Commands

Terminal

:: Detect Terminal Type [CMD]
(dir 2>&1 *`|echo CMD);&

:: Print current Directory
echo %cd%

# Detect Terminal Type [Desktop - PWSH]
(dir 2>&1 *`|echo CMD);&<# rem #>echo ($PSVersionTable).PSEdition

# Print current Directory
pwd

# Format Output
Format-Table -AutoSize
Format-List

Executing

:: Execute [PSH] Commands from [CMD]
powershell -c "<Command>"

:: Execute [CMD] Commands from [PSH]
cmd /c "<Command>"

:: List Saved Credentials
cmdkey /list

:: Run Windows Applications or Tools under different Users Permissions
runas /savecred /user:<UserName> cmd.exe

:: Run Specific Commands [Password Piping is Not Allowed]
runas /user:<UserName> "cmd /c dir C:\"

:: [/netonly] Indicates that the User Information specified is for Remote Access Only
runas /netonly /user:<UserName> cmd.exe

Permissions

:: List Permissions
icacls <FileName>             

:: Grant Permissions
icacls <FileName> /grant Everyone:F

:: Take File/Folder Ownership
takeown /f <FileName>

# List Permissions
Get-Acl <FileName> | Format-List

Services

:: List Services [Filter]
sc queryex type=service state=all

:: Find Services
sc queryex type=service state=all | find /i <ServiceName>

:: Service Information
sc qc <ServiceName>

:: Start - Stop - Delete
sc start   <ServiceName>
sc stop    <ServiceName>
sc delete  <ServiceName>

# List Services
Get-Service

# Filter Service Status: Running - Stopped etc..
Get-Service | Where-Object -Property Status -eq Running

# Service Information
Get-CimInstance Win32_Service -Filter "name = 'ServiceName'" | Format-List *
Get-WmiObject win32_service | ?{$_.Name -like '*ServiceName*'} | Format-List *

# Start - Stop - Remove
Start-Service -Name "ServiceName"
Stop-Service -Name "ServiceName" -Force
Remove-Service -Name "ServiceName"

Tasks

:: Show Tasks
tasklist /v

:: Kill Tasks
taskkill /F /im <TaskName>

:: Show Tasks Detailed Info
schtasks /query /fo LIST /v

:: Show Specific Task Info
schtasks /query /tn "TaskName" /fo list /v

:: Enable - Disable
schtasks /Change /TN "TaskName" /Enable

:: Run
schtasks /run /tn <TaskName>

:: End
schtasks /end /tn <TaskName>

# Show Task Info
Get-Scheduledtask -TaskName "TaskName" | Format-List *

# List Jobs
Get-ScheduledJob

Search - Delete

:: Search Files [Current Folder/Subfolder]
dir /s <FileName>

:: Search Files [C:\ Drive]
where /r C:\ <FileName>

:: Force Delete Files [CMD]
del /f <FileName>

# Search Files Recursively 
Get-ChildItem -Path C:\ -Include "<FileName>" -File -Recurse -ErrorAction SilentlyContinue

# Delete Files
Remove-Item –Force <FileName>

Network

:: List [Active - Listening] Ports
netstat -a

:: List Listening [Windows Processes] [Requires Elevated Prompt]
netstat -anb

# List [Active - Listening] Ports
Get-NetTCPConnection

# Detailed Information
Get-NetTCPConnection | Select-Object -Property *

# Filter [Listen - Established]
Get-NetTCPConnection -State Listen

# Filter by Port
Get-NetTCPConnection -RemotePort 443

# List Open Local Ports [More Detailed Information]
Get-NetTCPConnection -State Listen | Select-Object -Property LocalAddress, LocalPort, RemoteAddress, RemotePort, State | Sort-Object LocalPort | Format-Table

# Show Established Connections & Resolve Addresses
Get-NetTCPConnection -State Established |Select-Object -Property LocalAddress, LocalPort,@{name='RemoteHostName';expression={(Resolve-DnsName $_.RemoteAddress).NameHost}},RemoteAddress, RemotePort, State,@{name='ProcessName';expression={(Get-Process -Id $_.OwningProcess). Path}},OffloadState,CreationTime | Format-Table

Script Execution

Unblock - Bypass
Import

# Unblocks files that were Downloaded from the Internet
Get-ChildItem -Recurse | Unblock-File

# Sets Execution Policies for Windows Computers
# [Bypass] Nothing is Blocked and there are no Warnings or Prompts
Set-ExecutionPolicy Bypass -Scope process -Force

# List Execution Policy Rules
Get-ExecutionPolicy -List | Format-Table -AutoSize

# Importing Modules
Import-Module .\ModuleToImport.ps1

# Alternative Import Method
. .\ModuleToImport.ps1

Archiving

# Extracts files from a Specified Archive [Zipped]
Expand-Archive <SourcePathOfZipFile> -DestinationPath <DestinationPath>

# Creates a Compressed Archive
Compress-Archive -Path <SourcePathOfZipFile> -DestinationPath <DestinationPath>

Other

:: Running [.msi] Installer
msiexec /quiet /qn /i C:\Windows\Temp\Installer.msi

:: Connect using RDP from Linux
xfreerdp /v:<IP> /u:<Username> /p:'<Password>'
rdesktop <IP> -u <Username> -p '<Password>'

Terminal​

Executing​

Permissions​

Services​

Tasks​

Search - Delete​

Network​

Script Execution​

Archiving​

Other​

Terminal

Executing

Permissions

Services

Tasks

Search - Delete

Network

Script Execution

Archiving

Other