CMD

The similar to the Linux ; to pipe commands as in:

echo "command 1" ; echo "command 2"

is & as in:

dir & whoami

Dealing with files and other stuff

del → Delete file

md foldername → Create folder/directory

dir /A → Show hidden files

type file.txt → Print out file content (like cat in Linux)

findstr file.txt → grep files

Network

netstat -an → Show network information

ipconfig → Show network adapter information

ping ip → Ping another machine

tracert → Traceroute

Processes

tasklist → List processes

taskkill /PID 1532 /F → Kill a process

Users

net user hacker my_password /add → Add net user

net localgroup Administrator hacker /add → add net user to localgroup

net localgroup /domain → Check if you are part of a domain

net users /domain → List all users in a domain

Other

shutdown /s /t 0 → Shutdown now

shutdown /r /t 0 → Restart

ciper /w:C:\\ → Shreds the whole machine

set → Show environmental variables

help dir Show options for commands (similar to man in Linux)

Mounting - Mapping

In Windows mounting is called mapping.

If you want to see which drives are mapped/mounted to your file-system you can use any of these commands:

# This is the most thorough
wmic logicaldisk get deviceid, volumename, description

# But this works too
wmic logicaldisk get name
wmic logicaldisk get caption

# This can be slow. So don't kill your shell!
fsutil fsinfo drives

# With powershell
get-psdrive -psprovider filesystem

# This works too, but it is interacive. So it might be dangerous work hackers
diskpart
list volume

# Map only network drives
net use

The command to deal with mounting/mapping is net use.

• Using net use we can connect to other shared folder, on other systems

• Many Windows machines have a default-share called IPC (Interprocess Communication Share)

• It does not contain any files but we can usually connect to it without authentication

• This is called a null-session

• Although the share does not contain any files it contains a lot fo data that is useful for enumeration

• The Linux equivalent to net use is usually smbclient

net use \\\\IP address\\IPC$ "" /u:""
net use \\\\192.168.1.101\\IPC$ "" /u:""

If you want to map a drive from another network to your filesystem you can do that like this:

# This will map it to drive z
net use z: \\\\192.168.1.101\\SYSVOL

# This will map it to the first available drive-letter
net use * \\\\192.168.1.101\\SYSVOL

Here you map the drive to the letter z. If the command is successful you should now be able to access those files by entering the z drive.

You enter the z drive by doing this:

C:\\>z:
Z:\\

# Now we switch back to c
Z:\\>c:
C:\\

Remove a network drive - umount it

c:
net use z: /del