COMMAND SHELL Flashcards
1
Q
recursive where command
A
1
Q
where command
A
2
Q
find command
A
3
Q
commands for finding files and directories and filtering
A
where
where /R
find
findstr
comp
fc
sort
4
Q
local access to command prompt
A
Using the Windows key + r to bring up the run prompt, and then typing in cmd.
OR
Accessing the executable from the drive path C:\Windows\System32\cmd.exe
5
Q
remote access to command prompt
A
6
Q
command shell general commands
A
help
Get-help
Update-help
Ctrl-C
Get-Module
Import-Module
Get-Command
Set-Location <path>
Get-content <file>
systeminfo
hostname
ver</file></path>
7
Q
help <command></command>
A
provides help information for windows commands
8
Q
get-help <cmdlet></cmdlet>
A
displays help about Windows Powershell cmdlets and concepts
9
Q
update-help
A
downloads and installs the most up to date help files for windows powershell
10
Q
get-module
A
view the modules loaded into your powershell session
10
Q
ctrl-c
A
interrupts the currently running process
11
Q
import-module
A
import a module into your powershell session
12
Q
get-command
A
view all commands,cmdlets,functions and aliases loaded into your powershell environment
13
Q
set-location <path></path>
A
changes our location in the filesystem. same as using CD
14
Q
get-content <file></file>
A
view the contents of an object. similar to type or cat
15
Q
systeminfo
A
displays the operating system configuration information for a local or remote machine
16
Q
hostname
A
Displays name of the current host
17
Q
Terminal History Commands
A
doskey /history
page up
page down
f3
f7
f9
17
Q
ver
A
Displays the current Windows version
18
Q
Admin Commands
A
xfreerdp /v:<target> /u:<user> /p:<password>
ssh <user>@<target></target></user></password></user></target>
<PIPE>
</PIPE>
19
Q
xfreerdp /v:<target> /u:<user> /p:<password></password></user></target>
A
Initiate a RDP connection with the target host.
20
Q
Command Description
xfreerdp /v:<target> /u:<user> /p:<password> Initiate a RDP connection with the target host.
ssh <user>@<target></target></user></password></user></target>
A
Connect to a target host via SSH
21
Q
<PIPE>
</PIPE>
A
When you see <PIPE> specified in the commands below, it is saying to use the Pipe key (shift+backslash on US Keyboard layouts).</PIPE>
22
File & Directory Commands
CMD.exe
dir
cd
23
cls
24
dir
25
dir /A
26
dir /A:H
27
dir /A:R
28
cd
29
chdir
30
tree
31
tree /F
32
mkdir
33
md
34
rmdir
35
rd
36
rmdir /S
37
move
38
xcopy
39
copy
40
xcopy /E
41
robocopy
41
xcopy /K
42
robocopy /E /MIR /A-:SH
43
more
44
more /S
45
fsutil file createNew
46
type
47
echo
48
ren
49
del
50
del /A:R
51
del /A:H
52
[command 1] > [file]
Redirects the output from a command into a file. Overwrites the specified files' contents.
53
erase
54
[command 1] >> [file]
Redirects the output from a command into a file. Appends additional output without overwriting the file's original contents.
54
[command 1] < [file]
redirects the output of the file and passes it into the command.
55
Redirects the output of the first command into a and provides it to the second command.
56
Checks to see if the first command fails to execute successfully and, if so, proceeds to execute the second command.
57
Executes both commands in succession. It does not perform checks to see if either command passes or fails.
58
where
Displays the location of file(s) provided.
59
Checks to see if the first command executes successfully and then executes the second command. If the first command fails, the current command execution halts and the second command is not executed.
59
Input/Output Operators
59
find "example string"
Searches for a string of text in a file or files, and displays lines of text that contain the specified string.
60
where /R
Recursively searches for the file(s) provided starting from the specified directory.
61
findstr
Searches for patterns of text in files
*similar to grep command*
62
comp
Compares the contents of two files or sets of files byte-by-byte.
63
fc
Compares two files or sets of files and displays the differences between them.
64
sort
Reads input, sorts data, and writes the results to the screen, a file, or another device.
65
user commands
cmd.exe
whoami
whoami /priv
whoami /groups
whoami /all
net user
net local groups
net group
66
whoami
Displays the username of the currently logged-on user.
67
whoami /priv
Displays the security privileges of the current user.
68
whoami /groups
Displays the user groups that the current user belongs to.
69
whoami /all
Displays all information about the current user, including username, security identifiers (SID), privileges, and groups.
69
net user
Displays a list of the user accounts on the computer
70
net localgroup
Displays the name of the server and the names of local groups on the computer.
71
netshare
Displays info about all of the resources that are shared on the local computer.
71
ipconfig
View basic networking configurations.
72
ipconfig /?
Displays help and usage information for ipconfig.
72
net group
Displays the name of a server and the names of groups on the server. Only able to be used if the machine is joined to the domain.
73
ipconfig /all
View detailed networking configuration information.
74
net
CLI utility containing multiple commands to manage and configure network resources.
75
net view
Displays a list of domains, computers, or resources being shared by the specified computer.
76
arp
Displays and manages the contents and entries within the Address Resolution Protocol (ARP) cache.
77
arp /a
Displays the contents and entries contained within the Address Resolution Protocol (ARP) cache.
78
netstat -an
Display current network connections.
79
nslookup
Query DNS for a name or address.
80
sc query
Lists details about a specific service by name.
80
Services Commands
CMD.exe
sc query
sc query
sc start
sc stop
sc config start = disabled
tasklist /svc
net start
wmic service list brief
80
sc query
Lists all running services and provides additional information for each service.
81
sc start
Start a service by name.
82
sc stop
Stop a service by name.
83
sc config start = disabled
Change settings of the service specified.
84
tasklist /svc
Provide a list of services running under each process on the system.
85
net start
List all running services.
86
wmic service list brief
List all services on the system using WMIC. Includes information such as: ExitCode, Name, ProcessID, StartMode, State, and Status.
87
Address Resolution Protocol (ARP)
88
Scheduled Tasks
Commands
schtasks
schtasks /query
schtasks /query /V /FO list
schtasks /create
schtasks /create /sc /tn /tr
schtasks /change
schtasks /change /tn /ru /rp
schtasks /delete
schtasks /delete /tn
89
schtasks
Displays all tasks scheduled on the local machine.
90
schtasks /query
Displays all tasks scheduled on the local machine. Interchangeable with schtasks command.
91
schtasks /query /V /FO list
Displays all scheduled tasks with verbose information in a list format.
92
schtasks /create
Allows for the creation of scheduled tasks.
93
schtasks /delete
Allows for the deletion of scheduled tasks.
93
schtasks /change
Allows for modification of an existing scheduled task.
94
schtasks /delete /tn
Deletes a scheduled task with the matching name.
95
schtasks /change /tn /ru /rp
Modifies a scheduled task with a specified name to run under the permissions of the user account using the provided password for authentication.
96
schtasks /create /sc /tn /tr
Creates a new scheduled task based on a select schedule, with a provided name, and a program specified to run when the task starts.
97
Invoke-WebRequest -Uri "https://website-to-visit" -Method GET
98
Invoke-WebRequest -Uri "https://website-to-visit.html" -Method GET fl Images
98
Invoke-WebRequest -Uri "https://website-to-visit\file.ps1" -OutFile "C:\"
99
(New-Object Net.WebClient).DownloadFile("https://website-to-visit\tools.zip", "Tools.zip")
100
Event Log
Commands
101
wevtutil el
Uses the Windows Events Commandline utility to enumerate all log sources.
102
wevtutil qe /c:5 /rd:true /f:text
Query a log for events
102
wevtutil epl C:\system_export.evtx
Export a log
102
wevtutil gl "name"
Will gather config information about the log specified.
103
Get-Winevent -listlog *
List all logging facilities using Powershell cmdlets
103
Get-WinEvent -LogName 'Name' -MaxEvents 5 Select-Object -ExpandProperty Message
View the messages of a specific log
104
Get-WinEvent -FilterHashTable @{LogName='Security';ID='4625 '}
Query a specific log by eventID
105
Registry Hives
106
HKEY_CURRENT_CONFIG (HKCC)
This section contains records for the host's current hardware profile. (shows the variance between current and default setups) Think of this as a redirection of the HKLM CurrentControlSet profile key.
107
HKEY_CLASSES_ROOT (HKCR)
Filetype information, UI extensions, and backward compatibility settings are defined here.
108
HKEY_USERS (HKU)
The local computer's default User profile and current user configuration settings are defined under HKU.
108
HKEY_CURRENT_USER (HKCU)
Value entries here define each user's specific OS and software settings. Roaming profile settings, including user preferences, are stored under HKCU.
109
HKEY_LOCAL_MACHINE (HKLM)
This subtree contains information about the computer's physical state, such as hardware and operating system data, bus types, memory, device drivers, and more.
110
Registry Commands
111
Get-ChildItem -Path :\Path-to-key -Recurse
Recursively search through a Key and all subkeys.
112
Get-Item -Path Registry::\Path-to-key\ Select-Object -ExpandProperty Property
See the sub-keys and properties of a registry key.
113
Get-ItemProperty -Path Registry::\Path-to-key\key
View the properties and values of a specific key.
114
REG QUERY \PATH\KEY
Use reg.exe to query the registry.
115
REG QUERY /F "Password" /t REG_SZ /S /K
Search for specific strings within the Registry hive.
116
New-Item -Path :\PATH\ -Name KeyName
Create a new Registry Key.
117
New-ItemProperty -Path :\PATH\KEY -Name "ValueName" -PropertyType String -Value "C:\Users\htb-student\Downloads\payload.exe"
Set a new Value pair within a registry Key.
118
REG add "\PATH\KEY" /v access /t REG_SZ /d "C:\Users\htb-student\Downloads\payload.exe"
Use Reg.exe to create a new key/value pair.
119
Remove-ItemProperty -Path :\PATH\KEY -Name "name"
Delete a key/value from the registry.
