Show Menu
Cheatography

Windows Things I Forget Cheat Sheet by

Networking

Extract Wifi Keys
https:­//w­ww.p­ur­eha­cki­ng.c­om­/bl­og/­vit­aly­-ni­kol­enk­o/e­xtr­act­ing­-wi­rel­ess­-we­p/w­pa/­wpa­2-p­res­har­ed-­key­s/p­ass­wor­ds-­fro­m-w­ind­ows-7

ICMP Tunneling
icmpsrv & icmpsend
icmpsrv --install
(on Victim)
netstat -a
(icmpsrv should not show)
icmpsend 192.16­8.1.8
(on Attacker, to connect to Victim)
Capture with Wireshark for more info

Hosts File
https:­//w­ww.p­et­ri.c­om­/ea­sil­y-e­dit­-ho­sts­-fi­le-­win­dows-10
Copy from
C:\Win­dow­s\S­yst­em3­2\D­riv­ers\etc
to desktop then edit and copy back

Open URL from CMD without the Browser
http:/­/st­ack­ove­rfl­ow.c­om­/qu­est­ion­s/2­078­273­4/o­pen­-a-­url­-wi­tho­ut-­usi­ng-­a-b­row­ser­-fr­om-­a-b­atc­h-file

WMIC GPUPDATE

Runas /user:­DOM­AIN­\do­mai­nad­minuser "­exp­lorer /separ­ate­"

Wmic product list status

gpupdate /force

net user userid /domain
 

Processes

fport
(to list pids, ports, protocols, exe)
prcvie­w.exe

tcpvie­w.exe
(ports, exe, etc...)

CMD Tricks

WINKEY+R,
cmd /K dir
(run dir in cmd)
WINKEY+R,
cmd /C tree C:\ 
(run tree in cmd then close)
WINKEY+R,
cmd /C "­start /MIN explorer \\x.x.x.x­" 

WINKEY+R,
powershell Start-­Process cmd -Verb runAs
(open cmd prompt as admin. hit ALT+Y to approve)


start . 
(open windows explorer in current dir)
start /MIN . 
(open explorer minimised)

Find Outlook PST Files

If a user has removed their pst files from outlook and has forgotten where they are located you can find them by editing the xml file below in notepad:
C:\Doc­uments and Settin­gs­\use­rid­\Ap­pli­cation Data\M­icr­oso­ft­\out­loo­k\u­ser­id.xml


Then look for instances of something like:
<ei­dst­ore­>00­000­000...6­F7­464­6E6­800­</e­ids­tor­e>


Copy and paste the HEX part
(00000­000­38A­1BB­100­5E...E­747­32F­636­E3D­6F7­464­6E6800)
into a HEX to ASCII converter and it will show you the pst file location in plain-­text.

Note: Sometimes the first 2 instances just show the exchange data. If that’s the case just move onto the next HEX instance.
 

Psexec - Execute commands remotely

psexec \\x.x.x.x -u DOMAIN­\user -i 0 cmd.exe /c "dir c:\ > c:\tem­p\t­emp.tx­t"

psexec \\x.x.x.x -u DOMAIN­\user -i 0 cmd.exe /c "­sta­rt"

Giving Local Admin

Via a Domain Admin account
Right click on 'My Computer' -> Manage
Right click on "­Com­puter Management (Local­)" -> "­Connect to another comput­er"
Type in Computer Name -> Press OK
System Tools -> Local Users and Groups -> Groups
Double click on "­Adm­ini­str­ato­rs" -> Add
Click on Locations and then select their computer name
DOMAIN­\us­ername -> Press Ok

Hotkeys

WINKEY+R (Run)
ALT+F4 OR CTRL+SPACE C (Quit)
ALT+Y (Hit Yes)
 

Files & Direct­ories

tree c:\ 
(view in tree format)

Recover hard deleted items in Outlook

User has hard deleted an item (SHIFT­+DEL) and cannot recover it using 'Recover deleted items'.
Full descri­ption = Microsoft KB246153.

Steps
1. Close Outlook
2. Start Registry Editor (Reged­t32.exe).
3. Locate and click the following key in the registry:
HKEY_L­OCA­L_M­ACH­INE­\SO­FTW­ARE­\Mi­cro­sof­t\E­xch­ang­e\C­lie­nt­\Options
4. On the Edit menu, click Add Value, and then add the following registry value:
Value name: Dumpst­erA­lwaysOn
Data type: DWORD
Value data: 1
5. Quit Registry Editor.

Start Outlook, click on folder (in folder view) which item was hard deleted from, select Recover Deleted Items from Tools menu and you should be able to recover items.
       
 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Basic Vim Cheat Sheet
          Windows Terminal Cheat Sheet

          More Cheat Sheets by fred

          Passive Recon Cheat Sheet
          File Transfers Cheat Sheet