Windows
hibernate
powercfg.exe -h off
enable powershell
set-executionpolicy unrestricted
Configure network
- Static ip.
netsh interface ip set address name="Local Area Connection" static 192.168.122.41 255.255.255.0 192.168.122.1 1
- Dhcp
netsh interface is set address name="Local Area Connection" dhcp
- extract msi
msiexec /a "C:\software.msi" /qb TARGETDIR="C:\Folder"
restart network
route -f ipconfig /release ipconfig /renew arp -d * nbtstat -R nbtstat -RR ipconfig /flushdns ipconfig /registerdns
Profile
- Profile
C:\Users\abjorklund\AppData\Roaming\Microsoft\Windows\Start Menu
restart via rdesktop
CTRL + ALT + END
alternative shutdown
Shutdown with restart
shutdown /t 0 /r /f
Shutdown
shutdown /t 0 /s /f
change password
Start a command prompt as administrator.
net user username password
is your account locked. bat file
@echo off :again date /t & time /t net user /domain mdinkel > c:\temp\mdinkel find "active" c:\temp\mdinkel timeout 10 goto again
Browse active dirctory structure
adsiedit.msc
PowerShell
gc
Get-content. Print content of file.
gc c:\temp\file.txt
Set-content
Set-Content -path REMOTE\Filename.txt
Out-File
Out-File -Encoding UTF8
replace text in file
Get-Content REMOTE\Filename.txt | foreach-object { $_ -replace "OLD", "NEW" } | Set-Content REMOTE\Filename.txt
get-service
get-service ipeventwatcher
stop-service
stop-service ipeventwatcher
restart-service
restart-service ipremote -force
start-service
start-service ipeventwatcher
variable
Set variable to content of file.
$a = gc IPremote.exe.config
md5sum
[CmdletBinding(SupportsShouldProcess=$False)] param([string]$File) function Get-Checksum([string]$strInFile) { $objCrypto = New-Object "System.Security.Cryptography.MD5CryptoServiceProvider" $objFile = Get-Item $strInFile $objStream = $objFile.OpenRead() $objBytes = $objCrypto.ComputeHash($objStream) $strChecksum = "" foreach($objByte in $objBytes) { $strChecksum += $objByte.ToString('x2') } $objStream.Close() | Out-Null return $strChecksum } $strFileToCheck = $File if(Test-Path($strFileToCheck)) { Get-Checksum $strFileToCheck }
tcp connect
nc
(New-Object Net.Sockets.TcpClient).Connect("81.236.32.200",80)
grep
gc IPremoteDebug.log | select-string "ip2date"
list processes
Get-Process
clear content
Clear-Content filename.doc
dir recursive
'Get-ChildItem "c:\program files\" -rec | ForEach-Object -Process {$_.FullName}'
base64
decode base64 string
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("YmxhaGJsYWg="))
troubleshooting network
netstat -ano | findstr <ipremote-pid>
diff
Compare two files.
compare-object (get-content one.txt) (get-content two.txt)
log file. Eventlog
List event logs.
Get-EventLog -list
List evnts in a log.
Get-EventLog -LogName IPremoteLog
List events sins date.
Get-EventLog -LogName Application -after "den 5 november 2014 10:00:00"
date
Get-Date
full output
Print all variable with full output
'(Get-Variable).StdOut'
restart services via samba
install samba-common
yum install samba-common
List services.
net rpc service list -I IPADDRESS -U USERNAME%PASSWORD
Stop service.
net rpc service start ipremote -I IPADDRESS -U 'user%password'
Start service.
net rpc service start ipeventwatcher -I IPADDRESS -U 'user%password'
Windows version
[System.Environment]::OSVersion.Version http://msdn.microsoft.com/en-us/library/windows/desktop/ms724833%28v=vs.85%29.aspx (Get-WmiObject -class Win32_OperatingSystem).Caption
Is proxy bypassed
$url = "http://10.127.12.10";$webclient = New-Object System.Net.WebClient; $webclient.Proxy.IsBypassed($url)