Benutzer-Werkzeuge
windows
Dies ist eine alte Version des Dokuments!
Inhaltsverzeichnis
Windows ist ein von Microsoft entwickeltes Betriebssystem speziell für Desktop PC, Notebook und Laptop.
# Per MSI installierte Pakete
Get-WMIObject -Class Win32_Product
PSComputerName : VIE-NB-GBI016
Name : Python 3.12.9 Executables (64-bit)
Version : 3.12.9150.0
InstallState : 5
__GENUS : 2
__CLASS : Win32_Product
__SUPERCLASS : CIM_Product
__DYNASTY : CIM_Product
__RELPATH : Win32_Product.IdentifyingNumber="{8F708501-AF68-42E7-8A6E-D239CA6DA1A8}",Name="Python 3.12.9 Executables (64-bit)",Version="3.12.9150.0"
__PROPERTY_COUNT : 27
__DERIVATION : {CIM_Product}
__SERVER : VIE-NB-GBI016
__NAMESPACE : root\cimv2
__PATH : \\VIE-NB-GBI016\root\cimv2:Win32_Product.IdentifyingNumber="{8F708501-AF68-42E7-8A6E-D239CA6DA1A8}",Name="Python 3.12.9 Executables (64-bit)",Version="3.12.9150.0"
AssignmentType : 0
Caption : Python 3.12.9 Executables (64-bit)
Description : Python 3.12.9 Executables (64-bit)
HelpLink :
HelpTelephone :
IdentifyingNumber : {8F708501-AF68-42E7-8A6E-D239CA6DA1A8}
InstallDate : 20250309
InstallDate2 :
InstallLocation :
InstallSource : C:\Users\admin\AppData\Local\Package Cache\{8F708501-AF68-42E7-8A6E-D239CA6DA1A8}v3.12.9150.0\
Language : 1033
LocalPackage : C:\WINDOWS\Installer\30dc9ec0.msi
PackageCache : C:\WINDOWS\Installer\30dc9ec0.msi
PackageCode : {682163C2-28D3-44AB-89CD-BD21EA3B274A}
PackageName : exe.msi
ProductID :
RegCompany :
RegOwner :
SKUNumber :
Transforms :
URLInfoAbout :
URLUpdateInfo :
Vendor : Python Software Foundation
WordCount : 0
Scope : System.Management.ManagementScope
Path : \\VIE-NB-GBI016\root\cimv2:Win32_Product.IdentifyingNumber="{8F708501-AF68-42E7-8A6E-D239CA6DA1A8}",Name="Python 3.12.9 Executables (64-bit)",Version="3.12.9150.0"
Options : System.Management.ObjectGetOptions
ClassPath : \\VIE-NB-GBI016\root\cimv2:Win32_Product
Properties : {AssignmentType, Caption, Description, HelpLink...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
# Per Winget installierte Pakete?
Get-WingetPackage
InstalledVersion : 10.0.60828
Name : Microsoft Visual Studio 2010 Tools for Office Runtime
Id : Microsoft.VSTOR
IsUpdateAvailable : True
Source : winget
AvailableVersions : {10.0.60917, 10.0.60912, 10.0.60828}
# 64 bit uninstallers
Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | select DisplayName,UninstallString
DisplayName : LM Studio 0.3.9
UninstallString : "C:\Program Files\LM Studio\Uninstall LM Studio.exe" /allusers
QuietUninstallString : "C:\Program Files\LM Studio\Uninstall LM Studio.exe" /allusers /S
DisplayVersion : 0.3.9
DisplayIcon : C:\Program Files\LM Studio\LM Studio.exe,0
Publisher : LM Studio
NoModify : 1
NoRepair : 1
EstimatedSize : 1374783
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c6dbe996-22a9-5998-b542-7abe33da3b83
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName : c6dbe996-22a9-5998-b542-7abe33da3b83
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
# 32 bit uninstallers
Get-ItemProperty HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | select DisplayName,UninstallString
DisplayName : Visual Studio Community 2022
InstallDate : 20240525
InstallLocation : C:\Program Files\Microsoft Visual Studio\2022\Community
DisplayVersion : 17.13.1
Publisher : Microsoft Corporation
DisplayIcon : C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\devenv.exe
UninstallString : "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" uninstall --installPath "C:\Program Files\Microsoft Visual
Studio\2022\Community"
ModifyPath : "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" modify --installPath "C:\Program Files\Microsoft Visual
Studio\2022\Community"
RepairPath : "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" repair --installPath "C:\Program Files\Microsoft Visual
Studio\2022\Community"
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\374cbfa0
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName : 374cbfa0
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
#
Get-WMIObject -Class Win32_NetworkAdapter
PSComputerName : VIE-NB-GBI016
Availability : 3
Name : Microsoft Kernel Debug Network Adapter
Status :
StatusInfo :
DeviceID : 0
__GENUS : 2
__CLASS : Win32_NetworkAdapter
__SUPERCLASS : CIM_NetworkAdapter
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_NetworkAdapter.DeviceID="0"
__PROPERTY_COUNT : 40
__DERIVATION : {CIM_NetworkAdapter, CIM_LogicalDevice, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : VIE-NB-GBI016
__NAMESPACE : root\cimv2
__PATH : \\VIE-NB-GBI016\root\cimv2:Win32_NetworkAdapter.DeviceID="0"
AdapterType :
AdapterTypeId :
AutoSense :
Caption : [00000000] Microsoft Kernel Debug Network Adapter
ConfigManagerErrorCode : 0
ConfigManagerUserConfig : False
CreationClassName : Win32_NetworkAdapter
Description : Microsoft Kernel Debug Network Adapter
ErrorCleared :
ErrorDescription :
GUID :
Index : 0
InstallDate :
Installed : True
InterfaceIndex : 17
LastErrorCode :
MACAddress :
Manufacturer : Microsoft
MaxNumberControlled : 0
MaxSpeed :
NetConnectionID :
NetConnectionStatus :
NetEnabled :
NetworkAddresses :
PermanentAddress :
PhysicalAdapter : False
PNPDeviceID : ROOT\KDNIC\0000
PowerManagementCapabilities :
PowerManagementSupported : False
ProductName : Microsoft Kernel Debug Network Adapter
ServiceName : kdnic
Speed :
SystemCreationClassName : Win32_ComputerSystem
SystemName : VIE-NB-GBI016
TimeOfLastReset : 20250314082916.500000+060
Scope : System.Management.ManagementScope
Path : \\VIE-NB-GBI016\root\cimv2:Win32_NetworkAdapter.DeviceID="0"
Options : System.Management.ObjectGetOptions
ClassPath : \\VIE-NB-GBI016\root\cimv2:Win32_NetworkAdapter
Properties : {AdapterType, AdapterTypeId, AutoSense, Availability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
#
Get-WMIObject -Class Win32_NetworkAdapterConfiguration
PSComputerName : VIE-NB-GBI016
DHCPLeaseExpires :
Index : 0
Description : Microsoft Kernel Debug Network Adapter
DHCPEnabled : True
DHCPLeaseObtained :
DHCPServer :
DNSDomain :
DNSDomainSuffixSearchOrder :
DNSEnabledForWINSResolution :
DNSHostName :
DNSServerSearchOrder :
DomainDNSRegistrationEnabled :
FullDNSRegistrationEnabled :
IPAddress :
IPConnectionMetric :
IPEnabled : False
IPFilterSecurityEnabled :
WINSEnableLMHostsLookup :
WINSHostLookupFile :
WINSPrimaryServer :
WINSScopeID :
WINSSecondaryServer :
__GENUS : 2
__CLASS : Win32_NetworkAdapterConfiguration
__SUPERCLASS : CIM_Setting
__DYNASTY : CIM_Setting
__RELPATH : Win32_NetworkAdapterConfiguration.Index=0
__PROPERTY_COUNT : 61
__DERIVATION : {CIM_Setting}
__SERVER : VIE-NB-GBI016
__NAMESPACE : root\cimv2
__PATH : \\VIE-NB-GBI016\root\cimv2:Win32_NetworkAdapterConfiguration.Index=0
ArpAlwaysSourceRoute :
ArpUseEtherSNAP :
Caption : [00000000] Microsoft Kernel Debug Network Adapter
DatabasePath :
DeadGWDetectEnabled :
DefaultIPGateway :
DefaultTOS :
DefaultTTL :
ForwardBufferMemory :
GatewayCostMetric :
IGMPLevel :
InterfaceIndex : 17
IPPortSecurityEnabled :
IPSecPermitIPProtocols :
IPSecPermitTCPPorts :
IPSecPermitUDPPorts :
IPSubnet :
IPUseZeroBroadcast :
IPXAddress :
IPXEnabled :
IPXFrameType :
IPXMediaType :
IPXNetworkNumber :
IPXVirtualNetNumber :
KeepAliveInterval :
KeepAliveTime :
MACAddress :
MTU :
NumForwardPackets :
PMTUBHDetectEnabled :
PMTUDiscoveryEnabled :
ServiceName : kdnic
SettingID : {71E995E6-3E53-4F28-A5FD-44BEF6478D8B}
TcpipNetbiosOptions :
TcpMaxConnectRetransmissions :
TcpMaxDataRetransmissions :
TcpNumConnections :
TcpUseRFC1122UrgentPointer :
TcpWindowSize :
Scope : System.Management.ManagementScope
Path : \\VIE-NB-GBI016\root\cimv2:Win32_NetworkAdapterConfiguration.Index=0
Options : System.Management.ObjectGetOptions
ClassPath : \\VIE-NB-GBI016\root\cimv2:Win32_NetworkAdapterConfiguration
Properties : {ArpAlwaysSourceRoute, ArpUseEtherSNAP, Caption, DatabasePath...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
// boot to bios
shutdown /r /fw /t 1
winget
net group // show domain groups on DC
net localgroup // show local groups
net localgroup <group> // list group members
net user <user> // see user info
whoami
whoami /groups
whoami /priv
net user <username> <password> // set new password
net user <username> * // set password interactive
dsquery user -limit 1000
dsquery user -upn max.mustermann@domain.local
dsget user "CN=Max Mustermann,DC=dómain,DC=local"
dsquery user -upn manuel.zarat@akm.at | dsget user -memberof
// sessions anzeigen
query session [/SERVER]
qwinsta [/SERVER]
// session beenden
reset session [/SERVER] <session-id>
rwinsta [/SERVER] <session-id>
shutdown -s -t 3600 // sleep timer
shutdown -a // cancel timer
dir /s /b c:\* | findstr /i "test" // find files and folders containing "test"
ps> iwr -Uri http://google.com -UseBasicParsing
// installed patches
wmic qfe get Caption,Description,HotFixID,InstalledOn
// get running services
cmd> net start
ps> Get-CimInstance -ClassName win32_service | Select Name,State,PathName,StartName,StartMode | Where-Object {$_.State -like 'Running'}
ps> Get-CimInstance -ClassName Win32_Service -Filter "Name='mysql'" | Select-Object StartMode
ps> Restart-Computer -WhatIf // dry run
Event-Log
Important IDs - Microsoft Docs, Important IDs to monitor - Graylog
Get-WinEvent -LogName Security | Where-Object {$_.Id -eq 4777 -or $_.Id -eq 4776 -or $_.Id -eq 4775 -or $_.Id -eq 4774}
Tastenkombinationen
- Windows-E Explorer öffnen
- Strg-Windows-1 Programm aus Taskleiste öffnen (Nummer der Reihenfolge)
- Strg-Windows-D Neuer virt. Desktop
- Windows-Pfeiltaste Bildschirm teilen
- Strg-Windows-Pfeiltaste Zwischen virt. Desktops wechseln
- Windows-M Alle Fenster minimieren
- Windows-Shift-S Screenshot Ausschnitt
- Windows-G Bildschirmaufnahme
- Windows-. Emojis, GIFs etv.
Zwischenablage
Wenn man etwas mit Ctrl-C in die Zwischenablage kopiert kann man es mit Ctrl-V einfügen. Oder mit Windows+V den Verlauf anzeigen.
Power Managment
powercfg
Invoker
Wenn ein Programm Admin Rechte zur Installation erfordert.
set __COMPAT_LAYER=RunAsInvoker start steamsetup.exe
ContextMenu
add a contextmenu to open current folder in cmd
regedit Computer\HKEY_CLASSES_ROOT\Directory\Background\shell addKey <menutitle> addKey <menutitle> "command" addKey <menutitle> <command> value "cmd.exe ."
add a contextmenu to open files with a specific program
regedit Computer\HKEY_CLASSES_ROOT\SOFTWARE\Classes\*\shell addKey <menutitle> addKey <menutitle> "command" addKey <menutitle> <command> value "program.exe %1"
Commands
winget [install|uninstall] --id <package-name> set [var=var] findstr [/s] [/r] "Manuel" *.txt findStr /irc:"Hello" /irc:"World" // find both words more attrib cacls <path\\to\\file> /e /p <user>:<[R]ead|[W]rite|[F]ull> [deprecated] -> Use Icacls subst <mountpoint>: <file> //mount subst /d <mountpint> //delete fc <file1> <file2>: file compare tasklist taskkill [/IM <name>|/PID <pid>] [/f] query [process|user|session] // (Server only) logoff <session> net user net share [<sharename>=<path>] [/delete] net use x: \\<server>\<path> net localgroup <group> /<add|remove> <user> openfiles [/local on] robocopy c:\documents d:\backup\documents /copyall /e /r:0 /dcopy:t /mir: sync dirs dir file.xxx > output.msg [2>output.err|2>&1] mode con:cols=140 lines=70 nslookup -type=mx zarat.ml certutil -hashfile file.txt <algo> where // wie which (Get-Command <command>).Path // wie which in powershell doskey ls=dir // alias wmic qfe [get|list] // show updates and patches wusa /uninstall /kb:<kbID> // uninstall update wmic product get name // list installed programs wmic product where name="<ProgramName> call uninstall // uninstall program
for /f "tokens=1-2 delims= " %a in (test.txt) DO @echo %a %b : wie cut
cat "file.txt" | %{$_ -replace "original", "replacement"} > newfile.txt : wie sed
// cmd piping
dir 2> err.txt
dir > out.txt 2> err.txt
dir 1> out.txt 2>&1 // redirect stderr to stdout
Windows Context Menu Explorer https://stackoverflow.com/questions/20449316/how-add-context-menu-item-to-windows-explorer-for-folders CMD A-Z
Piping
Std Handles
- STDIN = 0 Keyboard input
- STDOUT = 1 Text output
- STDERR = 2 Error text output
command 2> filename Redirect any error message into a file command 2>> filename Append any error message into a file (command)2> filename Redirect any CMD.exe error into a file command > file 2>&1 Redirect errors and output to one file command > fileA 2> fileB Redirect output and errors to separate files command 2>&1 >filename This will fail!
Firewall
Siehe netsh.
Password reset with installer disk
restart pc with installer inserted (usb,image,..). once the setup begins, hit Shift+F10 to bring up a shell.
move c:\windows\system32\utilman.exe c:\windows\system32\utilman.exe.bak copy c:\windows\system32\cmd.exe c:\windows\system32\utilman.exe
reboot. back at the login screen click the utilitymanager which spawns a shell now add a new user and add to local admin group.
net user <username> /add net localgroup administrators <username> /add
After a reboot you can log in using th new user.
Domain join
In den Adapteroptionen des Interfaces den DNS Server auf die IP des DC ändern.
In den Systeminformationen → Einstellungen ändern → Domain beitreten
Driver
Downloads
NTFS
Siehe Dateisystem bzw. NTFS
SAM Database
Die SAM Datenbank findet man unter
C:\Windows\System32\config\SAM
Wenn sie von einem anderen Prozess verwendet wird, Daten extrahieren.
reg save hklm/sam C:\tmp\sam.save reg save hklm/security C:\tmp\security.save reg save hklm/system C:\tmp\system.save
Mit samdump2 kann man die Hashes extrahieren.
samdump2 system.save sam.save
Oder auch mit creddump7
cd /usr/share/creddump7 python pwdump.py system.save sam.save
Siehe auch Mimikatz
Links
windows.1742036445.txt.gz · Zuletzt geändert: 2025/03/15 12:00 von jango
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-NoDerivatives 4.0 International
