Some commands for windows cmd.exe

Command Meaning
TASKMGR Windows Task Manager
REGEDIT Registry Editor
MSCONFIG Various startup options
NET USER username password Change password for given user
DEL filename Delete given file.
Apply it to malware EXE/DLL files.
CACLS filename /P SYSTEM:N Revoke access to given file (leave delete permission only).
Apply it to locked/busy malware EXE/DLL files.
TAKEOWN /F filename Take ownership of given file.
(Use this command if CACLS fails, then rerun the CACLS.)
DISKMGMT.MSC Disk Management
COMPMGMT.MSC Computer Management
EVENTVWR.MSC Event Viewer
SERVICES.MSC System Services
LUSRMGR.MSC Local Users and Groups
RUNDLL32 SHELL32.DLL,Control_RunDLL NUSRMGR.CPL User Accounts
DESK.CPL Display Properties
WSCUI.CPL Security Center
FIREWALL.CPL Firewall Settings
HELP Information about builtin console commands
DIR D:\ View list of files and folders on disk D: in folder \
XCOPY /? Information about copying files and folders
from command line
NET USE X: \\ServerName\ShareName Map network drive
RUNDLL32 SHELL32.DLL,Control_RunDLL HOTPLUG.DLL Unplug/Eject Hardware
CHKDSK C: /F Schedule checking of disk C: on the next reboot
MDSCHED Schedule memory diagnostics on the next reboot
TASKLIST View list of running processes from the command line
TASKKILL Terminate running process from the command line
DRIVERQUERY View list of installed device drivers and their properties
SC QUERY | MORE List running system services from command line
NET START ServiceName Start system service from command line
NET STOP ServiceName Stop system service from command line
START CMD Another console window
BITSADMIN /TRANSFER “Job1”
https://download.sysinternals.com/files/PSTools.zip%TMP%\PSTools.zip
Download any file from the Internet without browser (akin to wget and curl in Unix environment)
RUNDLL32 ZIPFLDR.DLL,RouteTheCall %TMP%\PSTools.zip Open ZIP file in the Explorer for extraction
PSEXEC -I -S -D CMD Run another console window with superadministrator privileges
(requires PSEXEC.EXE in the PATH)
WHOAMI View current privilege level
SHUTDOWN /R Reboot computer
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s