Windows

Cheat sheet for Windows.

• Windows commands (Microsoft)
• For Users & Groups, see Users & Groups & Active Directory (AD)
• For PowerShell commands, see Powershell Cheat Sheet.
• Connect to databases with OLE DB

Windows Basics

List files from current directory, including hidden files

dir /a:hd
dir /a:hd C:\

Show current directory

cd

# Display file content
type filename.txt

# Display file content, interactive mode
more filename.txt

Show hostname

hostname

Show IP address

ipconfig

Traceroute

tracert hostname

System information (OS, domain, etc.)

systeminfo

Reboot

shutdown /r

List users

See Active Directory.

dir c:\users

Groups for current user

whoami /groups

Clear terminal

cls

Copy file

copy source-file.txt destination-file.txt

Rename a file

ren "oldname.txt" "newname.txt"

MD5 of file

certUtil -hashfile file.txt MD5

List shares

net share

Accessing file share

\\MachineName\c$\

When users are not local admins, they could bypass access to the C drive by using a web browser and this:

\\127.0.0.1\c$
\\localhost\c$

Unzip a .zip file in current directory

powershell -c "Expand-Archive <filename>.zip ."

Environment variables

List all environment variables

set

Set an environment variable

SET ORACLE_SID=SID

Registry

reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

List registry (recursively)

reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /s

Access rights

See Official Documentation for icacls.

• F – Full access
• M- Modify access
• RX – Read and execute access
• R – Read-only access
• W – Write-only access

icacls "<file>"

icacls "C:\Program Files\Windows Media Player\wmplayer.exe"

Processes

tasklist
tasklist <process name without file extension>

To get program arguments, use this:

WMIC path win32_process get Caption,Processid,Commandline > processes.txt

Kill a process

# Kill a process by name
taskkill /IM "notepad.exe" /F

# Kill a process by PID
taskkill /F /PID 1234

# In the job scheduler
taskkill /IM "process.exe" /F >> "C:\Users\<username>\Desktop\kill_process.log"

File Search

• Official Documentation (Microsoft) – findstr

where /r c:\ *.exe

where /r c:\ flag.txt

Search for a file in all subdirectories

cd C:\somedir
dir secret.doc /s /p
dir secret.doc /s /p | find -i "some string in filename"

<some command> | findstr /i LocalPort | sort /unique

Search text in file

find /i "password" c:\somedir\myfile.txt

# Search text "flag" in files
findstr /s /i flag *.*
findstr /s /i somestring *.*

# Find all occurrences of the word "Windows" (case sensitive) in the file Proposal.txt
findstr Windows proposal.txt

# See Powershell section

Host file (“/etc/hosts”)

This file is used to resolve hosts names before DNS.

C:\Windows\System32\drivers\etc\hosts

Mount Drive

wmic logicaldisk get caption || fsutil fsinfo drives

List volumes

mountvol

Mount volume

mountvol DRIVE-LETTER:\ VOLUME-NAME

mountvol e:\ \\?\Volume{...}\

Permanently delete files

Delete the file from the recycle bin first or this will not work.

powershell cipher /w:C:
powershell cipher /w:C:\Users\Jim\Documents

Screenshot & Videos

• PrintScreen -> copied to clipboard
• Windows key + PrintScreen -> file created in Pictures\Screenshots
• Windows key + Shift + S -> section of screen copied to clipboard (Snip and Sketch)

Screen recording

Record using the Game Bar (Windows 10+)

• Press keys Windows+G

Windows Services

Managing services in Windows.

For specific services, see Ports & Protocols.

Managing services using the GUI

%windir%\system32\services.msc

Start a service

net start service <service name>

Stop a service

net stop <service name>

Service status

netstat -ant

netstat