📒
Book of VanLuong
  • 👨‍💻About the Author
  • Cryptography
    • Cryptanalysis
      • RSA & RSA ATTACK
      • DES (Data Encryption Standard)
      • AES (Advanced Encryption Standard)
      • ECC ( Elliptic Curve of Cryptography)
      • Group-based Cryptography
      • Lattice-based Cryptography
      • ChaCha20-Poly1305
      • Hash Function
      • Wargame CTF
  • C2
    • Practical with Havoc Framework
  • Blue Teaming
    • SIEM & SOC
      • SIEM
      • SOC
      • Splunk
    • Cybersecurity Lab & Threat Intelligence
      • Build ELK Lab
        • Configure Elasticsearch and Kibana setup in ubuntu
        • Fluent Bit – Sending Logs to ELK with Fluent Bit
        • Winlogbeat – Collecting and Forwarding Windows Event Logs.
        • Filebeat – Collecting and Forwarding Windows Event Logs.
        • Send Logs from Winlogbeat through Logstash to ELK
        • Audit policy & Winlogbeat
      • Sysmon configuration
    • PowerShell in Incident Response and Threat Hunting
      • PowerShell For Incident Response
      • PowerShell For Threat Hunting
  • Techniques used in malware
    • DLL side loading
    • DLL Unhooking
    • Call stack spoofing
  • Wazuh App Dashboards for Splunk
  • Windows
    • 70 Vital Windows Commands
    • Windows Registry Forensics
  • Guide to Installing Kali Linux, DVWA, and bWAPP
    • Phần 1. CÀI ĐẶT HỆ ĐIỀU HÀNH KALI LINUX
    • Phần 2. CÀI ĐẶT DVWA
    • Phần 3. CÀI ĐẶT BWAPP
  • CTF
    • CTF-writeup-in-KCSC
Powered by GitBook
On this page

Was this helpful?

  1. Windows

70 Vital Windows Commands

PreviousWindowsNextWindows Registry Forensics

Last updated 5 months ago

Was this helpful?

70+ Vital Windows Commands Every Cybersecurity Analyst Should Master Open the Command Prompt by pressing Win + R, typing "cmd", and pressing Enter.

No

Explanation

Sample Usage

1

ipconfig

Displays IP configuration information

ipconfig /all

ipconfig /?

2

systeminfo

Displays system information

systeminfo

3

netstat

Displays network statistics

netstat -ano

4

whoami

Displays current user

whoami

5

getmac

Displays MAC address

/v switch adds verbose output, providing more detailed information

getmac /v

6

hostname

Displays computer name

hostname

7

ver

Displays Windows version

ver

8

winver

Displays Windows version and build

winver

9

ping

Tests network connectivity

Replace n [number] with the number of pings you want to send

ping google.com

ping -n google.com

10

tracert

Traces route to a destination

tracert microsoft.com

11

nslookup

Queries DNS servers

nslookup google.com

12

tasklist

Lists running processes

tasklist

13

taskkill

Terminates processes

/IM stands for "Image Name"

The /F flag forces termination of the process

taskkill /IM notepad.exe /F

taskkill /PID process_id /F

taskkill /IM chrome* /F

taskkill /PID PID1 /PID PID2 /F

14
sfc
Scans and repairs system files
sfc /scannow

15

chkdsk

Checks disk for errors

chkdsk C: /f

16

diskpart

Manages disks and partitions

diskpart then list disk

17

format

Formats a disk

format C: /fs:ntfs

18

xcopy

Copies files and directories

xcopy C:\source D:\dest /E

19

19 robocopy

Advanced file copy utility

robocopy C:\source D:\dest /E

20

dir

Lists files and directories

dir C:\

21

cd

Changes directory

cd C:\Users

22

md

Creates a new directory

md NewFolder

23

rd

Removes a directory

rd OldFolder

24

del

Deletes files

del C:\file.txt

25

copy

Copies files

copy C:\file.txt D:\

26

move

Moves files

move C:\file.txt D:\

27

ren

Renames files or directories

ren oldname.txt newname.txt

28

type

Displays contents of a text file

type C:\file.txt

29

find

Searches for a text string in files

find "error" C:\log.txt

30

findstr

Searches for strings in files

ipconfig /all | findstr DNS

31

sort

Sort the contents of a file named "names.txt" alphabetically.

sort < names.txt

32

comp

Compares contents of two files

comp file1.txt file2.txt

33

fc

Compares files and displays differences

fc file1.txt file2.txt

34
tree
Displays directory structure graphically
tree C:\

35

attrib

Changes file attributes

attrib +r C:\file.txt

36

cipher

Displays or alters file encryption

cipher /e C:\SecretFolder

37

compact

Displays or alters file compression

compact /c C:\folder

38

powercfg

Manages power settings

powercfg /energy

39

shutdown

Shuts down or restarts computer

shutdown /r /t 0

40

gpupdate

Updates Group Policy settings

gpupdate /force

41

gpresult

Displays Group Policy results

gpresult /r

42

net user

Manages user accounts

net user JohnDoe newpassword

43

net

localgroup

Manages local groups

net localgroup Administrators

44

net start

Starts a network service

net start "Print Spooler"

45

net stop

Stops a network service

net stop "Print Spooler"

46

netsh

Network configuration tool

netsh wlan show profiles

47

sc

Manages Windows services

sc query

48

reg

Manages registry

reg query HKLM\Software

49

runas

Runs a program as a different user

runas /user:Admin cmd

50

schtasks

Schedules commands and programs

schtasks /create /tn "MyTask" /tr notepad.exe /sc daily

51

wmic

Windows Management Instrumentation Command-line, It is a powerful Windows utility that can be used for both legitimate system

administration tasks and potentially abused by attackers.

wmic os get

name,version,buildnumber This retrieves basic OS information. Software inventory:

wmic product get name,version This lists installed software. Remote code execution:

wmic /node:"victim_ip" process call create "powershell.exe

-enc base64_encoded_payload" This executes a malicious PowerShell script on a remote system. Malware persistence:

wmic startup create

name="malware",command="C:\malw are.exe"

This adds malware to the startup folder. Evasion technique:

wmic process where

name="antivirus.exe" delete Attackers may try to terminate security software.

52

assoc

Displays or modifies file extension associations

assoc .txt

53

ftype

Displays or modifies file types

ftype txtfile

54

driverquery

Displays installed device drivers

driverquery

55

msinfo32

Displays system information

msinfo32

56

mmc

Opens Microsoft Management Console

mmc

57

eventvwr

Opens Event Viewer

eventvwr

58

services.msc

Opens Services management console

services.msc

59
devmgmt.msc
Opens Device Manager
devmgmt.msc

60

diskmgmt.msc

Opens Disk Management

diskmgmt.msc

61

taskmgr

Opens Task Manager

taskmgr

62

perfmon

Opens Performance Monitor

perfmon

63

resmon

Opens Resource Monitor

resmon

64

msconfig

Opens System Configuration

msconfig

65

control

Opens Control Panel

control

66

mstsc

Opens Remote Desktop Connection

mstsc

67

cleanmgr

Opens Disk Cleanup

cleanmgr

68

defrag C:

Defragments a drive

defrag C:

69

fsutil

fsinfo

drives

File system utility

fsutil fsinfo drives

70

path

Displays or sets PATH environment variable

path

71

set

Displays, sets, or removes environment variables

set

72

echo

Displays messages or turns command echoing on/off

echo Hello World

73

cls

Clears the screen

cls

74

query

Displays information about processes that are running on a Remote Desktop Session Host (RD Session Host) server.

query process * To show all processes