Basics
Located at C:\Windows\System32\cmd.exe.
Basic Commands
# clear the screen
cls
# command history
doskey /historydoskey /history
Prints the session's command history.
page up
Places the first command in our session history to the prompt.
page down
Places the last command in history to the prompt.
⇧
View previously run commands.
⇩
View most recent commands run.
⇨
Types the previous command to prompt one character at a time.
⇦
N/A
F3
Will retype the entire previous entry to our prompt.
F5
Pressing F5 multiple times will allow you to cycle through previous commands.
F7
Opens an interactive list of previous commands.
F9
Enters a command to our prompt based on the number specified. The number corresponds to the commands place in our history.
Interesting Directories
C:\Windows\Temp
Contains temp system files accessible to all users on the system. All users have full access (rwx). Useful for dropping files as a low-privilege user on the system.
C:\Users\<user>\AppData\Local\Temp
Similar to above, but accessible only to the user account that it is attached to. Useful when the attacker gains control of a local/domain joined user account.
C:\Users\Public
Allows any interactive logon account full access. Alternative to the global \Temp as it's less likely to be monitored for suspicious activity.
C:\Program Files
Contains all 64-bit applications installed on the system.
C:\Program Files (x86)
Contains all 32-bit applications installed on the system.
Navigation
# list directory
dir
# list hidden files
dir /a:h
# current working directory
cd
chdir
# move to another directory
cd <PATH>
chdir <PATH>
# print the structure of current directory & subdirs
tree
# directories & files
tree /FFiles & Dirs
Directories
Basics
# create new dir
mkdir <name>
md <name>
# delete empty dir
rmdir <name>
rd <name>
# delete non-empty dir
rmdir /S <name>
rd /S <name>
# move dir
move <source> <dest>Copy
xcopy has been deprecated for robocopy. xcopy resets any file attributes by default which can be useful from an attacker's perspective.
# copy dir
xcopy <source> <dest> <options>
# recursive (+empty dirs)
xcopy <source> <dest> /E
# retain attributes
xcopy <source> <dest> /Krobocopy (robust file copy) is a combination of copy, xcopy, and move. It is made for large directories and drive syncing.
# basic usage
robocopy <source> <dest>Files
View Content
# view contents
type <filename>
# view contents of all files at once
type *.txt
# read all files from all subdirectories
for /r %i in (*) do type "%i" >> all_files_content.txt
# view contents once-screen at a time, remove extra blank space
more <filename> /S
# we can also large-output commands to it
systeminfo | moreCreate & Modify
# create a file
echo <text> > <filename>
fsutil file createNew <filename> 222
# rename a file
ren <filename> <newfilename>
rename <filename> <newfilename>Delete
# delete a file
del <filename>
erase <filename>
# delete files based on a specific attribute
del /A:R *Copy & Move
# copy a file (with validation)
copy <source> <dest> /V
# move a file
move <source> <dest>I/O
# redirect output to a file
systeminfo > <filename>
# append to a file
systeminfo >> <filename>
# pass input to a command
find /i "see" < <filename>
# pass output to a command
type <filename> | find /i "see"Command Chaining
# just run one after another regardelss of status
<cmd1> & <cmd2>
# run cmd2 only if cmd1 succeeds
<cmd1> && <cmd2>
# run cmd2 only if cmd1 fails
<cmd1> || <cmd2>Resources
Last updated