master
Raw Download raw file 
 1#  ,whoami,win_cmd
 2#  ,hostname,win_cmd
 3#  ,ver,win_cmd
 4#  ,systeminfo,win_cmd
 5#  ,date /t,win_cmd
 6#  ,time /t,win_cmd
 7#  ,type,win_cmd
 8#  ,echo,win_cmd
 9#  ,more,win_cmd
10#  ,start,win_cmd
11#  ,sort,win_cmd
12#  ,cls,win_cmd
13#  ,ipconfig,win_cmd
14#  ,,win_cmd
15#  ,,win_cmd
16#  ,,win_cmd
17#  ,,win_cmd
18# 
19#  ,,
20# auditpol 
21Displays information about and performs functions to manipulate audit policies: ?,auditpol,win_cmd
22auditpol.exe was added in which version of Windows?,vista,win_cmd
23[Flag] Display the current audit policy: auditpol /[?] /category:*,get,win_cmd
24[Flag] Save the current audit policy to a file: auditpol /[?] /file:c:\filename,backup,win_cmd
25[T/F] auditpol.exe can be run on a remote system (via /s)?,F,win_cmd
26
27# driver query
28Display a list of all installed device drivers and their properties: [?].exe,driverquery,win_cmd
29[T/F] driverquery.exe can be run on a remote system?,T,win_cmd
30[Flag] Display digital signature information: driverquery /[?],si,win_cmd
31
32# cmd
33Windows' default command shell: [?].exe,cmd,win_cmd
34
35# ds
36Active Directory Domain Services commands (add/mod/get/query) start with this prefix,ds,win_cmd
37Add active directory object: [?].exe,dsadd,win_cmd
38Modify an active directory object: [?].exe,dsmod,win_cmd
39View active directory objects: [?].exe,dsget,win_cmd
40Rename or Move an active directory object to a different OU: [?].exe,dsmove,win_cmd
41Delete active directory objects: [?].exe,dsrm,win_cmd
42
43# acl
44Display or modify Access Controle Lists (Pre-Vista): [?].exe,cacls,win_cmd
45Display or modify Access Controle Lists (Vista+): [?].exe,icacls,win_cmd
46Which version of Windows introducted the new ACL file/folder permissions tool icacls.exe?,vista,win_cmd
47
48# sc
49Create/Stop/Start/Query/Delete any windows service: [?].exe,sc,win_cmd
50
51# systeminfo
52Display detailed config info about a computer: [?].exe,systeminfo,win_cmd
53[T/F] systeminfo.exe can be run on a remote system (via /s)?,T,win_cmd
54
55# taskkill
56End one or more processes (by id or name): [?].exe,taskkill,win_cmd
57[T/F] taskkill.exe can be run on a remote system (via /s)?,T,win_cmd
58[T/F] taskkill.exe can be used to kill more than one process?,T,win_cmd
59[Flag] Specify the process to be killed by name: taskkill /[?] notepad.exe?,im,win_cmd
60[Flag] Specify the process to be killed by process id: taskkill /[?] 2341,pid,win_cmd
61
62# tasklist
63List of applications and services with their Process ID: [?].exe,tasklist,win_cmd
64[T/F] tasklist.exe can be run on a remote system (via /s)?,T,win_cmd
65[T/F] tasklist.exe can be used to kill more than one process?,T,win_cmd
66[Flag] Specify the process to be killed by name: taskkill /[?] notepad.exe,im,win_cmd
67[Flag] Specify the process to be killed by process id: taskkill /[?] notepad.exe,pid,win_cmd
68
69# task[kill|list] filters
70[T/F] /fi "PID eq 2223" is a valid taskkill or tasklist filter?,T,win_cmd
71[T/F] /fi "PID gt 2233" is a valid taskkill or tasklist filter?,T,win_cmd
72[T/F] /fi "USERNAME eq NT AUTHORITY\SYSTEM" is a valid taskkill or tasklist filter?,T,win_cmd
73[T/F] /fi "USERNAME ne NT*" is a valid taskkill or tasklist filter?,T,win_cmd
74[T/F] /fi "IMAGENAME eq Notepad.exe" is a valid taskkill or tasklist filter?,T,win_cmd
75[T/F] /fi "PID == 2223" is a valid taskkill or tasklist filter?,F,win_cmd
76[T/F] /fi "PID > 2233" is a valid taskkill or tasklist filter?,F,win_cmd
77[T/F] /fi "USERNAME == NT AUTHORITY\SYSTEM" is a valid taskkill or tasklist filter?,F,win_cmd
78[T/F] /fi "USERNAME != NT*" is a valid taskkill or tasklist filter?,F,win_cmd
79[T/F] /fi "IMAGENAME == Notepad.exe" is a valid taskkill or tasklist filter?,F,win_cmd
80[T/F] /fi "IMAGENAME ge Notepad.exe" is a valid taskkill or tasklist filter?,F,win_cmd
81[T/F] /fi "Services eq 0" is a valid taskkill or tasklist filter?,F,win_cmd
82[T/F] /fi "Session eq 0" is a valid taskkill or tasklist filter?,T,win_cmd
83[T/F] /fi "Modules eq stsfp.dll" is a valid taskkill or tasklist filter?,T,win_cmd
84[T/F] /fi "Modules == stsfp.dll" is a valid taskkill or tasklist filter?,T,win_cmd
85[T/F] /fi "Status eq ACTIVE" is a valid taskkill or tasklist filter?,F,win_cmd
86[T/F] /fi "Status eq DISABLED" is a valid taskkill or tasklist filter?,F,win_cmd
87[T/F] /fi "Status eq RUNNING" is a valid taskkill or tasklist filter?,T,win_cmd
88
89# wevutil
90Retrieve information about event logs and publishers: [?].exe,wevtutil,win_cmd
91Display the names of all logs (short version): wevtutil [?],el,win_cmd
92Display System event logs (short version): wevtutil [?] System,qe,win_cmd
93[Flag] Return events in reverse order: wevtutil /[?]:true,rd,win_cmd
94[Flag] Limit the results to 5 logs: wevtutil /[?]:5,c,win_cmd
95
96
97# doskey
98List the history of the commands run in the current session: [?].exe /history,doskey,win_cmd