====== Commandline ======

===== Process Information =====

^  ^^  ^
| ''tasklist'' || List all processes currently running | 
| ''tasklist /m'' || List all processes currently running and the DLLs each has loaded |
| ''tasklist /m [dll]'' || Lists all processes currently running which have the specified [dll] loaded |
| ''tasklist /svc'' || List all processes currently running and the services hosted in those processes |
| ''sc query'' || Query brief status of all services |
| ''sc qc [ServiceName]'' || Query the configuration of a specific service |
| ''taskkill <task>'' || |

===== File handling =====

^  ^^  ^
| ''dir'' ||  |
| ''copy'' ||  |
| ''move'' ||  |
| ''del'' ||  |
| ''type'' ||  |
| ''more'' ||  |
| ''fc'' || compare two files |
| ''echo'' ||  |
| ''md, cd, rd/rmdir'' || directories |
| ''xcopy, robocopy'' || copy file trees (or other complex copy operations) |
|  ||  |


===== File search =====

^  ^^  ^
| ''dir /b /s [Directory]\[FileName]'' || Search directory structure for a file in a specific directory |
| ''[Command] %%|%% find <string>'' || Find <string> in command output  |
| ''[Command] %%|%% find /c <string>'' || Count <string> in command output  |
| ''find /c /v ""'' || Finds the count (/c) of lines that do not contain (/v) nothing (""). Lines that do not have nothing are all lines, even blank lines, which contain CR/LF |
|  ||  |



===== Loops =====

^  ^^  ^
| ''for /L %i in ([start],[step],[stop]) do [command]'' || Counting Loop |
| ''for /F %i in ([file-set]) do [command]'' || Iterate over file line by line |
|  ||  |

===== System Info =====


<code>
DATE 	Outputs or sets the current date 	DATE
TIME 	Displays or sets the system time 	TIME
DRIVERQUERY 	Displays the current state and properties of device drivers 	DRIVERQUERY
HOSTNAME 	Displays the name of the computer 	HOSTNAME
SYSTEMINFO 	Shows configuration information about your computer 	SYSTEMINFO
VER 	Displays the Windows version 	VER
GPRESULT 	Displays the currently applied group policies (RSoP) 	GPRESULT /R
GPUPDATE 	Updates group policies 	GPUPDATE /FORCE
</code>

===== Tools =====

==== Network ====

^  ^^  ^
| ''%%netstat –nao%%'' || Show all TCP and UDP port usage and process ID |
| ''%%netstat –nao [N] | find [port]%%'' || Look for usage of port [port] every [N] seconds |
| ''%%netstat –s –p [tcp|udp|ip|icmp]%%'' || Dump detailed protocol statistics |
|  ||  |


<code>
PCONFIG 	Shows information about network interfaces and IP configuration 	IPCONFIG /ALL
PING 	Sends ICMP requests to the target host to check its availability 	PING google.com
TRACERT 	Finds the network path for packets traveling to a destination 	TRACERT google.com
NSLOOKUP 	Finds the IP address for a resource name 	NSLOOKUP google.com
ROUTE 	Displays network route tables 	ROUTE PRINT
ARP 	Displays a table mapping IP addresses to physical (MAC) addresses 	ARP -A
NETSH 	Starts the network settings control program 	NETSH INTERFACE IP SHOW CONFIG

</code>

==== Reg ====


^  ^^  ^
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |

reg add
[\\TargetIPaddr\][RegDomain]\[Key]

reg export [RegDomain]\[Key]
[FileName]

reg import [FileName]

reg query
[\\TargetIPaddr\][RegDomain]\[Key] /v
[ValueName]

recurse with /s

==== wmic ====

^  ^^  ^
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |

wmic [alias] [where clause] [verb
clause]

[aliases]:
process
service
share
nicconfig
startup
useraccount
qfe

Example [where clauses]:
where name="nc.exe"
where (commandline like "%stuff")
where (name="cmd.exe" and
parentprocessid!="[pid]")

Example [verb clauses]:
list [full|brief]
get [attrib1,attrib2…]
call [method]
delete

List all attributes of [alias]:
C:\> wmic [alias] get /?

List all callable methods of [alias]:
C:\> wmic [alias] call /?

wmic process list full

wmic /node:[TargetIPaddr]
/user:[User] /password:[Passwd] process
list full

==== Netsh ====

^  ^^  ^
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |

Interacting with the Network Using Netsh
Turn off built-in Windows firewall:
C:\> netsh firewall set opmode disable
Configure interface “Local Area Connection” with
[IPaddr] [Netmask] [DefaultGW]:
C:\> netsh interface ip set address
local static [IPaddr] [Netmask]
[DefaultGW] 1
Configure DNS server for “Local Area Connection”:
C:\> netsh interface ip set dns local
static [IPaddr]
Configure interface to use DHCP:
C:\> netsh interface ip set address
local dhcp


==== Administration ====

^  ^^  ^
|''schtasks /CREATE /SC DAILY /TN "Backup" /TR "C:\Backup.bat" /ST 12:00''  || Schedule task |
|''schtasks'' || List scheduled tasks |
|''shutdown -s -t 0'' || shutdown now (time in sec 0) |
|''runas /USER:Administrator "notepad.exe"'' || You guess! |
|  ||  |
|  ||  |




==== GUI ====

^  ^^  ^
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |

Invoking Useful GUIs at the Command Line
Local User Manager (includes group management):
C:\> lusrmgr.msc
Services Control Panel:
C:\> services.msc
Task Manager:
C:\> taskmgr.exe
Security Policy Manager:
C:\> secpol.msc
Event Viewer:
C:\> eventvwr.msc
Control Panel:
C:\> control


==== Template ====


^  ^^  ^
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |
|  ||  |