Yes, also Windows can be used by command line…

Today I propose a brief list of useful Windows CLI commands for daily use

Windows Registry

Adding Keys and Values

C:>reg add [\TargetIPaddr][RegDomain][Key]

Add a key to the registry on machine [TargetIPaddr] within the registry domain [RegDomain] to location [Key].

If no remote machine is specified, the current machine is assumed.

Export and Import

C:>reg export [RegDomain][Key] [FileName]

Export all subkeys and values located in the domain [RegDomain] under the location [Key] to the file [FileName]

C:>reg import [FileName]

Import all registry entries from the file [FileName].

Import and export can only be done from or to the local machine.

Query for a specific Value of a Key

C:>reg query [\TargetIPaddr][RegDomain][Key] /v [ValueName]

Query a key on machine [TargetIPaddr] within the registry domain [RegDomain] in location [Key] and get the specific value [ValueName] under that key.

Add /s to recurse all values.


Fundamental grammar

C:>wmic [alias] [where clause] [verb clause]

Useful [aliases]:

  • process
  • service
  • share
  • nicconfig
  • startup
  • useraccount
  • qfe (Quick Fix Engineering — shows patches)

Example [where clauses]:

  • where name=”nc.exe”
  • where (commandline like “%stuff”)
  • where (name=”cmd.exe” and parentprocessid!=”[pid]”)

Example [verb clauses]:

  • list [full|brief]
  • get [attrib1,attrib2…]
  • call [method]
  • delete

List all attributes of [alias]:

C:> wmic [alias] get /?

List all callable methods of [alias]:

C:>wmic [alias] call /?

List all attributes of all running processes:

C:>wmic process list full

Make WMIC effect remote[TargetIPaddr]:

C:>wmic /node:[TargetIPaddr] /user:[User] /password:[Passwd] process list full

Processes and Services

List all processes currently running:


List all processes currently running and the DLLs each has loaded:

C:>tasklist /m

Lists all processes currently running which have the specified [dll] loaded:

C:>tasklist /m [dll]

List all processes currently running and the services hosted in those processes:

C:>tasklist /svc

Query brief status of all services:

C:>sc query

Query the configuration of a specific service:

C:>sc qc [ServiceName]

File Search and Counting Lines

Search directory structure for a file in a specific directory:

C:>dir /b /s [Directory][FileName]

Count the number of lines on StandardOuy of [Command]:

C:>[Command] | find /c /v “”

Finds the count (/c) of lines that do not contain (/v) nothing (“”). 
Lines that do not have nothing are all lines, even blank lines, which contain CR/LF

Command line FOR loops

Counting Loop

C:>for /L %i in([start],[step],[stop]) do [command]

Set %i to an initial value of [start] and increment it by [step] at every iteration until its value is equal to [stop].

For each iteration, run [command].

The iterator variable %i can be used anywhere in the command to represent its current value.

Iterate over file contents

C:>for /F %i in ([file-set]) do[command]

Iterate through the contents of the file on a line-by-line basis. 
For each iteration, store the contents of the line into %i and run [command].


Useful NETSTAT syntax

Show all TCP and UDP port usage and process ID:

C:>netstat –nao

Look for usage of port [port] every [N] seconds:

C:>netstat –nao [N] | find [port]

Dump detailed protocol statistics:

C:>netstat –s –p [tcp|udp|ip|icmp]

Useful NETSH syntax

Turn off built-in Windows firewall:

C:>netsh firewall set opmode disable

Configure interface “Local Area Connection” with [IPaddr] [Netmask] [DefaultGW]:

C:>netsh interface ip set address local static [IPaddr] [Netmask] [DefaultGW] 1

Configure DNS server for “Local Area Connection”:

C:>netsh interface ip set dns local static [IPaddr]

Configure interface to use DHCP:

C:>netsh interface ip set address local dhcp