DiscordHackTheBoxTryHackMeGitHub

Commands and Utilities

CMD COMMAND

  1. After launching cmd.exe we can type help to see a listing of available commands.

  2. For more information about a specific command, we can type help <command name>.

  3. Certain commands have their own help menus, which can be accessed by typing <command> /?.

DIR

Windows command that lists the contents of a directory, including files and subfolders.

Command
Explanation

dir

Lists files and subdirectories in the current directory.

dir /s

Displays files in the specified directory and all subdirectories.

dir /a

Shows hidden and system files.

dir /p

Lists contents one page at a time.

dir /w

Displays results in a wide format.

dir *.txt

Displays all txt files

dir /t:c

Lists files sorted by creation time

dir /o:n

Lists files and folders sorted alphabetically

dir /q

Lists ownership of a directory

TREE

Windows command that displays the directory structure in a tree-like format.

Command
Explanation

tree

Displays the directory structure of the current folder.

tree /f

Shows the directory structure including files.

tree /a

Uses ASCII characters for lines instead of extended characters.

tree /p

Displays the tree one page at a time (useful for large outputs).

tree D:\

Displays the directory structure of a specific drive.

TYPE

Windows command that displays the contents of a text file.

Command
Explanation

type file.txt

Displays the entire content of file.txt.

type file1.txt file2.txt

Concatenates and displays the contents of multiple files.

type file.txt > output.txt

Redirects the output to a new file output.txt.

ICACLS

Windows command that manages permissions for files and directories.

Command
Explanation

icacls <filename>

Displays the current access control list (ACL) for the specified file.

icacls <directory>

Displays the ACLs for all files and subdirectories in the specified directory.

icacls <filename> /grant

Grants specified permissions to a user or group for the specified file.

icacls <filename> /deny

Denies specified permissions to a user or group for the specified file.

icacls <filename> /remove

Removes all granted permissions for a specified user or group from the specified file.

icacls <filename> /save

Saves the ACLs of files and directories to a specified file for later restoration.

icacls <filename> /restore

Restores the saved ACLs from a file to the specified files or directories.

NET

Windows command used for managing network resources, services, and user accounts.

Command
Explanation

net use

Connects to a shared resource (e.g., network drive or printer).

net user

Manages local user accounts (e.g., create, delete, or modify user accounts).

net share

Displays or manages shared resources on the local computer.

net view

Displays a list of shared resources or computers on the network.

net stop <service>

Stops a specified Windows service.

net start <service>

Starts a specified Windows service.

net localgroup

Manages local groups by adding or removing users.

net accounts

Configures password and logon requirements for local user accounts.

SC

Windows command that manages services, allowing users to query, start, stop, configure, and delete services locally or remotely.

Command
Explanation

sc qc <ServiceName>

Queries the configuration of a specific service.

sc \\<hostname_or_ip> query <ServiceName>

Queries the status of a service on a remote machine.

sc start <ServiceName>

Starts a specified service.

sc stop <ServiceName>

Stops a specified service.

sc config <ServiceName> binPath=<NewPath>

Changes the executable path of a service, useful for privilege escalation.

sc sdshow <ServiceName>

Displays the security descriptor (permissions) of a service.

sc delete <ServiceName>

Deletes a specified service.

sc \\<hostname_or_ip> stop <ServiceName>

Stops a service on a remote machine.

sc failure <ServiceName> reset=<Time>

Configures a service to reset its failure count after a specific time.

sc failure <ServiceName> actions=restart/<Delay>

Configures a service to restart after failure, useful for persistence.

sc \\<hostname_or_ip> qc <ServiceName>

Queries the configuration of a service on a remote machine.

sc interrogate <ServiceName>

Forces the service to report its current status immediately.

sc triggerinfo <ServiceName>

Displays the triggers that start or stop a service automatically.

sc pause <ServiceName>

Pauses a running service.

sc continue <ServiceName>

Resumes a paused service.

SYSINTERNALS

Windows Sysinternals is a powerful suite of utilities created by Mark Russinovich, which is now owned by Microsoft. These tools are primarily designed for system troubleshooting, monitoring, and diagnostics, but they can also be extremely valuable for security researchers and ethical hackers.

PsExec

PsExec is a command-line tool from the Windows Sysinternals suite that allows you to execute processes on remote systems without needing to manually install client software. It works over SMB (Server Message Block), enabling remote command execution on Windows machines, making it a powerful tool for both system administration and ethical hacking.

Usage (same things to impacket-smbexec and impacket-atexec):

impacket-psexec administrator:'amoguskek'@13.13.13.13

PipeList

Listing Named Pipes with Pipelist:

C:\> pipelist.exe /accepteula

ProcDump

Dump process memory:

C:\> procdump.exe -accepteula -ma lsass.exe lsass.dmp
PreviousSecurityNextPowerShell

Last updated