Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Active Directory
- To quickly list all the groups in your domain, with members
- dsquery group -limit 0 | dsget group -members –expand
- To find all users whose accounts are set to have a non-expiring password
- dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0
- To list all the FSMO role holders in your forest
- netdom query fsmo
- To refresh group policy settings
- gpupdate
- To list all applied GPO on client machine
- gpresult /H c:/tmp/policy.html
- To check Active Directory replication on a domain controller
- repadmin /replsummary
- To force replication from a domain controller without having to go through to Active Directory Sites and Services
- repadmin /syncall
- To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands:
- set l
- echo %logonserver%
- To see what security groups you belong to
- whoami
- To see what security groups you belong to
- whoami /groups
- To see the domain account policy (password requirements, lockout thresholds, etc)
- net accounts
- #Networking
- To quickly generate a text summary of your system
- systeminfo | more
- To add an entry to your routing table that will be permanent, run the route add command with the –p option
- route add 0.0.0.0 mask 0.0.0.0 172.16.250.5 –p
- To quickly reset your NIC back to DHCP with no manual settings,
- netsh int ip reset all
- Need to run a trace
- netsh trace start capture=yes tracefile=c:\capture.etl
- netsh trace stop
- To see all network connections your client has open
- net use
- To see your routing table, run either of these commands
- route print
- netstat -r
- netstat –ano 1
- netstat –ano 8
- netstat –ano 40
- add a | findstr value to watch for only a specific connection, like a client ip.addr or port
- netstat –ano | findstr 216.134.217.20
- netstat –ano 1| findstr 216.134.217.20
- netstat –ano 50| findstr 216.134.217.20
- netstat -ano 1 | findstr :139
- netstat -ano 50 | findstr :139
- List out all connections
- netstat -a
- List only TCP connections
- netstat -at
- List only UDP connections
- netstat -au
- Disable reverse dns lookup for faster output
- netstat -ant
- List out only listening connections
- netstat -tnl
- Get process name/pid and user id
- netstat -nlpt
- netstat -ltpe
- Print statistics
- netstat -s
- Display kernel routing information
- netstat -rn
- Print network interfaces
- netstat -i
- Get netstat output continuously
- netstat -ct
- ipconfig /all IP Configuration (Display Connection Configuration)
- ipconfig /displaydns IP Configuration (Display DNS Cache Contents)
- ipconfig /flushdns IP Configuration (Delete DNS Cache Contents)
- ipconfig /release IP Configuration (Release All Connections)
- ipconfig /renew IP Configuration (Renew All Connections)
- ipconfig /registerdns IP Configuration (Refreshes DHCP & Re-Registers DNS)
- ipconfig /showclassid IP Configuration (Display DHCP Class ID)
- ipconfig /setclassid IP Configuration (Modifies DHCP Class ID)
- to shutdown or reboot a machine, including your own, in a simple scheduled task
- shutdown –r –t 0 –m \\localhost
- Scan for open ports for specific IP/host
- nmap -n -sV 192.168.1.4
- Scan for open ports for a network
- nmap -n -sV 192.168.1.0/24
- #System
- enable the local administrator account
- net user administrator * /active:yes
- see all the open files on a system
- openfiles /query
- reset IIS without having to reboot the whole server
- iisreset
- To check if server is virtual.
- On Windows
- CMD:
- Systeminfo | findstr /i model
- powershell:
- gwmi -q "select * from win32_computersystem"
- determine if the current version of Windows is either 32-bit or 64-bit from the command line
- echo %PROCESSOR_ARCHITECTURE%
- check the PROCESSOR_ARCHITECTURE environment variable. 64-bit systems will say AMD64 and 32-bit systems should say "x86"
- C:\>wmic OS get OSArchitecture
- OSArchitecture
- 32-bit
- To display the MD5 hash of a file, type the following command at a command prompt:
- fciv.exe filename
- fciv.exe -sha1 filename
- AD Shortcuts
- dsa.msc Active Directory Users and Computers
- adsiedit.msc ADSI Edit
- AdRmsAdmin.msc Active Directory Rights Managment Services Administration
- azman.msc Authorization Manager
- certsrv.msc Active Directory Certificate Services
- CluAdmin.msc Failover Cluster Manager
- dfsmgmt.msc DFS Managment
- dhcpmgmt.msc DHCP Management
- dnsmgmt.msc DNS Management
- domain.msc Active Directory Domains and Trusts
- fsrm.msc File Server Resource Manager
- gpmc.msc Group Policy Management Console
- gpme.msc Group Policy Management Editor
- lsdiag.msc Remote Desktop Licensing Diagnoser
- remoteprograms.msc RemoteApp Manager
- rrasmgmt.msc Routing and Remote Access
- sbmgr.msc Remote Desktop Connection Manager
- tsadmin.msc Remove Desktop Services Manager
- tsconfig.msc Remove Desktop Session Host Configuration
- tsmmc.msc Remote Desktops
- winsmgmt.msc WINS Management
- WSRM.msc Windows System Resource Manager
- Local Computer Shortcuts
- gpedit.msc Local Group Policy Editor
- fsmgmt.msc Shared Folders
- eventvwr.msc Event viewer
- certlm.msc Certificates – Local Computer
- certmgr.msc Certificates – Local Users
- certtmpl.msc Certificates Templates Console
- appwiz.cpl Programs and Features
- Firewall.cpl Windows Firewall
- compmgmt.msc computer management
- psr.exe steps recorder
- comexp.msc Component Services
- devmgmt.msc Device Manager
- diskmgmt.msc Disk Management
- lusrmgr.msc Local Users and Groups
- ncpa.cpl Network Connections
- perfmon.msc Performance Monitor
- sysdm.cpl System Properties
- WF.msc Windows Firewall with Advanced Security
- Windows Run Commands Shortcuts
- Control Panel Program Shortcuts
- control Control Panel
- control netconnections Network Properties
- control printers Printers Folders
- control userpasswords2 Manager all User Accounts
- control update Windows Update
- control admintools Administrative Tools
- control schedtasks Scheduled Tasks
- appwiz.cpl Program and Features
- intl.cpl Regional Settings (International)
- sysdm.cpl System Properties
- firewall.cpl Windows Firewall
- Windows Tools
- explorer Windows Explorer
- regedit Registry Editor
- services.msc Windows Services (local)
- taskmgr Task Manager
- msconfig System Configuration Utility
- mstsc Remote Desktop (Microsoft Terminal Services)
- logoff Log Off Windows (without confirmation!
- shutdown Shuts Down Windows (don't try unless you are ready to shutdown)
- msinfo32 System Information
- verify file signatures
- fciv gpg4win-2.2.5.exe -sha1
- fciv gpg4win-2.2.5.exe -md5
- fciv gpg4win-2.2.5.exe -sha1 > filedownloaded.txt
- fciv gpg4win-2.2.5.exe -md5 > filedownloaded.txt
- #Network Tools
- Network Monitor
- Nagios Core
- OpenNMS
- Advanced IP Scanner
- Messsage Analyzer
- Capsa Free
- Wireshark
- Fiddler
- NetworkMiner
- Zenoss Core
- Pandora FMS
- Xirrus Wi-Fi Inspector
- WirelessNetView
- Xymon
- NetXMS
- Total Network Monitor
- Icinga 2
- Angry IP Scanner
- Splunk
- The Dude
- PRTG Network Monitor Freeware
- System Tools
- Shadow Explorer
- Security Tools
- Malwarebytes Anti-Malware
- Hitman Pro3
- Data Recovery Tools
- Data Recovery Wizard Free 9.0
- R-STUDIO
- Recuva
- #Tools
Add Comment
Please, Sign In to add comment