Commandline

List all processes currently running: C:\> tasklist List all processes currently running and the DLLs each has loaded: C:\> tasklist /m Lists all processes currently running which have the specified [dll] loaded: C:\> tasklist /m [dll] List all processes currently running and the services hosted in those processes: C:\> tasklist /svc Query brief status of all services: C:\> sc query Query the configuration of a specific service: C:\> sc qc [ServiceName]

Search directory structure for a file in a specific directory: C:\> dir /b /s [Directory]\[FileName] Count the number of lines on StandardOuy of [Command]: C:\> [Command] | find /c /v “” Finds the count (/c) of lines that do not contain (/v) nothing (“”). Lines that do not have nothing are all lines, even blank lines, which contain CR/LF

Useful Netstat Syntax Show all TCP and UDP port usage and process ID: C:\> netstat –nao Look for usage of port [port] every [N] seconds: C:\> netstat –nao [N] | find [port] Dump detailed protocol statistics: C:\> netstat –s –p [tcp|udp|ip|icmp]

reg add [\\TargetIPaddr\][RegDomain]\[Key]

reg export [RegDomain]\[Key] [FileName]

reg import [FileName]

reg query [\\TargetIPaddr\][RegDomain]\[Key] /v [ValueName]

recurse with /s

wmic [alias] [where clause] [verb clause]

[aliases]: process service share nicconfig startup useraccount qfe

Example [where clauses]: where name=“nc.exe” where (commandline like “%stuff”) where (name=“cmd.exe” and parentprocessid!=“[pid]”)

Example [verb clauses]: list [full|brief] get [attrib1,attrib2…] call [method] delete

List all attributes of [alias]: C:\> wmic [alias] get /?

List all callable methods of [alias]: C:\> wmic [alias] call /?

wmic process list full

wmic /node:[TargetIPaddr] /user:[User] /password:[Passwd] process list full