shackkrot.blogg.se - Useful command prompt commands

Useful command prompt commands update#
Useful command prompt commands full#

(This command won’t clear your full Clipboard history though, so you’ll have to use Windows 10’s Clipboard settings to do that. I can then attach this log to my response.Entering this string into the Command Prompt clears the last item on your Clipboard-helpful when you’ve copied sensitive information and are done with it. They will tell me that I have an infected machine. I use this approach because we are a smaller IT department within a much larger organization. If I run any other commands as I investigate, then they are logged too. I just copy and paste this into the console. The get-process and get-service don't expose those. I use wmi to get processes and services because you can see the command that started the process. Because I know I am logging the session, I do run some extra commands to record the general environment. If you run start-transcript at the start, your whole console session is logged to a file. Get-ItemProperty hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunĪ few key things I want to point out. Get-WmiObject win32_service | ft name, pathname -auto Get-winevent -logname "Microsoft-Windows-AppLocker/EXE and DLL" | ft time*, message -auto Get-WmiObject win32_process | ft name, path -auto # Collect everything about running processes Get-WmiObject win32_operatingsystem | fl Name, Description, OSArchitecture, Caption,BuildNumber Get-Qadcomputer $pcname | Format-List Name, ParentContainer, ModificationDate, Description

Useful command prompt commands update#

#Get AD Info (using quest tools, I know I should update it) Start-Transcript "N:\$PCName.log" -Append #this logs all commands and output to a file I run this when doing a remote malware assessment: $PCName = "John097"

Any Sysinternal tool - You should really, really read up on how they can be used.

nircmd - useful for alerting users in a not so obtrusive balloon popup way unlike netsend (netsend * "FUCKING INTERNET IS DOWN BECAUSE BOB'S RUNNING BITTORRENT!").

psexec -h -s -u DOMAIN\User -p cmd.exe for stubborn applications that require output buffering & elvation.

hstart/elevate - when you have to run something as a user, hide the cmd.exe & elevate at the same time.

Case in point would be "wuaclt /UpdateNow" You can even construct the task on your system export as a xml file then import it in to the destination shortening the command.

schtask - Hugely helpful for executing commands as a user/network service/local system with a few minutes or once imdediately.

Some times an environment isn't consistent in their PS execution policy stripping you of a precious shell/functionality.

simple windows command line scripting.

gpresult /h c:\report.html - Group policy report based on your account and the winning GPO for that system.

Hunting malwareĪlso thanks to /u/iaindings, /u/cisco1988, /u/jhulbe, /u/HeadacheCentral, /u/Enxer, /u/Fraeco I will continue editing my post later / tomorrow.Īny Sysinternal tool - You should really, really read up on how they can be used. The problem is Microsoft documentation is sparse. I'm looking forward to further suggestions!Īnother good hint from /u/2become1080809: If you've been tinkering with DNS records. Useful for alerting users in a not so obtrusive balloon popup way unlike netsend (netsend * "FUCKING INTERNET IS DOWN BECAUSE BOB'S RUNNING BITTORRENT!") When you have to run something as a user, hide the cmd.exe & elevate at the same time.įor stubborn applications that require output buffering & elevation

Hugely helpful for executing commands as a user/network service/local system with a few minutes or once imdediately. Group policy report based on your account and the winning GPO for that system

View the contents of the local ARP cache tableĭisplay All connections and listening portsĭo not resolve addresses to hostnames. I'm pretty sure you guys know all of them, but the ones that come to my mind so far are: PromptĬheck if there's connection to a network device I'm interested in all kinds of useful command line prompts for troubleshooting in a Windows environment.