCP and UDP port usage and process ID: Command Line FOR Loops C:> netstat –nao Counting Loop: Control Panel: C:> for /L %i in C:> control Look for usage of port [port] every [N] seconds: C:> netstat –nao [N] | find [port] ([start],[step],[stop]) do [command] Close GUI windows by hitting Alt-F4 Dump detailed protocol statistics: Set %i to an initial value of [start] and increment Interacting with the Network Using Netsh C:> netstat –s –p [tcp|udp|ip|icmp] it by [step] at every iteration until its value is equal to [stop]. For each iteration, run [command]. The Turn off built-in Windows firewall: Installing Built-in Packages on Vista iterator variable %i can be used anywhere in the C:> netsh firewall set opmode disable command to represent its current value. Install telnet service on Vista: Configure interface “Local Area Connection” with C:> pkgmgr /iu:"TelnetServer" [IPaddr] [Netmask] [DefaultGW]: Iterate over file contents: C:> for /F %i in ([file-set]) do C:> netsh interface ip set address Install telnet client on Vista: [command] local static [IPaddr] [Netmask] C:> pkgmgr /iu:"TelnetClient" [DefaultGW] 1 Iterate through the contents of the file on a line-by- Install IIS on Vista: Configure DNS server for “Local Area Connection”: line basis. For each iteration, store the contents of C:> pkgmgr /iu:IIS-WebServerRole;WAS- C:> netsh interface ip set dns local the line into %i and run [command]. WindowsActivationService;WAS- static [IPaddr] ProcessModel; WAS-NetFxEnvironment;WAS- ConfigurationAPI Configure interface to use DHCP: C:> netsh interface ip set address To remove any of these packages, replace install local dhcp update (/iu) with uninstall update (/uu)

Recomendados

Unit 7 standard i o
Unit 7 standard i oUnit 7 standard i o
Unit 7 standard i oroot_fibo
 
Banner grabbing
Banner grabbingBanner grabbing
Banner grabbingarizonainfotech
 
Windows Remote Management - EN
Windows Remote Management - ENWindows Remote Management - EN
Windows Remote Management - ENKirill Nikolaev
 
Docker Registry + Basic Auth
Docker Registry + Basic AuthDocker Registry + Basic Auth
Docker Registry + Basic AuthRemotty
 
Freefixer log
Freefixer logFreefixer log
Freefixer logreiryuzaki
 
WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows
WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows
WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows T.Rob Wyatt
 
A Node.js Developer's Guide to Bluemix
A Node.js Developer's Guide to BluemixA Node.js Developer's Guide to Bluemix
A Node.js Developer's Guide to Bluemixibmwebspheresoftware
 
TIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containersTIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containersThe Incredible Automation Day
 

Recomendados

Unit 7 standard i o
Unit 7 standard i oUnit 7 standard i o
Unit 7 standard i oroot_fibo
 
Banner grabbing
Banner grabbingBanner grabbing
Banner grabbingarizonainfotech
 
Windows Remote Management - EN
Windows Remote Management - ENWindows Remote Management - EN
Windows Remote Management - ENKirill Nikolaev
 
Docker Registry + Basic Auth
Docker Registry + Basic AuthDocker Registry + Basic Auth
Docker Registry + Basic AuthRemotty
 
Freefixer log
Freefixer logFreefixer log
Freefixer logreiryuzaki
 
WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows
WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows
WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows T.Rob Wyatt
 
A Node.js Developer's Guide to Bluemix
A Node.js Developer's Guide to BluemixA Node.js Developer's Guide to Bluemix
A Node.js Developer's Guide to Bluemixibmwebspheresoftware
 
TIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containersTIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containersThe Incredible Automation Day
 
Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Alexander Polce Leary
 
CMake Tutorial
CMake TutorialCMake Tutorial
CMake TutorialFu Haiping
 
Post exploitation using powershell
Post exploitation using powershellPost exploitation using powershell
Post exploitation using powershellMihir Shah
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
Internal commands.29to30
Internal commands.29to30Internal commands.29to30
Internal commands.29to30myrajendra
 
Internal commands.29to30
Internal commands.29to30Internal commands.29to30
Internal commands.29to30myrajendra
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsDr. Ramchandra Mangrulkar
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
Android Logging System
Android Logging SystemAndroid Logging System
Android Logging SystemWilliam Lee
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020CloudHero
 
Appdomains
AppdomainsAppdomains
AppdomainsDhowlath Mohammed
 
Deep dive in Citrix Troubleshooting
Deep dive in Citrix TroubleshootingDeep dive in Citrix Troubleshooting
Deep dive in Citrix TroubleshootingDenis Gundarev
 
Introduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShellIntroduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShellHal Rottenberg
 
Scaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington MeetupScaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington MeetupChris Shenton
 
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak PROIDEA
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configurationlutter
 
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdf
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdfc bstatC nslookupDefault Server pdc.corp.example.comAdd.pdf
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdfannaelctronics
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
Boot prom basics
Boot prom basicsBoot prom basics
Boot prom basicsGanesh Kumar Veerla
 
Omw doc
Omw docOmw doc
Omw docGanesh Kumar Veerla
 

Mais conteúdo relacionado

Semelhante a Windows command line_sheet_v1

Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Alexander Polce Leary
 
CMake Tutorial
CMake TutorialCMake Tutorial
CMake TutorialFu Haiping
 
Post exploitation using powershell
Post exploitation using powershellPost exploitation using powershell
Post exploitation using powershellMihir Shah
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
Internal commands.29to30
Internal commands.29to30Internal commands.29to30
Internal commands.29to30myrajendra
 
Internal commands.29to30
Internal commands.29to30Internal commands.29to30
Internal commands.29to30myrajendra
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsDr. Ramchandra Mangrulkar
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
Android Logging System
Android Logging SystemAndroid Logging System
Android Logging SystemWilliam Lee
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020CloudHero
 
Deep dive in Citrix Troubleshooting
Deep dive in Citrix TroubleshootingDeep dive in Citrix Troubleshooting
Deep dive in Citrix TroubleshootingDenis Gundarev
 
Introduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShellIntroduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShellHal Rottenberg
 
Scaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington MeetupScaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington MeetupChris Shenton
 
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak PROIDEA
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configurationlutter
 
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdf
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdfc bstatC nslookupDefault Server pdc.corp.example.comAdd.pdf
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdfannaelctronics
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 

Semelhante a Windows command line_sheet_v1 (20)

Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017
 
CMake Tutorial
CMake TutorialCMake Tutorial
CMake Tutorial
 
Post exploitation using powershell
Post exploitation using powershellPost exploitation using powershell
Post exploitation using powershell
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new black
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
Internal commands.29to30
Internal commands.29to30Internal commands.29to30
Internal commands.29to30
 
Internal commands.29to30
Internal commands.29to30Internal commands.29to30
Internal commands.29to30
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2
 
Android Logging System
Android Logging SystemAndroid Logging System
Android Logging System
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
 
Appdomains
AppdomainsAppdomains
Appdomains
 
Deep dive in Citrix Troubleshooting
Deep dive in Citrix TroubleshootingDeep dive in Citrix Troubleshooting
Deep dive in Citrix Troubleshooting
 
Introduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShellIntroduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShell
 
Scaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington MeetupScaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington Meetup
 
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
 
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdf
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdfc bstatC nslookupDefault Server pdc.corp.example.comAdd.pdf
c bstatC nslookupDefault Server pdc.corp.example.comAdd.pdf
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 

Mais de Ganesh Kumar Veerla

Chapter 5 HP OVOw Node management
Chapter 5 HP OVOw Node managementChapter 5 HP OVOw Node management
Chapter 5 HP OVOw Node managementGanesh Kumar Veerla
 
Chapter 2 hp ovo service driven management
Chapter 2 hp ovo service driven managementChapter 2 hp ovo service driven management
Chapter 2 hp ovo service driven managementGanesh Kumar Veerla
 
imp websites for solaris and linux
imp websites for solaris and linux imp websites for solaris and linux
imp websites for solaris and linux Ganesh Kumar Veerla
 

Mais de Ganesh Kumar Veerla (15)

Boot prom basics
Boot prom basicsBoot prom basics
Boot prom basics
 
Omw doc
Omw docOmw doc
Omw doc
 
Chapter 12 user roles
Chapter 12 user rolesChapter 12 user roles
Chapter 12 user roles
 
Chapter 6 polices
Chapter 6 policesChapter 6 polices
Chapter 6 polices
 
Chapter 5 HP OVOw Node management
Chapter 5 HP OVOw Node managementChapter 5 HP OVOw Node management
Chapter 5 HP OVOw Node management
 
Chapter 3 HP OVOW architecture
Chapter 3 HP OVOW architectureChapter 3 HP OVOW architecture
Chapter 3 HP OVOW architecture
 
Chapter 2 hp ovo service driven management
Chapter 2 hp ovo service driven managementChapter 2 hp ovo service driven management
Chapter 2 hp ovo service driven management
 
Sunadmin
SunadminSunadmin
Sunadmin
 
Hp open view(hp ov)
Hp open view(hp ov)Hp open view(hp ov)
Hp open view(hp ov)
 
imp websites for solaris and linux
imp websites for solaris and linux imp websites for solaris and linux
imp websites for solaris and linux
 
Managerof managerarchitecture
Managerof managerarchitectureManagerof managerarchitecture
Managerof managerarchitecture
 
Hp open view
Hp open viewHp open view
Hp open view
 
Solaris
SolarisSolaris
Solaris
 
Nsm overview
Nsm overviewNsm overview
Nsm overview
 
Ovo and nnm work flow at ahcc
Ovo and nnm work flow at ahccOvo and nnm work flow at ahcc
Ovo and nnm work flow at ahcc
 

Último

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Último (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Windows command line_sheet_v1

  • 1. Reg Command WMIC Windows Command Line Adding Keys and Values: Fundamental grammar: C:> reg add C:> wmic [alias] [where clause] [verb Cheat Sheet [TargetIPaddr][RegDomain][Key] clause] By Ed Skoudis POCKET REFERENCE GUIDE Add a key to the registry on machine Useful [aliases]: [TargetIPaddr] within the registry domain process service http://www.sans.org [RegDomain] to location [Key]. If no remote share nicconfig machine is specified, the current machine is startup useraccount Purpose assumed. qfe (Quick Fix Engineering – shows patches) The purpose of this cheat sheet is to provide tips on how to use various Windows Export and Import: Example [where clauses]: command that are frequently referenced in C:> reg export [RegDomain][Key] where name="nc.exe" SANS 504, 517, 531, and 560. [FileName] where (commandline like "%stuff") where (name="cmd.exe" and Process and Service Information Export all subkeys and values located in the domain parentprocessid!="[pid]") [RegDomain] under the location [Key] to the file List all processes currently running: [FileName] Example [verb clauses]: C:> tasklist list [full|brief] C:> reg import [FileName] get [attrib1,attrib2…] List all processes currently running and the DLLs call [method] each has loaded: Import all registry entries from the file [FileName] delete C:> tasklist /m Import and export can only be done from or to the List all attributes of [alias]: Lists all processes currently running which have the local machine. C:> wmic [alias] get /? specified [dll] loaded: C:> tasklist /m [dll] Query for a specific Value of a Key: List all callable methods of [alias]: C:> reg query C:> wmic [alias] call /? List all processes currently running and the services [TargetIPaddr][RegDomain][Key] /v hosted in those processes: [ValueName] Example: C:> tasklist /svc List all attributes of all running processes: Query a key on machine [TargetIPaddr] within C:> wmic process list full Query brief status of all services: the registry domain [RegDomain] in location C:> sc query [Key] and get the specific value [ValueName] Make WMIC effect remote [TargetIPaddr]: under that key. Add /s to recurse all values. C:> wmic /node:[TargetIPaddr] Query the configuration of a specific service: /user:[User] /password:[Passwd] process C:> sc qc [ServiceName] list full
  • 2. Shutdown and Restart File Search and Counting Lines Invoking Useful GUIs at the Command Line Search directory structure for a file in a specific Local User Manager (includes group management): Shutdown Windows immediately: C:> lusrmgr.msc C:> shutdown /s /t 0 directory: C:> dir /b /s [Directory][FileName] Services Control Panel: Note: Command may not power down the hardware. C:> services.msc Count the number of lines on StandardOuy of Restart Windows immediately: [Command]: C:> [Command] | find /c /v "" Task Manager: C:> shutdown /r /t 0 C:> taskmgr.exe Abort shutdown/restart countdown: Finds the count (/c) of lines that do not contain (/v) Security Policy Manager: C:> shutdown /a nothing (""). Lines that do not have nothing are all C:> secpol.msc lines, even blank lines, which contain CR/LF Useful Netstat Syntax Event Viewer: C:> eventvwr.msc Show all TCP and UDP port usage and process ID: Command Line FOR Loops C:> netstat –nao Counting Loop: Control Panel: C:> for /L %i in C:> control Look for usage of port [port] every [N] seconds: C:> netstat –nao [N] | find [port] ([start],[step],[stop]) do [command] Close GUI windows by hitting Alt-F4 Dump detailed protocol statistics: Set %i to an initial value of [start] and increment Interacting with the Network Using Netsh C:> netstat –s –p [tcp|udp|ip|icmp] it by [step] at every iteration until its value is equal to [stop]. For each iteration, run [command]. The Turn off built-in Windows firewall: Installing Built-in Packages on Vista iterator variable %i can be used anywhere in the C:> netsh firewall set opmode disable command to represent its current value. Install telnet service on Vista: Configure interface “Local Area Connection” with C:> pkgmgr /iu:"TelnetServer" [IPaddr] [Netmask] [DefaultGW]: Iterate over file contents: C:> for /F %i in ([file-set]) do C:> netsh interface ip set address Install telnet client on Vista: [command] local static [IPaddr] [Netmask] C:> pkgmgr /iu:"TelnetClient" [DefaultGW] 1 Iterate through the contents of the file on a line-by- Install IIS on Vista: Configure DNS server for “Local Area Connection”: line basis. For each iteration, store the contents of C:> pkgmgr /iu:IIS-WebServerRole;WAS- C:> netsh interface ip set dns local the line into %i and run [command]. WindowsActivationService;WAS- static [IPaddr] ProcessModel; WAS-NetFxEnvironment;WAS- ConfigurationAPI Configure interface to use DHCP: C:> netsh interface ip set address To remove any of these packages, replace install local dhcp update (/iu) with uninstall update (/uu)