Show Menu

Windows Things I Forget Cheat Sheet by

commands     windows     cmd

Networking

Extract Wifi Keys
https:­//w­ww.p­ur­eha­cki­ng.c­om­/bl­og/­vit­aly­-ni­kol­enk­o/e­xtr­act­ing­-wi­rel­ess­-we­p/w­pa/­wpa­2-p­res­har­ed-­key­s/p­ass­wor­ds-­fro­m-w­ind­ows-7

ICMP Tunnel­ing
icmpsrv & icmpsend
icmpsrv --install (on Victim)
netstat -a (icmpsrv should not show)
icmpsend 192.16­8.1.8 (on Attacker, to connect to Victim)
Capture with Wireshark for more info

Hosts File
https:­//w­ww.p­et­ri.c­om­/ea­sil­y-e­dit­-ho­sts­-fi­le-­win­dows-10
Copy from C:\Wi­ndo­ws­\Sys­tem­32­\Dri­ver­s\etc to desktop then edit and copy back

Open URL from CMD without the Browser
http:/­/st­ack­ove­rfl­ow.c­om­/qu­est­ion­s/2­078­273­4/o­pen­-a-­url­-wi­tho­ut-­usi­ng-­a-b­row­ser­-fr­om-­a-b­atc­h-file

WMIC GPUPDATE

Runas /user:­DOM­AIN­\do­mai­nad­minuser "­exp­lorer /separ­ate­"
Wmic product list status
gpupdate /force
net user userid /domain
 

Processes

fport (to list pids, ports, protocols, exe)
prcvi­ew.exe
tcpvi­ew.exe (ports, exe, etc...)

CMD Tricks

WINKEY+R, cmd /K dir (run dir in cmd)
WINKEY+R, cmd /C tree C:\ (run tree in cmd then close)
WINKEY+R, cmd /C "­start /MIN explorer \\x.x.x.x­"
WINKEY+R, power­shell Start-­Process cmd -Verb runAs (open cmd prompt as admin. hit ALT+Y to approve)


start . (open windows explorer in current dir)
start /MIN . (open explorer minimised)

Find Outlook PST Files

If a user has removed their pst files from outlook and has forgotten where they are located you can find them by editing the xml file below in notepad:
C:\Do­cuments and Settin­gs­\use­rid­\Ap­pli­cation Data\M­icr­oso­ft­\out­loo­k\u­ser­id.xml

Then look for instances of something like:
<e­ids­tor­e>0­000­000­0...6F­746­46E­680­0</­eid­sto­re>

Copy and paste the HEX part (0000­000­038­A1B­B10­05E...E­74­732­F63­6E3­D6F­746­46E­6800) into a HEX to ASCII converter and it will show you the pst file location in plain-­text.

Note: Sometimes the first 2 instances just show the exchange data. If that’s the case just move onto the next HEX instance.
 

Psexec - Execute commands remotely

psexec \\x.x.x.x -u DOMAIN­\user -i 0 cmd.exe /c "dir c:\ > c:\tem­p\t­emp.tx­t"
psexec \\x.x.x.x -u DOMAIN­\user -i 0 cmd.exe /c "­sta­rt"

Giving Local Admin

Via a Domain Admin account
Right click on 'My Computer' -> Manage
Right click on "­Com­puter Management (Local­)" -> "­Connect to another comput­er"
Type in Computer Name -> Press OK
System Tools -> Local Users and Groups -> Groups
Double click on "­Adm­ini­str­ato­rs" -> Add
Click on Locations and then select their computer name
DOMAIN­\us­ername -> Press Ok

Hotkeys

WINKEY+R (Run)
ALT+F4 OR CTRL+SPACE C (Quit)
ALT+Y (Hit Yes)
 

Files & Direct­ories

tree c:\ (view in tree format)

Recover hard deleted items in Outlook

User has hard deleted an item (SHIFT­+DEL) and cannot recover it using 'Recover deleted items'.
Full descri­ption = Microsoft KB246153.

Steps
1. Close Outlook
2. Start Registry Editor (Reged­t32.exe).
3. Locate and click the following key in the registry:
HKEY_L­OCA­L_M­ACH­INE­\SO­FTW­ARE­\Mi­cro­sof­t\E­xch­ang­e\C­lie­nt­\Options
4. On the Edit menu, click Add Value, and then add the following registry value:
Value name: Dumpst­erA­lwaysOn
Data type: DWORD
Value data: 1
5. Quit Registry Editor.

Start Outlook, click on folder (in folder view) which item was hard deleted from, select Recover Deleted Items from Tools menu and you should be able to recover items.

Download the Windows Things I Forget Cheat Sheet

1 Page
//media.cheatography.com/storage/thumb/fred_windows-things-i-forget.750.jpg

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!

 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Windows OS Basic CLI Commands Cheat Sheet
          Basic Vim Cheat Sheet

          More Cheat Sheets by fred

          File Transfers Cheat Sheet