MBCDN

Dies ist eine alte Version des Dokuments!

Inhaltsverzeichnis

Tastenkombinationen
Zwischenablage
Power Managment
Invoker
ContextMenu
Commands
- Piping
Firewall
Password reset with installer disk
Domain join
Driver
Downloads
NTFS
SAM Database
Links

Windows ist ein von Microsoft entwickeltes Betriebssystem speziell für Desktop PC, Notebook und Laptop.

# Per MSI installierte Pakete
Get-WMIObject -Class Win32_Product
PSComputerName    : VIE-NB-GBI016
Name              : Python 3.12.9 Executables (64-bit)
Version           : 3.12.9150.0
InstallState      : 5
__GENUS           : 2
__CLASS           : Win32_Product
__SUPERCLASS      : CIM_Product
__DYNASTY         : CIM_Product
__RELPATH         : Win32_Product.IdentifyingNumber="{8F708501-AF68-42E7-8A6E-D239CA6DA1A8}",Name="Python 3.12.9 Executables (64-bit)",Version="3.12.9150.0"
__PROPERTY_COUNT  : 27
__DERIVATION      : {CIM_Product}
__SERVER          : VIE-NB-GBI016
__NAMESPACE       : root\cimv2
__PATH            : \\VIE-NB-GBI016\root\cimv2:Win32_Product.IdentifyingNumber="{8F708501-AF68-42E7-8A6E-D239CA6DA1A8}",Name="Python 3.12.9 Executables (64-bit)",Version="3.12.9150.0"
AssignmentType    : 0
Caption           : Python 3.12.9 Executables (64-bit)
Description       : Python 3.12.9 Executables (64-bit)
HelpLink          :
HelpTelephone     :
IdentifyingNumber : {8F708501-AF68-42E7-8A6E-D239CA6DA1A8}
InstallDate       : 20250309
InstallDate2      :
InstallLocation   :
InstallSource     : C:\Users\admin\AppData\Local\Package Cache\{8F708501-AF68-42E7-8A6E-D239CA6DA1A8}v3.12.9150.0\
Language          : 1033
LocalPackage      : C:\WINDOWS\Installer\30dc9ec0.msi
PackageCache      : C:\WINDOWS\Installer\30dc9ec0.msi
PackageCode       : {682163C2-28D3-44AB-89CD-BD21EA3B274A}
PackageName       : exe.msi
ProductID         :
RegCompany        :
RegOwner          :
SKUNumber         :
Transforms        :
URLInfoAbout      :
URLUpdateInfo     :
Vendor            : Python Software Foundation
WordCount         : 0
Scope             : System.Management.ManagementScope
Path              : \\VIE-NB-GBI016\root\cimv2:Win32_Product.IdentifyingNumber="{8F708501-AF68-42E7-8A6E-D239CA6DA1A8}",Name="Python 3.12.9 Executables (64-bit)",Version="3.12.9150.0"
Options           : System.Management.ObjectGetOptions
ClassPath         : \\VIE-NB-GBI016\root\cimv2:Win32_Product
Properties        : {AssignmentType, Caption, Description, HelpLink...}
SystemProperties  : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers        : {dynamic, Locale, provider, UUID}
Site              :
Container         :

# Per Winget installierte Pakete?
Get-WingetPackage
InstalledVersion  : 10.0.60828
Name              : Microsoft Visual Studio 2010 Tools for Office Runtime
Id                : Microsoft.VSTOR
IsUpdateAvailable : True
Source            : winget
AvailableVersions : {10.0.60917, 10.0.60912, 10.0.60828}

# 32 bit uninstallers
Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | select DisplayName,UninstallString
DisplayName          : LM Studio 0.3.9
UninstallString      : "C:\Program Files\LM Studio\Uninstall LM Studio.exe" /allusers
QuietUninstallString : "C:\Program Files\LM Studio\Uninstall LM Studio.exe" /allusers /S
DisplayVersion       : 0.3.9
DisplayIcon          : C:\Program Files\LM Studio\LM Studio.exe,0
Publisher            : LM Studio
NoModify             : 1
NoRepair             : 1
EstimatedSize        : 1374783
PSPath               : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c6dbe996-22a9-5998-b542-7abe33da3b83
PSParentPath         : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName          : c6dbe996-22a9-5998-b542-7abe33da3b83
PSDrive              : HKLM
PSProvider           : Microsoft.PowerShell.Core\Registry

# 64 bit uninstallers
Get-ItemProperty HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | select DisplayName,UninstallString
DisplayName     : Visual Studio Community 2022
InstallDate     : 20240525
InstallLocation : C:\Program Files\Microsoft Visual Studio\2022\Community
DisplayVersion  : 17.13.1
Publisher       : Microsoft Corporation
DisplayIcon     : C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\devenv.exe
UninstallString : "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" uninstall --installPath "C:\Program Files\Microsoft Visual
                  Studio\2022\Community"
ModifyPath      : "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" modify --installPath "C:\Program Files\Microsoft Visual
                  Studio\2022\Community"
RepairPath      : "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" repair --installPath "C:\Program Files\Microsoft Visual
                  Studio\2022\Community"
PSPath          : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\374cbfa0
PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName     : 374cbfa0
PSDrive         : HKLM
PSProvider      : Microsoft.PowerShell.Core\Registry

// boot to bios
shutdown /r /fw /t 1 

winget
net group // show domain groups on DC
net localgroup // show local groups
net localgroup <group> // list group members
net user <user> // see user info
whoami
whoami /groups
whoami /priv
net user <username> <password> // set new password
net user <username> * // set password interactive

dsquery user -limit 1000
dsquery user -upn max.mustermann@domain.local
dsget user "CN=Max Mustermann,DC=dómain,DC=local"
dsquery user -upn manuel.zarat@akm.at | dsget user -memberof

// sessions anzeigen
query session [/SERVER]
qwinsta [/SERVER]
// session beenden
reset session [/SERVER] <session-id>
rwinsta [/SERVER] <session-id>


shutdown -s -t 3600 // sleep timer
shutdown -a // cancel timer
dir /s /b c:\* | findstr /i "test" // find files and folders containing "test"
ps> iwr -Uri http://google.com -UseBasicParsing

// installed patches
wmic qfe get Caption,Description,HotFixID,InstalledOn

// get running services
cmd> net start
ps> Get-CimInstance -ClassName win32_service | Select Name,State,PathName,StartName,StartMode | Where-Object {$_.State -like 'Running'}
ps> Get-CimInstance -ClassName Win32_Service -Filter "Name='mysql'" | Select-Object StartMode
ps> Restart-Computer -WhatIf // dry run

Tastenkombinationen

Windows-E Explorer öffnen
Strg-Windows-1 Programm aus Taskleiste öffnen (Nummer der Reihenfolge)
Strg-Windows-D Neuer virt. Desktop
Windows-Pfeiltaste Bildschirm teilen
Strg-Windows-Pfeiltaste Zwischen virt. Desktops wechseln
Windows-M Alle Fenster minimieren
Windows-Shift-S Screenshot Ausschnitt
Windows-G Bildschirmaufnahme
Windows-. Emojis, GIFs etv.

Zwischenablage

Wenn man etwas mit Ctrl-C in die Zwischenablage kopiert kann man es mit Ctrl-V einfügen. Oder mit Windows+V den Verlauf anzeigen.

Power Managment

powercfg

Invoker

Wenn ein Programm Admin Rechte zur Installation erfordert.

set __COMPAT_LAYER=RunAsInvoker
start steamsetup.exe

ContextMenu

add a contextmenu to open current folder in cmd

regedit
Computer\HKEY_CLASSES_ROOT\Directory\Background\shell
addKey <menutitle>
addKey <menutitle> "command" 
addKey <menutitle> <command> value "cmd.exe ."

add a contextmenu to open files with a specific program

regedit
Computer\HKEY_CLASSES_ROOT\SOFTWARE\Classes\*\shell
addKey <menutitle>
addKey <menutitle> "command" 
addKey <menutitle> <command> value "program.exe %1"

Commands

winget [install|uninstall] --id <package-name>
set [var=var]
findstr [/s]  [/r] "Manuel" *.txt
findStr /irc:"Hello" /irc:"World" // find both words
more
attrib
cacls <path\\to\\file> /e /p <user>:<[R]ead|[W]rite|[F]ull> [deprecated] -> Use Icacls
subst <mountpoint>: <file> //mount
subst /d <mountpint> //delete
fc <file1> <file2>: file compare
tasklist
taskkill [/IM <name>|/PID <pid>] [/f]
query [process|user|session] // (Server only)
logoff <session>
net user 
net share [<sharename>=<path>] [/delete] 
net use x: \\<server>\<path>
net localgroup <group> /<add|remove> <user>
openfiles [/local on]
robocopy c:\documents d:\backup\documents /copyall /e /r:0 /dcopy:t /mir: sync dirs
dir file.xxx > output.msg [2>output.err|2>&1]
mode con:cols=140 lines=70
nslookup -type=mx zarat.ml
certutil -hashfile file.txt <algo>
where // wie which
(Get-Command <command>).Path // wie which in powershell
doskey ls=dir // alias
wmic qfe [get|list] // show updates and patches
wusa /uninstall /kb:<kbID> // uninstall update
wmic product get name // list installed programs
wmic product where name="<ProgramName> call uninstall // uninstall program

Siehe auch: netsh, Linux

for /f "tokens=1-2 delims= " %a in (test.txt) DO @echo %a %b : wie cut
cat "file.txt" | %{$_ -replace "original", "replacement"} > newfile.txt : wie sed
// cmd piping
dir 2> err.txt 
dir > out.txt 2> err.txt
dir 1> out.txt 2>&1 // redirect stderr to stdout

Windows Context Menu Explorer https://stackoverflow.com/questions/20449316/how-add-context-menu-item-to-windows-explorer-for-folders CMD A-Z

Piping

Std Handles

STDIN = 0 Keyboard input
STDOUT = 1 Text output
STDERR = 2 Error text output

command 2> filename       Redirect any error message into a file
command 2>> filename      Append any error message into a file
(command)2> filename       Redirect any CMD.exe error into a file
command > file 2>&1       Redirect errors and output to one file
command > fileA 2> fileB  Redirect output and errors to separate files

command 2>&1 >filename    This will fail!

Firewall

Siehe netsh.

Password reset with installer disk

restart pc with installer inserted (usb,image,..). once the setup begins, hit Shift+F10 to bring up a shell.

move c:\windows\system32\utilman.exe c:\windows\system32\utilman.exe.bak
copy c:\windows\system32\cmd.exe c:\windows\system32\utilman.exe

reboot. back at the login screen click the utilitymanager which spawns a shell now add a new user and add to local admin group.

net user <username> /add
net localgroup administrators <username> /add

After a reboot you can log in using th new user.

Domain join

In den Adapteroptionen des Interfaces den DNS Server auf die IP des DC ändern.

In den Systeminformationen → Einstellungen ändern → Domain beitreten

Driver

https://www.youtube.com/watch?v=GTrekHE8A00

Downloads

KMSPico (https://github.com/zarat/KMSpico_v10.2.0)

NTFS

Siehe Dateisystem bzw. NTFS

SAM Database

Die SAM Datenbank findet man unter

C:\Windows\System32\config\SAM

Wenn sie von einem anderen Prozess verwendet wird, Daten extrahieren.

reg save hklm/sam C:\tmp\sam.save
reg save hklm/security C:\tmp\security.save
reg save hklm/system C:\tmp\system.save

Mit samdump2 kann man die Hashes extrahieren.

samdump2 system.save sam.save

Oder auch mit creddump7

cd /usr/share/creddump7
python pwdump.py system.save sam.save

Siehe auch Mimikatz