Windows CMD-Fu

March 25, 2017

User Management

# Create a User
net user <username> <password> /add [/domain]

# Delete a User
net user <username> /delete [/domain]

# Enable/Disable a User Using net.exe
net user <username> /active:[yes|no] [/domain]

# Enable/Disable a User Using WMI
wmic useraccount where name='<username>' set disabled=[true|false]

# Set/Reset a User's Password
net user <username> <password> [/domain]

Group Management

# Add User to Group
net group <groupname> <username> /add [/domain]

Event Logs

# Export Event Log to EVTX
wevtutil epl <logname> <filename.evtx>

# Search for an Event Using PowerShell
Get-WinEvent -FilterHashTable @{logname='<logname>'; id='<id>'; StartTime='1/20/2016'; EndTime='1/21/2016'}

Searching for Files

# Using dir.exe
dir <filename> /s /p

# Using PowerShell
Get-ChildItem -Recurse -Include <filename>

Pivoting Using netsh.exe

netsh interface portproxy add v4tov4 listenport=8001 listenaddress= connectport=80 connectaddress=

netsh interface portproxy show all

Transferring Files

# With BITS
Import-Module BitsTransfer
Start-BitsTransfer -Source <source> -Destination <destination> -TransferType Upload