Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CMD


  • Please log in to reply
15 replies to this topic

#1 Itz Paradox

Itz Paradox

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 25 May 2014 - 04:47 PM

hello does anyone know if you can do anything cool or actually program something in the CMD of your pc



BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:07 AM

Posted 25 May 2014 - 06:43 PM

You can do %99 of what other languages can do, the disadvantage is writting to machine level.

In sayign that, you cans till use any WMI calls.If you want some examples, just let me know.



#3 Itz Paradox

Itz Paradox
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 25 May 2014 - 06:53 PM

i would actually if you dont mind XD



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:07 AM

Posted 25 May 2014 - 09:26 PM

Erm, cmd doesn't have any facility to query WMI. Console based applications that query WMI usually do so by writing a vbscript or similar.

Have you considered powershell instead? It is *much* nicer to work with.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Itz Paradox

Itz Paradox
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 25 May 2014 - 09:37 PM

do you have a link to that billy?



#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:07 AM

Posted 25 May 2014 - 09:43 PM

PowerShell? It comes with (recent versions of) Windows.

Here's a reference book that may help:
http://www.amazon.com/Windows-PowerShell-Action-Second-Edition/dp/1935182137/ref=pd_sim_b_2?ie=UTF8&refRID=1G72X4D5032RKKXG46QZ

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:01:07 AM

Posted 25 May 2014 - 09:44 PM


 

if you can do anything cool

you can actually watch the Star Wars Episode IV movie in the command prompt.

 

To start the movie, open command prompt, type in telnet towel.blinkenlights.nl and press enter. Its an oldie but a goodie. Works on Linux too.

http://www.guidingtech.com/12909/brilliant-command-prompt-cmd-tricks/


Edited by NickAu1, 26 May 2014 - 12:05 AM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#8 Itz Paradox

Itz Paradox
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 25 May 2014 - 09:58 PM

nick i tried that it doesnt seem to work XD



#9 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:01:07 AM

Posted 25 May 2014 - 10:06 PM

Working on my PC.

View My Video

 

I guess you would need telnet enabled in windows.


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#10 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:07 AM

Posted 26 May 2014 - 05:51 PM

Erm, cmd doesn't have any facility to query WMI. Console based applications that query WMI usually do so by writing a vbscript or similar.

Have you considered powershell instead? It is *much* nicer to work with.

Billy3

Well i should have said that differantly sorry, when you have a command prompt/dos promp/window terminal/windows shell what ever you like to call it open. You can then execute queries to the wmi using the console (WMIC).

 

Lets say you would like to find all DFRS name spaces on a target server, you would then run from the command line.

wmic /node:targetserverhere /namespace:\\root\microsoftdfs path dfsrsyncinfo get membername,replicationgroupname,bytestransferred,conflictsgenerated,inbound,updatesnottransferred,updatestobetransferred

Now if i wanted to hook into winsat it would be

wmic /namespace:\\root\cimv2 path Win32_winsat get /all

routing table

wmic /namespace:\\root\cimv2 path Win32_IP4RouteTable get

logon session

wmic /namespace:\\root\cimv2 path Win32_LogonSession get

If you would like to learn more then run the powershell command

Get-WMIObject -List| Where{$_.name -match "^Win32_"} | Sort Name >> C:\WmiList.txt

basically like i said before, when the cmd is open you can quiery any WMI NameSpace you like.


Edited by JohnnyJammer, 27 May 2014 - 12:38 AM.


#11 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:07 AM

Posted 27 May 2014 - 05:57 PM

i would actually if you dont mind XD

This is one of the first i did, it deletes the internete xplorer cookies and tmp files. Be carefull which oen you choose as the last number will reset IE.

@echo off
Echo *************************************************************************
Echo * This script will Delete your IE browser history, Chose carefully.     *
Echo *************************************************************************
Echo To chose what you would like to delete, select the numbers below.
Echo 1     delete browsing history (list of visited sites)
Echo 2     delete all cookies
Echo 8     delete temporary files (cache)
Echo 16     delete all saved forms data
Echo 32     delete all saved passwords
Echo 255     delete all of the above
Echo 4351     delete all of the above and all settings stored by add-ons
Echo
Echo Which number do you chose:
Set /p num=
Echo Deleting Internet Explorer files using selection %num%.
RUNDLL32.EXE inetcpl.cpl,ClearMyTracksByProcess %num%

This next script will show you which computer deleted a certain file froma  network share (Share has to be mapped using the FQDN = DFSR namespace).You need to filter the eventvwr for eventid (4412), i can write a script to filter them too if you like?.

@echo off
cls
echo *********************************************************
echo * Script by JohnnyJammer                                      *
echo * This script will identify the user/computer _         *
echo * who deleetd the filein DFSR                           *
echo * All you need is the GUID of the newly created _       *
echo * file such as {31DD4AD0-0240-4D35-8AA6-1ABB0CDB256F}   *
echo * Just remove the {} in this script.                    *
echo * Event ID = 4412                                       *
echo *********************************************************
echo ..........
set /p guid=What is the GUID of the newly created file:
echo OK, GUID is {%guid%}
set /p groupname=What is the replicated group name IE(someserver.com.au\somenamespace\replicatedfolder):
echo OK, checking rganme:%groupname% and GUID:%guid%
dfsrdiag guid2name /guid:%guid% /rgname:%groupname%

::echo The computer/User that deleted the file was
::dfsrdiag guid2name /guid:%guid% /rgname:%groupname% | find /i "Computer"
pause

This will dump list of uninstall's from registry, you can then use msiexec to uninstall remoteley with wmic.

@echo off
set tmpfile="C:\MSI_Uninstallers.csv"
del %tmpfile%
pause
echo Listing all MSI GUI files that are installed on %target%
echo Please wait..........
set regkey="reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | find /i "{""
FOR /F %%A IN ('%regkey%') DO reg query %%A >> %tmpfile%
echo Searching %tmpfile% for Display Names
type %tmpfile% | find /i "displayname"
notepad %tmpfile%
 

Edited by JohnnyJammer, 27 May 2014 - 09:10 PM.


#12 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:07 AM

Posted 27 May 2014 - 06:02 PM

This script will copy and dump all ntfs permissions to  txt file, all you do is drag the folder you would like to get the ntfs permissions off to the dos prompt.

The only thign you need to do is redo the share permissions which is only as few minutes at most!.

Any more let me know

@echo off
cls
echo ****************************************************************************************************
echo This script will copy all the file permissions for a folder
echo and save the data to a txt file on the C: drive
set /p foldertarget=Drag the folder here or paste the path to the directory here:
title Icacls for folder: %foldertarget%
set /p txtname=What is the name for the folder (This will be used to sotre the permissions to a txt file):
if not exist "C:\%txtname%.txt" (
echo ****************************************************************************************************
echo Getting folder permissiosn for %foldertarget%
echo Dumping to permissions to txt file C:\%txtname%.txt
icacls "%foldertarget%" /save C:\%txtname%.txt /T
echo Done................
    ) else (
cls
echo ****************************************************************************************************
echo File C:\%txtname%.txt exists, deleting now.
del C:\%txtname%.txt
ping -n 3 127.0.0.1 > %TMP%\null
del %TMP%\null
echo ****************************************************************************************************
echo Getting folder permissiosn for %foldertarget%
echo Dumping to permissions to txt file C:\%txtname%.txt
icacls "%foldertarget%" /save C:\%txtname%.txt /T
echo Done................
    )
ping -n 5 127.0.0.1 > %TMP%\null
echo ****************************************************************************************************
echo Permissions are as follows....
echo N - no access
echo F - full access
echo M - modify access
echo RX - read and execute access
echo R - read-only access
echo W - write-only access
echo D - delete access
echo ****************************
echo Folder permisisons for folder(%foldertarget% have been stored here: C:\%txtname%.txt
pause

To reimport the permissions just execute this command (icacls C:\Somefolderhere /restore nameoftxtfilecontainingpermissions.txt


Edited by JohnnyJammer, 27 May 2014 - 06:03 PM.


#13 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:07 AM

Posted 27 May 2014 - 06:06 PM

Find SMTP Cracking attemtps from Exchange 2010 server

wevtutil qe Application "/q:*[System [(EventID=1035)]]" /f:text /rd:true /c:1 >> C:\Scripts\SMTP_Cracking.txt

I then email it so i can view the text


Edited by JohnnyJammer, 27 May 2014 - 10:25 PM.


#14 Kilroy

Kilroy

  • BC Advisor
  • 3,335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:10:07 AM

Posted 02 June 2014 - 03:40 PM

Output the installed software on COMPUTER where COMPUTER is replaced by the computer name you need the information form into a text file called Installed.txt on your C: drive in the C:\Temp directory.

WMIC /output:C:\Temp\Installed.txt /node:COMPUTER product get name,version,vendor

Remotely uninstall software on COMPUTER where COMPUTER is the remote computer and PROGRAMNAME is the program name from the file produced above.

WMIC /node:COMPUTER product where name="PROGRAMNAME" call uninstall

Edited by Kilroy, 02 June 2014 - 03:40 PM.


#15 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:07 AM

Posted 06 June 2014 - 12:22 AM

Yep WNMIC is a very handy tool indeed for remotley managing nodes.

Its always good to use the /output:somefile.html and then /format:htable at the end of the command to get a nice tables html webpage






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users