Basic Win CMD for Pentesters

“C:Program Files (x86)TeamViewerTeamViewer12_Logfile.log:evil.exe”

findstr /V /L W3AllLov3DonaldTrump c:

esentutl.exe /y C:autoruns.exe /d c:

#Binary from sysinternals#

##Extract content from ADS###

esentutl.exe /Y C:file.txt:test.exe /d c:

##Executing the ADS content###

wmic process call create ‘”C:Program Files (x86)TeamViewerTeamViewer12_Logfile.log:evil.exe”‘

“C:Program Files (x86)TeamViewerTeamViewer13_Logfile.log:ADSDLL.dll”

rundll32.exe advpack.dll,RegisterOCX not_a_dll.txt:test.dll

rundll32.exe ieadvpack.dll,RegisterOCX not_a_dll.txt:test.dll

“C:Program Files (x86)TeamViewerTeamViewer13_Logfile.log:Script.vbs”

forfiles /p c:system32 /m notepad.exe /c

“c:Program Files (x86)TeamViewerTeamViewer13_Logfile.log:Atomic.dll”

“C:Program Files (x86)TeamViewerTeamViewer13_Logfile.log:helloworld.hta”

Does not work on Windows

* ieframe.dll , shdocvw.dll

rundll32.exe shdocvw.dll,OpenURL C:

Basic Win CMD for Pentesters

This page should prove especially useful for those studying to become Microsoft Certified Solutions Experts (MCSE).

If you are looking for a particular command, use your browser’s search function (Ctrl+F) to find it.

adprep description and options
adprep examples
dcdiag

dcdiag description and options
dcdiag examples
dcgpofix

dcgpofix description and options
dcgpofix examples
dcpromo

dcpromo description and options
dcpromo examples
dnscmd

dnscmd description and options
dnscmd examples
dsacls

dsacls description and options
dsacls examples
dsadd

dsadd
dsadd computer
dsadd computer examples
dsadd contact
dsadd contact examples
dsadd group
dsadd group examples
dsadd ou
dsadd ou examples
dsadd quota
dsadd quota examples
dsamain

dsamain description and options
dsamain examples
dsdbutil

dsdbutil
dsdbutil authoritative restore
dsdbutil authoritative restore examples
dsdbutil files
dsdbutil files examples
dsdbutil ifm
dsdbutil ifm examples
dsdbutil semantic database analysis
dsdbutil semantic database analysis examples
dsdbutil snapshot
dsdbutil snapshot examples
dsget

dsmove description and options
dsmove examples
dsquery

dsrm description and options
dsrm examples
getmac

getmac description and options
getmac examples
gpfixup

gpfixup description and options
gpfixup examples
gpresult

gpresult description and options
gpresult examples
gpupdate

gpupdate description and options
gpupdate examples
ipconfig
ldifde

ldifde description and options
ldifde examples
netdiag

netdiag description and options
netdiag examples
netdom

nltest description and options
nltest examples
ntdsutil

Adprep

Extends the Active Directory schema and updates permissions as necessary to prepare a forest and domain for upgrades to a higher functional level.

:/> Какой максимальный объем жесткого диска для Windows?

For further details on Adprep, see Microsoft TechNet’s Running Adprep.exe.

Default adprep syntax

↑ Up to command list

Adprep examples

Recreates the default Group Policy Objects (GPOs) for a domain. The dcgpofix command is available in Windows Server 2008 R2 and Windows Server 2008, except on Server Core installations.

Default dcgpofix syntax

dcgpofix /ignoreschema /target:Domain

dcgpofix /ignoreschema /target:DC

Dcpromo

Installs or removes Active Directory Domain Services (AD DS). In other words, dcpromo promotes or demotes domain controllers.

Default dcpromo syntax

Server Operators
Backup Operators
Account Operators
Denied RODC Password Replication Group

The Denied RODC Password Replication Group includes:

Cert Publishers
Enterprise Domain Controllers
Enterprise Read-Only Domain Controllers
Group Policy Creator Owners
krbtgt account

Dcpromo examples

A command-line interface for managing DNS servers. This utility is useful in scripting batch files to help automate routine DNS management tasks, or to perform simple unattended setup and configuration of new DNS servers on your network.

Default dnscmd syntax

Specifies that the created Active Directory–integrated zone forwards unresolved queries to another DNS server.

Creates an Active Directory–integrated zone.

Creates an Active Directory–integrated stub zone.

Specifies that the created zone forwards unresolved queries to another DNS server.

Creates a standard primary zone, and specifies the name of the file that will store the zone information.

Creates a standard secondary zone.

Creates a file-backed stub zone.

Stores the zone on the domain directory partition.

Specifies the directory partition on which to store the zone.

Stores the zone on the enterprise directory partition.

Specifies FQDN of the directory partition.

Moves the zone to the built-in domain directory partition.

Moves the zone to the built-in forest directory partition.

Specifies that all zone transfer requests are granted.

:/> Windows не уходит в спящий режим, как исправить?

Specifies that no zone transfers are allowed.

Specifies that only the server that is listed in the name server (NS) resource record for the zone is granted a transfer.

Specifies that no change notifications are sent to secondary servers.

Specifies that change notifications are sent to all secondary servers.

Each type has different required parameters:

Creates a standard primary zone.

Overwrites existing data in AD DS.

Dnscmd examples

Set the current time on a time stamp to resource records:

dnscmd woodgrovebank.com /ageallrecords test.woodgrovebank.com

See a complete list of zones on your DNS server:

dnscmd woodgrovebank.com /enumzones

Clear the DNS cache memory of resource records on the specified DNS server:

dnscmd dnssvr1.woodgrovebank.com /clearcache

List the resource records of a specified node in a DNS zone and include all additional information about the listed resource records:

dnscmd /enumrecords test.woodgrovebank.com test /additional

Display a list of autocreated zones that are also reverse lookup zones on the DNS server:

dnscmd woodgrovebank.com /enumzones /auto-created /reverse

Display the IsSlave setting from a DNS server:

dnscmd woodgrovebank.com /info isslave

Display the RecursionTimeout setting from a DNS server:

dnscmd woodgrovebank.com /info recursiontimeout

Delete the records in a node:

dnscmd woodgrovebank.com /nodedelete test.woodgrovebank.com node /tree

Delete the records in a node using the host:

dnscmd woodgrovebank.com /NodeDelete test.woodgrovebank.com host /F

Display time statistics for a DNS server:

Display NbstatMem statistics for a DNS server:

Delete the test.reskit.com zone from a server:

dnscmd woodgrovebank.com /zonedelete test.woodgrovebank.com

Export the resource record list from the test.reskit.com zone on the reskit.com DNS server:

dnscmd woodgrovebank.com /zoneexport test.woodgrovebank.com test.reskit.com.dns

Display the values in the RefreshInterval entry in the registry:

dnscmd woodgrovebank.com/zoneinfo test.woodgrovebank.com refreshinterval

Display the values in the Aging entry in the registry:

dnscmd woodgrovebank.com /zoneinfo test.woodgrovebank.com aging

Test whether an IP address identifies a functioning DNS server or whether the DNS server can act as a forwarder, a root hint server, or a master server for a specific zone:

:/> Классическое меню "Пуск" для Windows 8, 8.1 и Windows 10 на базе Classic Shell Start Menu

dnscmd dnssvr1.woodgrovebank.com /ipvalidate /dnsservers 10.0.0.1 10.0.0.2

dnscmd dnssvr1.woodgrovebank.com /ipvalidate /zonemasters corp.woodgrovebank.com 10.0.0.2

Adds the record to the specified zone in a DNS server:

dnscmd dnssvr1.woodgrovebank.com /recordadd test A 10.0.0.5

dnscmd /recordadd test.woodgrovebank.com test MX 10 mailserver.test.woodgrovebank.com

Specify IP addresses 10.0.0.1 on DNSSVR1 to listen for DNS client requests.

dnscmd dnssvr1.woodgrovebank.com /resetlistenaddresses 10.0.0.1

Tell DNSSVR1 to attempt an immediate search for stale resource records:

dnscmd dnssvr1.woodgrovebank.com /startscavenging

Add a standard primary zone to DNSSVR1:

dnscmd dnssvr1.woodgrovebank.com /zoneadd woodgrovebank.com /dsprimary

Add a standard secondary zone to DNSSVR1:

dnscmd dnssvr1.woodgrovebank.com /zoneadd secondtest.woodgrovebank.com /secondary 10.0.0.2

Force a secondary DNS zone to update from the master zone:

dnscmd dnssvr1.woodgrovebank.com /zonerefresh test.woodgrovebank.com

Copy zone information from its source:

dnscmd dnssvr1.woodgrovebank.com /zonereload test.woodgrovebank.com

Reset the IP addresses of the master server that provides zone transfer information to a secondary zone:

dnscmd dnssvr1.woodgrovebank.com /zoneresetmasters test.woodgrovebank.com 10.0.0.1

Change the IP addresses of the servers that can scavenge the specified zone:

dnscmd dnssvr1.woodgrovebank.com /zoneresetscavengeservers test.woodgrovebank.com 10.0.0.1 10.0.0.2

Specify a list of IP addresses of secondary servers to which a master server responds when it is asked for a zone transfer:

dnscmd dnssvr1.woodgrovebank.com /zoneresetsecondaries test.woodgrovebank.com /noxfr /nonotify

dnscmd dnssvr1.woodgrovebank.com /zoneresetsecondaries test.woodgrovebank.com /securelist 11.0.0.2

Change the type of the zone:

dnscmd dnssvr1.woodgrovebank.com /zoneresettype test.woodgrovebank.com /primary /file test.woodgrovebank.com.dns

dnscmd dnssvr1.woodgrovebank.com /zoneresettype second.woodgrovebank.com /secondary 10.0.0.2

Dsacls

Grant generic read (GR) and generic execute (GE) on computer objects in the Desktops OU to Fbaggins:

dsacls “OU=Desktops,OU=BagEnd,DC=woodgrovebank,DC=Com” /G DomainFbaggins:GRGE;computer