List of uncommon useful cmd commands are as follows:
-
Cipher:
Cipher.exe is a built-in command line tool in the Windows operating system that can be used to encrypt or decrypt data on NTFS drives. This tool also lets to securely delete data by overwriting it.
Cipher Switches:- /? : Displays help at the command prompt.
- /e : Encrypts the specified folders. Folders are marked so that files that are added to the folder later are encrypted too.
- /d : Decrypts the specified folders. Folders are marked so that files that are added to the folder later are encrypted too.
- /w : PathName – Removes data on unused portions of a volume. PathName can indicate any directory on the desired volume.
Syntax:
cipher /w:c
This will wipe free space on the drive. The command does not overwrite undeleted data, so you will not wipe out files you need by running this command.
-
File compare:
File compare (or fc) is a great command line tool that can be used to compare files to see if there are any content or binary code differences that you can access if you are using a PC. It is a simple program that will compare the contents of text or binary files and is capable of comparing both ASCII and Unicode text. You can use this tool to display any lines from two files or two sets of files that do not match up with the others.
Switches:- /b – This switch will perform a binary comparison.
- /c – If you need to do a case insensitive comparison, use this switch.
- /a – This switch will make FC show only the first and last lines for each group of differences.
- /u – Use this switch to compare files as Unicode text files.
- /l – This will compare your files as ASCII text.
- /n – This switch can only be used with ASCII but it will show all the corresponding line numbers.
Syntax:
Simply type “fc” and then the directory path and file name of the two files you want to compare.fc [switches] [pathname1] [pathname2]
-
Tasklist:
In Windows, we can get the list of processes running on the system from command prompt also. We can use ‘tasklist‘ command for this purpose.
Using this command we can selectively list the processes based on criteria like the memory space used, running time, image file name, services running in the process etc.
Parameters:- /s Computer : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.
- /u Domain \ User : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.
- /p Password : Specifies the password of the user account that is specified in the /u parameter.
- /fo { TABLE | LIST | CSV } : Specifies the format to use for the output. Valid values are TABLE, LIST, and CSV. The default format for output is TABLE.
- /nh : Suppresses column headers in the output. Valid when the /fo parameter is set to TABLE or CSV.
- /fi FilterName : Specifies the types of process(es) to include in or exclude from the query. The following table lists valid filter names, operators, and values.
- /svc : Lists all the service information for each process without truncation. Valid when the /fo parameter is set to TABLE. Cannot be used with the /m or the /v parameter.
- /v : Specifies that verbose task information be displayed in the output. Cannot be used with the /svc or the /m parameter.
- /m [ ModuleName ] : Specifies to show module information for each process. When a module is specified, all the processes using that module are shown. When a module is not specified, all the processes for all the modules are shown. Cannot be used with the /svc or the /v parameter.
tasklist[.exe] [/s computer] [/u domain\user [/p password]] [/fo {TABLE|LIST|CSV}] [/nh] [/fi FilterName [/fi FilterName2 [ ... ]]] [/m [ModuleName] | /svc | /v]
Example:
tasklist /v /fi “PID gt 1000” /fo csv
tasklist /fi “USERNAME ne NT AUTHORITY\SYSTEM” /fi “STATUS eq running”
tasklist /v /fi “STATUS eq running”
tasklist /s srvmain /nh
tasklist /s srvmain /s srvny
tasklist /s srvmain /u maindom\hiropln /p p@ssW23 /nh -
Taskkill:
Its sure that you are familiar with the traditional way to kill or end a process in Windows using Task Manager. This method is effective but not nearly as fun as killing a process in Command Prompt. Additionally, killing processes in Command Prompt provides much more control and the ability to end multiple processes at once.
Parameters:- /s Computer : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.
- /u Domain \ User : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.
- /p Password : Specifies the password of the user account that is specified in the /u parameter.
- /fi FilterName : Specifies the types of process(es) to include in or exclude from termination. The following are valid filter names, operators, and values.
- /pid ProcessID : Specifies the process ID of the process to be terminated.
- /im ImageName : Specifies the image name of the process to be terminated. Use the wildcard (*) to specify all image names.
- /f : Specifies that process(es) be forcefully terminated. This parameter is ignored for remote processes; all remote processes are forcefully terminated.
- /t : Specifies to terminate all child processes along with the parent process, commonly known as a tree kill.
Syntax:
taskkill [/s Computer] [/u Domain\User [/p Password]]] [/fi FilterName] [/pid ProcessID]|[/im ImageName] [/f][/t]
Examples:
C:\>taskkill /pid 26356 /f
C:\>taskkill /fi “USERNAME eq Pratik” /f
C:\>taskkill /s VictimsDesktop /u RemoteAccountName /p RemoteAccountPassword /im notepad.exe /f -
System File Checker:
System File Checker is an automatic scan and repair tool that focuses on Windows system files. You will need to run the command prompt with administrator privileges and enter the command “sfc /scannow”. If any corrupt or missing files are found, they’ll be automatically replaced using cached copies kept by Windows for just that purpose. The command can require a half-hour to run on older notebooks.
Syntax:sfc /scannow
-
Driverquery:
Drivers remain among the most important software installed on a PC. Improperly configured or missing drivers can cause all sorts of trouble, so its good to have access to a list of what’s on your PC. That’s exactly what the “driverquery” command does. You can extend it to “driverquery -v” to obtain more information including the directory in which the driver is installed.
Parameters:- /s Computer : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.
- /u Domain \ User : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.
- /p Password : Specifies the password of the user account that is specified in the /u parameter.
- /fo { TABLE | LIST | CSV } : Specifies the format to display the driver information. Valid values are TABLE, LIST, and CSV. The default format for output is TABLE.
- /nh : Omits the header row from the displayed driver information. Valid when the /fo parameter is set to TABLE or CSV.
- /v : Specifies that detailed driver information be displayed.
- /si : Displays digital signature information for both signed and unsigned device drivers.
Syntax:
driverquery [/s Computer] [/u Domain\User /p Password] [/fo {TABLE|LIST|CSV}] [/nh] [/v] [/si]
Examples:
driverquery
driverquery /fo csv
driverquery /nh
driverquery /s ipaddress - WMIC: If we need to extract basic cpu information like disk information or CPU information.
o wmic CPU get : CPU utilization.
o wmic diskdrive get : Disk and storage information.
- Powercfg: Used for configuring Power options in Windows
o powercfg.exe /hibernate on or powercfg.exe /hibernate off : Activate/Deactivate hibernate.
o powercfg -a : Shows available power saving states.
o powercfg /energy : Detailed power consumption report for pc.
- Assoc: List of file extensions on PC.
- Netsh: Helps in displaying network configuration of PC.
o netsh winsock reset: Reset network socket errors.
o netsh int ip reset: Reset IP address and IP logs.
o netsh firewall show state : Display all active and blocked ports in PC’s firewall.