Windows CMD-Fu

User Management

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14


# Create a User
net user <username> <password> /add [/domain]

# Delete a User
net user <username> /delete [/domain]

# Enable/Disable a User Using net.exe
net user <username> /active:[yes|no] [/domain]

# Enable/Disable a User Using WMI
wmic useraccount where name='<username>' set disabled=[true|false]

# Set/Reset a User's Password
net user <username> <password> [/domain]

Group Management

1
2


# Add User to Group
net group <groupname> <username> /add [/domain]

Event Logs

1
2
3
4
5


# Export Event Log to EVTX
wevtutil epl <logname> <filename.evtx>

# Search for an Event Using PowerShell
Get-WinEvent -FilterHashTable @{logname='<logname>'; id='<id>'; StartTime='1/20/2016'; EndTime='1/21/2016'}

Searching for Files

1
2
3
4
5


# Using dir.exe
dir <filename> /s /p

# Using PowerShell
Get-ChildItem -Recurse -Include <filename>

Pivoting Using netsh.exe

1
2
3


netsh interface portproxy add v4tov4 listenport=8001 listenaddress=192.168.0.10 connectport=80 connectaddress=192.168.0.10

netsh interface portproxy show all

Transferring Files

1
2
3


# With BITS
Import-Module BitsTransfer
Start-BitsTransfer -Source <source> -Destination <destination> -TransferType Upload