Notes: Windows Command Line | Cyber Security 101 | THM

Advantages of Command-Line Interface (CLI): speed, efficiency, lower resource usage, automation (batch file or script), remote management (SSH)

MS Windows Command Prompt: cmd.exe

Establish an SSH connection:

ssh USERNAME@IP

'yes' to continue

enter passord (hidden when typing!)

Only possible to issue commands with the Windows Path, use command 'set' to check path (PATH=)

Display basic system information

Set: current environment variables like PATH

Ver: operating system (OS) and version

Systeminfo: Host name, OS name, OS version, OS manufacturer, OS configuration, OS build type, registered owner, registered organization, product ID, original install date, system boot time, system manufacturer, system model, system type, processor(s), bios version, windows directory, system directory, boot device, system locale, input locale, time zone, total physical memory, available physical memory, virtual memory (max/available/in use), page file location, domain, logon server, hotfix(s), Network cards (NICs), Hyper-V Requirements

Driverquery: list installed device drivers

Help: provides information, use with command for more information

(or use: 'COMMAND -h' or 'COMMAND /?')

Cls: clear command prompt screen

Possible to pipe output with 'more', f.ex.: 'driverquery | more'

Check and troubleshoot network configuration

Ipconfig: ip address, subnet mask, default gateway

Ipconfig /all: full network configuration information; host name, primary dns suffix, node type, ip routing enabled, wins proxy enabled, dns suffix search list, connection-specific dns suffix, description, physical address (mac), dhcp enabled, autoconfiguration enabled, link-local ipv6 address, ipv4 address, subnet mask, lease obtained, lease expires, default gateway, dhcp server, dhcpv6 IAID, dhcpv6 client duid, dns servers, netbios over tcpip

Ping: check connection

Tracert: trace network route to target

Nslookup: looks up host or domain and return its IP address

Netstat: current network connections and listening ports; with no arguments: established connections

Netstat -a: all established connections and listening ports

Netstat -b: program associated with each listening port and established connection

Netstat -o: process ID (PID) associated with connection

Netstat -n: numerical form for addresses and port numbers

(Put all together as 'Netstat -abon')

Port 22: SSH

Manage files and folders

Cd: current drive and directory

Cd TARGET_DIRECTORY: change to any directory

Cd ..: go up one level

Dir: child directories

Dir /a: hidden and system files

Dir /s: files in current directory and all subdirectories

Tree: visually represent the child directories and subdirectories

Mkdir: make directory

Rmdir: delete/remove directory

Type: view text files

More: vire longer text files

Copy: copy files from one location to another

Move: move files from one location to another

Del: delete a file

Erase: delete a file

Wildcard * can be used to refer to multiple files

Check running processes

Tasklist: list running processes

Tasklist /FI "imagename eq sshd.exe": list running processes filtered by image name that equals sshd.exe

Taskkill: terminate task/process ('taskkill /PID TARGET_PID')

Other Commands

Chkdsk: check file system and disk volumes for errors and bad sectors

Sfc /scannow: scan system files for corruption and repairs them if possble