Skip to content

Instantly share code, notes, and snippets.

@jimmyFlash

jimmyFlash/cmd_tricks.md

Created February 16, 2025 22:11
Show Gist options
  • Save jimmyFlash/31f6bf3decd4e14e899a766b01347e44 to your computer and use it in GitHub Desktop.
Save jimmyFlash/31f6bf3decd4e14e899a766b01347e44 to your computer and use it in GitHub Desktop.
Download ZIP
CMD glossary
Raw
cmd_tricks.md

Information gathering

Lookup windows error codes

Use CertUtil to Find Descriptions of Windows Error Codes. To start using CertUtil, launch a Command Prompt window on your PC. You can do this by opening the "Start" menu, searching for "Command Prompt", and selecting the tool. type the following command and press Enter. Enter the command below.

Example:

CertUtil /error 0x80070490

0x80070490 (WIN32: 1168 ERROR_NOT_FOUND) -- 2147943568 (-2147023728)
Error message text: Element not found.
CertUtil: -error command completed successfully.

- Basic useful commands

- Clear screen

  • cls to clear you screen

- Display the help menu for a command

  • {command} -h , for example help for netstat command
C:\Users\user>netstat -h

- User

  • Need help, just type /? after any command
C:\Users\user> hostname /?

Prints the name of the current host.

hostname
  • The command hostname will output the computer name.
C:\Users\user> hostname

LAPTOP-HMKLMF6K
  • The command whoami will output the name of the logged-in user.
C:\Users\user> whoami

laptop-HMKLMF6K\kratos

- Network

  • A command used often is ipconfig. This command will show the network address settings for the computer
  • Or you can use ipconfig /all to display you MAC address, DNS and other details, you follow this by | findstr DNS to filter the output for example to display you DNS only
C:\Users\user>ipconfig

Windows IP Configuration

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 4:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::1843:b081:7627:a2a5%79
   IPv4 Address. . . . . . . . . . . : 192.168.56.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::---:---:---:a9e%25
   IPv4 Address. . . . . . . . . . . : 192.168.123.54
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.123.112
  • To get a new IP address you type ipconfig /release, followed by ipconfig /renew

[!caution] The above will refresh IP address on all your interfaces If you want a specific interface like WIFI type ipconfig /release "Wi-Fi"

  • Get information about your DNS ipconfig /displaydns , shows all the websites your device knows about and their IP addresses, you can add | clip after that to copy the output of this command to your clipboard.
  • Flush your DNS using ipconfig /flushdns will delete the DNS resolver cache.

To troubleshoot your DNS you can use also nslookup {domain} or nslookup {domain} {DNS}

  • you can also nslookup type=mx {domain} or nslookup type=txt {domain} or nslookup type=ptr {domain}
C:\Users\user>nslookup gogole.com

C:\Users\user>nslookup gogole.com 8.8.8.8

C:\Users\user>nslookup type=mx gogole.com

C:\Users\user>nslookup type=txt gogole.com

C:\Users\user>nslookup tpe=pts gogole.com

Get the device MAC address

C:\Users\user>getmac /v
  • netstat. Per the help manual, this command will display protocol statistics and current TCP/IP network connections, the netstat command can be run alone or with parameters, such as -a-b-e, etc.
C:\Users\user>netstat /?

NETSTAT [-a] [-b] [-e] [-f] [-i] [-n] [-o] [-p proto] [-r] [-s] [-t] [-x] [-y] [interval]
  • netstat -af shows you what ports are open on your device
  • netstat -o shows you the PID
  • netstat -e -t 5 gives you statistics about your NIC every 5 sec.

route command, will the networks your computer takes to reach certain networks, shows you your routing table, what gateways it will use

  • rout add adds a route to customize the way your computer reaches certain networks
C:\Users\user>route add 192.168.40.0 mask 255.255.255.0 10.7.1.44
  • route delete removes a route
C:\Users\user>route delete 192.168.40.0
  • The net command is primarily used to manage network resources. This command supports sub-commands. If you type net without a sub-command, the output will show the syntax for the root command

[!info]- For the net command, to display the help manual /? will not work. In this case, you need to use different syntax, which is net help. if you wish to see the help information for net user , the command is net help user.

C:\Users\user>net help

The syntax of this command is:

NET HELP
command
     -or-
NET command /HELP

  Commands available are:

  NET ACCOUNTS             NET HELPMSG              NET STATISTICS
  NET COMPUTER             NET LOCALGROUP           NET STOP
  NET CONFIG               NET PAUSE                NET TIME
  NET CONTINUE             NET SESSION              NET USE
  NET FILE                 NET SHARE                NET USER
  NET GROUP                NET START                NET VIEW
  NET HELP

  NET HELP NAMES explains different types of names in NET HELP syntax lines.
  NET HELP SERVICES lists some of the services you can start.
  NET HELP SYNTAX explains how to read NET HELP syntax lines.
  NET HELP command | MORE displays Help one screen at a time.

You can use the same command to view the help information for other useful net sub-commands, such as localgroup, use, share, and session

Refer to the following link to see a comprehensive list of commands you can execute in the command prompt here

[!help]- In System Configuration, what is the full command for Internet Protocol Configuration? C:\Windows\System32\cmd.exe /k %windir%\system32\ipconfig.exe

  • Use the netsh net-shell command, to get a report about your wireless network
C:\Users\user>netsh wlan show wlanreport
C:\Users\user>netsh interface show interface

Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
Enabled        Connected      Dedicated        Ethernet 4
Enabled        Connected      Dedicated        VMware Network Adapter VMnet1
Enabled        Connected      Dedicated        VMware Network Adapter VMnet8
Enabled        Disconnected   Dedicated        Ethernet
Enabled        Disconnected   Dedicated        Wi-Fi
Enabled        Disconnected   Dedicated        Local Area Connection
  • find out IP address using quick one liners
C:\Users\user>netsh interface ip show address | findstr "IP Address"
  • DNS servers
C:\Users\user>netsh interface ip show dnsservers
  • ==Turn off/on windows defender firewall==
C:\Users\user>netsh firewall set allprofiles state off

C:\Users\user>netsh firewall set allprofiles state on
  • See every WIFI network you connected to
C:\Users\user\Pictures\stago>netsh wlan show profile

Profiles on interface Wi-Fi:

Group policy profiles (read only)
---------------------------------
    <None>

User profiles
-------------
    All User Profile     : Bloody Mary
    All User Profile     : Vodafone-C789
    All User Profile     : AirMoreAP
    All User Profile     : JimmyNokia 6.1
  • let's see the wifi password for one of these WLan access points
C:\Users\user\Pictures\stago>netsh wlan show profile "AirMoreAP" key=clear

Profile AirMoreAP on interface Wi-Fi:
=======================================================================

Applied: All User Profile

Profile information
-------------------
    Version                : 1
    Type                   : Wireless LAN
    Name                   : AirMoreAP
    Control options        :
        Connection mode    : Connect manually
        Network broadcast  : Connect only if this network is broadcasting
        AutoSwitch         : Do not switch to other networks
        MAC Randomization  : Disabled

Connectivity settings
---------------------
    Number of SSIDs        : 1
    SSID name              : "AirMoreAP"
    Network type           : Infrastructure
    Radio type             : [ Any Radio Type ]
    Vendor extension          : Not present

Security settings
-----------------
    Authentication         : WPA-Personal
    Cipher                 : CCMP
    Security key           : Present
    Key Content            : "KEY WILL BE Displayed HERE"

Cost settings
-------------
    Cost                   : Unrestricted
    Congested              : No
    Approaching Data Limit : No
    Over Data Limit        : No
    Roaming                : No
    Cost Source            : Default
  • View all password for all your connected WLANs
C:\Users\use>for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @if "%j" NEQ "" (echo SSID: %j & netsh wlan show profiles %j key=clear | findstr "Key Content") & echo.

[!info] Output to file If the the output is to big to scroll through, why not output it to a file you can read using the >>

Example:

C:\Users\use>for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @if "%j" NEQ "" (echo SSID: %j & netsh wlan show profiles %j key=clear | findstr "Key Content") & echo. >> output_file.txt

To check if your servers are up you can use the ping command

  • ping google.com will ping 4 times.
  • What if you want to ping more than 4 times ping {domain/ip} -n {number}
  • Continuous ping can be done with ping -t {domain/ip}

Check the path to a website use the tracert {domain name} (trace route)

  • tracert google.com
  • Use tracert -d {domain} to make it faster and not resolve domain names

- System

> Power

  • To check your system power powercfg /energy
  • To check the battery report powercfg /batteryreport

> Files

  • To check file associations assoc
  • to change file associations asssoc {.file_extension}={application.media_extension}
  • Secure copy, to copy files between systems use scp {filename.extension} user@IP:{where you want to store it on that sevrer
  • Mount any folder on your system as a mounted drive subst {drive letter:} {"full folder path"}

Example

C:\Users\user\Pictures>subst s: "C:\Users\user\Pictures"

%% to undo %%

C:\Users\user\Pictures>subst /d s:
  • Empty all temp files
C:\Users\user\Pictures>del /q/f /s %temp%\*
C:\Users\user\Pictures>del /s /q C:\windows\temp\*

> Disk health

  • Check the disk health (troubleshooting) chdsk /f and try to fix issues
    • chkdsk /r check physical sector issues and fix them
  • Check the system files using sfc /scannow
  • DISM /Online /Cleanup-Image /CheckHealth , Deployment Image Servicing and Management, will try to fix you system image
    • DISM /Online /Cleanup-Image /ScanHealth longer deep scan
    • DISM /Online /Cleanup-Image /RestoreHealth if any issues are found from previous step

> Tasks

  • tasklist | findstr {string to find} check the running tasks to find the ones that have the defined string in their names.
  • taskkill /f /pid {processID}
  • Open windows explorer where you are at explorer .

> Computer

  • To shutdown your computer use shutdown
  • To shutdown and restart into BIOS shutdown /r /fw /f /t 0
  • To display all the info about your system ``

Security Hacks 🧑‍💻

Hide an archived file inside a photo

  1. Add all the files you want to hide in an archive file (.zip for example)
  2. Open cmd in Administrator mode
  3. Type the command copy /b {image to hide stuff in}+{secret zip file} {name of output file}

Example:

C:\Users\user\Pictures>copy /b ffmpg-winget.png+secret_files.zip stagnatedimg.jpg
ffmpg-winget.png
secret_files.zip
        1 file(s) copied.

⚠️⚠️Encrypt the current folder you're in⚠️⚠️

[!caution] Be very cautious when using this command You could encrypt a whole folder without noticing and no one would be able to view/open it except your user

  • Navigate inside the folder you want to encrypt
  • Type the command Cipher /E

Hide a folder or file

  • To hide a folder attrib +h +s +r {folder name}

Example:

C:\Users\user\Pictures\stago>attrib +h +s +r hidden_folder
  • To unhide the folder reverse all the "+" to "-"

Example:

C:\Users\user\Pictures\stago>attrib -h -s -r hidden_folder

List of all commands you ever typed

  • Get a full list of everything you typed doskey /history

Customization

> Color

  • To change the background color color {2-digit number} , you can use color ? to check out the color combination of text and BG

> Prompt

  • To create a prompt prompt {prompt name}$G, type prompt again to undo this

> Title

  • You can change the title of your windows bar type title {title you want}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment