Useful Windows Commands
Add Admin User w/ RDP
net user <username> <password> /ADD
net localgroup administrators <username> /ADD
net localgroup "Remote Desktop Users" username /ADD
Tasks / Services
- Start or stop a service
net start|stop servicename
- View the currently running tasklist
tasklist
- Kill a task by name
taskkill /F /IM task.exe
- Kill a task by PID
Taskkill /PID PID /F
Base64 encoding / decoding
- base64 encode
certutil -encode inputfile outputfile
- base64 decode
cmd certutil -decode inputfile outputfile
Dump passwords
- via reg.exe
reg.exe save hklm\sam c:\sam_backup
reg.exe save hklm\security c:\security_backup
reg.exe save hklm\system c:\system
Security settings
- Allow RDP
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
- Disable UAC
reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system
reg setval -v EnableLUA -d 0 -t REG_DWORD -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system
- Refresh policies
gpupdate /force
- Disable the Firewall
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
Variables
- Show all variables
set
- Windows TEMP folder
%TEMP%
- Current domain and user (if whoami is not available)
echo %USERDOMAIN%\%USERNAME%
Location of files
- Repair files like SAM
c:\windows\repair\
- Windows TEMP folder
%TEMP%
- Search for a specific file (wildcards are supported)
dir /S /P "filename"