Friday, July 31, 2015

Windows Important Commands

Windows Important Commands 



what is WMIC ?

Windows management instrumentation command. The wmic command to me is one of the more powerful commands on windows. 




This command is very useful for the anlyst who is performing analysis on windows OS as well as Forensics.
This commands helpful to gather information without 3rd party tools.
You can do multiple tasks with one command

List of running processes in brief

wmic process list brief
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kill a process

wmic process where name="wordpad.exe" delete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine open shares

net share
wmic share list brief
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine ip address

ipconfig
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get a new ip address

ipconfig /release
ipconfig /renew
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disk drive information

wmic diskdrive list full
wmic partition list full
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List all patches

wmic qfe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List services

wmic service list brief
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List user accounts

wmic useraccount list brief
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List number of times a user logged on

wmic netlogin where (name like "%adm%") get numberoflogons
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reboot

shutdown /r /t 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Shutdown

shutdown /s /t 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Spawn a new command prompt

start cmd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command line history

F7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine the current user

echo %USERNAME%
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine who is apart of the administrators group

net localgroup administrators
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Add a user where rocky is the username and password is redhat

net user rocky redhat /add
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Add user rocky to administrators group

net localgroup administrators rocky /add
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List user accounts

net user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List network connections and the programs that make connection

netstat -an
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Display contents of file text.txt

type text.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Edit contents of file text.txt

edit text.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine PC name

hostname
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine whether a system is 32 or 64 bit

wmic cpu get DataWidth /format:list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Startup applications

wmic startup get caption,command