Commit 2513fbf
Changed files (40)
windows
commands
sysinternals
windows/cli/arp.md
@@ -1,18 +0,0 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
-
-+++
-
-# arp
-
-https://technet.microsoft.com/en-us/library/bb490864.aspx
-
-## Syntax
-
-`arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] [-d InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]`
-
-## Examples
-| command | description |
-|-------------------------------------------------------|---------------------------------------|
windows/cli/cmd.md
@@ -1,18 +0,0 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
-
-+++
-
-
-# cmd.exe
-
-## File location
-
-| | 32bit shell | 64bit shell |
-|----------------|-------------|-------------|
-| **x86 system** | system32 | N/A |
-| **x64 system** | syswow64 | system32 |
-
-Native Commands: `copy`, `move`, `dir`, `set`, `date`, `help`, `path`
windows/cli/driverquery.md
@@ -1,14 +0,0 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
-
-+++
-# driverquery
-
-https://technet.microsoft.com/en-us/library/bb490896.aspx
-
-## Examples
-driverquery
-driverquery /si | findstr "TRUE"
-
windows/cli/template.md
@@ -1,23 +0,0 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
-
-+++
-# command name
-
-Link to online man page or main documentation
-
-## Usage
-
-Summary of usage to include a table of flags if appropriate
-
-## Examples
-| command | description |
-|---------|-------------|
-
-## More
-
- * List
- * Of
- * Links
windows/cli/tracert.md
@@ -1,16 +0,0 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
-
-+++
-# tracert
-
-https://technet.microsoft.com/en-us/library/cc940128.aspx
-
-## Syntax
-
-## Examples
-| command | description |
-|-------------------------------------------------------|---------------------------------------|
-
windows/cli/ds.md → windows/commands/[
@@ -1,11 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "ds"
-+++
-
-# Links
+---
### `ds` Commands
@@ -15,16 +13,16 @@ Here are the main links you want to have around.
| Command | Link | ss64 |
|------------|----------------------------------------------------------------------|--------------------------------------------|
-| `Dsacls` | [technet](https://technet.microsoft.com/en-us/library/cc771151.aspx) | |
-| `Dsadd` | [technet](https://technet.microsoft.com/en-us/library/cc753708.aspx) | |
-| `Dsamain` | [technet](https://technet.microsoft.com/en-us/library/cc772168.aspx) | |
-| `Dsdbutil` | [technet](https://technet.microsoft.com/en-us/library/cc753151.aspx) | |
-| `Dsget` | [technet](https://technet.microsoft.com/en-us/library/cc755162.aspx) | |
-| `Dsmgmt` | [technet](https://technet.microsoft.com/en-us/library/cc732473.aspx) | |
-| `Dsmod` | [technet](https://technet.microsoft.com/en-us/library/cc732406.aspx) | [ss64](http://ss64.com/nt/dsmod-user.html) |
-| `Dsmove` | [technet](https://technet.microsoft.com/en-us/library/cc732952.aspx) | |
-| `Dsquery` | [technet](https://technet.microsoft.com/en-us/library/cc732952.aspx) | [ss64](http://ss64.com/nt/dsquery.html) |
-| `Dsrm` | [technet](https://technet.microsoft.com/en-us/library/cc731865.aspx) | [ss64](http://ss64.com/nt/dsrm.html) |
+| `dsacls` | [technet](https://technet.microsoft.com/en-us/library/cc771151.aspx) | |
+| `dsadd` | [technet](https://technet.microsoft.com/en-us/library/cc753708.aspx) | |
+| `dsamain` | [technet](https://technet.microsoft.com/en-us/library/cc772168.aspx) | |
+| `dsdbutil` | [technet](https://technet.microsoft.com/en-us/library/cc753151.aspx) | |
+| `dsget` | [technet](https://technet.microsoft.com/en-us/library/cc755162.aspx) | |
+| `dsmgmt` | [technet](https://technet.microsoft.com/en-us/library/cc732473.aspx) | |
+| `dsmod` | [technet](https://technet.microsoft.com/en-us/library/cc732406.aspx) | [ss64](http://ss64.com/nt/dsmod-user.html) |
+| `dsmove` | [technet](https://technet.microsoft.com/en-us/library/cc732952.aspx) | |
+| `dsquery` | [technet](https://technet.microsoft.com/en-us/library/cc732952.aspx) | [ss64](http://ss64.com/nt/dsquery.html) |
+| `dsrm` | [technet](https://technet.microsoft.com/en-us/library/cc731865.aspx) | [ss64](http://ss64.com/nt/dsrm.html) |
# Examples
| Command | Description |
windows/commands/arp.md
@@ -0,0 +1,27 @@
+---
+date: "2016-12-01"
+draft: false
+title: "arp"
+
+---
+
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/bb490864.aspx)
+
+### Alternatives
+ * SysInt: none known
+ * WMIC: none known
+ * PS: none known
+
+### See Also
+ * [getmac]({{< relref "windows/commands/getmac.md" >}})
+
+## Syntax
+
+ ```
+ arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]]
+ [-d InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]
+ ```
+
+## Examples
+| command | description |
+|-------------------------------------------------------|---------------------------------------|
windows/commands/cmd.md
@@ -0,0 +1,22 @@
+---
+date: "2016-12-01"
+draft: false
+title: "cmd"
+
+---
+* [TechNet Manual - XP](https://technet.microsoft.com/en-us/library/bb490880.aspx)
+* [TechNet Mauual - W2012](https://technet.microsoft.com/en-us/library/cc771320.aspx)
+
+### Alternatives
+ * SysInt: none known
+ * WMIC: [wmic]({{< relref "windows/wmic/index.md" >}})
+ * PS: [powershell]({{< relref "windows/powershell/index.md" >}})
+
+## File location
+
+| | 32bit shell | 64bit shell |
+|----------------|-------------|-------------|
+| **x86 system** | system32 | N/A |
+| **x64 system** | syswow64 | system32 |
+
+Native Commands: `copy`, `move`, `dir`, `set`, `date`, `help`, `path`
windows/commands/driverquery.md
@@ -0,0 +1,19 @@
+---
+date: "2016-12-01"
+draft: false
+title: "driverquery"
+
+---
+
+* [TechNet Maual](https://technet.microsoft.com/en-us/library/bb490896.aspx)
+
+### Alternatives
+ * SysInt: [sigcheck]({{ <relref "windows/commands/sigcheck.md" > }})
+ * WMIC: [sysdriver]({{ <relref "windows/commands/sysdriver.md" > }})
+ * PS: [PnPSignedDriver](({{ <relref "windows/commands/pnpsigneddriver.md" > }})
+
+## Examples
+
+* `driverquery`
+* `driverquery /si | findstr "TRUE"`
+
windows/commands/ds.md
@@ -0,0 +1,56 @@
+---
+date: "2016-12-01"
+draft: false
+title: "ds"
+
+---
+
+## Commands
+
+The `ds` family of commands perform operations on Active Directory objects.
+There are too many commands to show all the flags but they mostly follow the same structure.
+Here are the main links you want to have around.
+
+| Command | Description | Link | ss64 |
+|------------|-------------|----------------------------------------------------------------------|--------------------------------------------|
+| `dsacls` | | [technet](https://technet.microsoft.com/en-us/library/cc771151.aspx) | |
+| `dsadd` | | [technet](https://technet.microsoft.com/en-us/library/cc753708.aspx) | |
+| `dsamain` | | [technet](https://technet.microsoft.com/en-us/library/cc772168.aspx) | |
+| `dsdbutil` | | [technet](https://technet.microsoft.com/en-us/library/cc753151.aspx) | |
+| `dsget` | | [technet](https://technet.microsoft.com/en-us/library/cc755162.aspx) | |
+| `dsmgmt` | | [technet](https://technet.microsoft.com/en-us/library/cc732473.aspx) | |
+| `dsmod` | | [technet](https://technet.microsoft.com/en-us/library/cc732406.aspx) | [ss64](http://ss64.com/nt/dsmod-user.html) |
+| `dsmove` | | [technet](https://technet.microsoft.com/en-us/library/cc732952.aspx) | |
+| `dsquery` | | [technet](https://technet.microsoft.com/en-us/library/cc732952.aspx) | [ss64](http://ss64.com/nt/dsquery.html) |
+| `dsrm` | | [technet](https://technet.microsoft.com/en-us/library/cc731865.aspx) | [ss64](http://ss64.com/nt/dsrm.html) |
+
+# Examples
+| Command | Description |
+|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------|
+| `dsquery computer` | get comptuer info |
+| `dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)" -attr *` | get all users metadata |
+| `dsquery * "<DN>" -attr *` | get all attributes |
+| `dsquery * -attr operatingSystem operatingSystemServicePack -filter "(| (operatingSystem=*))` | service pack info |
+| `dsquery user -name *FILTER* | dsget user -memberof` | user group memberships |
+| `dsquery group -name *FILTER* | dsget group -members | dsget user -upn` | all group members upns |
+| `dsget group "<GROUP DN>" -members` | list members |
+| `dsadd user "CN=userA,CN=users,DC=acme,DC=local" -samid usera -upn usera@acme.local -fn "user" -ln "a" -display "User A" -pwd abc123 -desc "user a" -disabled no` | create a user |
+| `dsadd group "cn=acme admins,cn=users,dc=acme,dc=local"` | add a group (OU) |
+| `dsmod group "<GROUP DN>" -addmbr "<MEMBER DN>"` | add member to group |
+| `dsrm "<OBJECT DN>" -noprompt` | remove raw object |
+| `dsquery computer -name <NAME>` | Determine if a computer name is on the domain |
+| `dsquery ou -name *` | Find all OU's |
+| `dsquery user "OU=Acme Admins,DC=acme,DC=local" -desc "Acme Admin"` | Get all users belonging to an OU with a particular description |
+| `dsquery user -samid <SAMID> | dsrm -noprompt` | remove user by samid |
+| `dsmove <DN> -newparent <PARENT_DN>` | move to new parent |
+
+## Is this box a member of a domain?
+
+ * nslookup -type=any %userdnsdomain%.
+ * nltest /dclist:<DOMAIN NAME>
+ * systeminfo | findstr "Domain"
+
+## use variables for long OU names
+
+ * `set _usera="cn=userA,ou=users,dc=domain,dc=local`
+ * `dsmod user %_usera% -disabled yes`
windows/cli/icacls.md → windows/commands/icacls.md
@@ -1,26 +1,17 @@
-+++
-date = "2016-12-02"
-draft = false
-title = "icacls"
+---
+date: "2016-12-02"
+draft: false
+title: "icacls"
-+++
-
-#`icacls`
+---
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/cc753525.aspx)
+* [ss64 Manual](http://ss64.com/nt/icacls.html)
Change file and folder permissions - display or modify Access Control Lists (ACLs) for files and folders.
The `icacls` command should be used instead of `cacls` on Windows Server 2003
SP 2 and higher.
-
-Unfortunately the TechNet documentation isn't very complete. Using both
-of the following links provides a good picture of the command.
-
-| Description | Link |
-|-----------------------|-------------------------------------------------------------|
-| Good syntax reference | <http://ss64.com/nt/icacls.html> |
-| Technet Article | <https://technet.microsoft.com/en-us/library/cc753525.aspx> |
-
## Syntax through Examples
```bash
windows/commands/index.md
@@ -0,0 +1,23 @@
+---
+date: "2016-12-01"
+draft: false
+title: "Windows CLI Commands"
+
+---
+
+* [arp]({{< relref "windows/commands/arp.md" >}})
+* [cmd]({{< relref "windows/commands/cmd.md" >}})
+* [driverquery]({{< relref "windows/commands/driverquery.md" >}})
+* [ds]({{< relref "windows/commands/ds.md" >}})
+* [icacls]({{< relref "windows/commands/icacls.md" >}})
+* [nbtstat]({{< relref "windows/commands/nbtstat.md" >}})
+* [netsh]({{< relref "windows/commands/netsh.md" >}})
+* [netstat]({{< relref "windows/commands/netstat.md" >}})
+* [pathping]({{< relref "windows/commands/pathping.md" >}})
+* [ping]({{< relref "windows/commands/ping.md" >}})
+* [sc]({{< relref "windows/commands/sc.md" >}})
+* [taskkill]({{< relref "windows/commands/taskkill.md" >}})
+* [tasklist]({{< relref "windows/commands/tasklist.md" >}})
+* [template]({{< relref "windows/commands/template.md" >}})
+* [tracert]({{< relref "windows/commands/tracert.md" >}})
+
windows/cli/nbstat.md → windows/commands/nbtstat.md
@@ -1,11 +1,11 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "nbtstat"
-+++
-# nbstat
-https://technet.microsoft.com/en-us/library/cc940106.aspx
+---
+
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/cc940106.aspx)
## Syntax
windows/cli/netsh.md → windows/commands/netsh.md
@@ -1,14 +1,13 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "netsh"
-+++
-# `netsh`
+---
Advanced networking command-line utility.
-Resources
+## Resources
| Description | Link |
|--------------------------------------------------------------|--------------------------------------------------------------------------|
@@ -17,7 +16,6 @@ Resources
| Disabling specific firewall profiles | [MSDN](https://msdn.microsoft.com/en-us/library/dd772588) |
| `netsh advfirewall firewall` docs | [TechNet](https://technet.microsoft.com/en-us/library/dd734783) |
| Some additional examples (old and new firewall cmds) | [support.microsoft](https://support.microsoft.com/en-us/kb/947709) |
-| | |
## Firewall
windows/cli/netstat.md → windows/commands/netstat.md
@@ -1,12 +1,11 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "netstat"
-+++
-# netstat
+---
-https://technet.microsoft.com/en-us/library/bb490947.aspx
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/bb490947.aspx)
## Syntax
windows/cli/pathping.md → windows/commands/pathping.md
@@ -1,13 +1,11 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "pathping"
-+++
+---
-# pathping
-
-https://technet.microsoft.com/en-us/library/bb490964.aspx
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/bb490964.aspx)
## Syntax
windows/cli/ping.md → windows/commands/ping.md
@@ -1,13 +1,12 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "ping"
-+++
+---
-# ping
-https://technet.microsoft.com/en-us/library/bb490968.aspx
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/bb490968.aspx)
## Syntax
windows/cli/sc.md → windows/commands/sc.md
@@ -1,13 +1,17 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "sc"
-+++
-# `sc`
+---
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/bb490995.aspx)
+
+### Alternatives
+ * SysInt: [psservice]({{< relref "windows/sysinternals/psservice.md" >}})
+ * WMIC: [service]({{< relref "windows/wmic/service.md" >}})
+ * PS: [service]({{< relref "windows/powershell/service.md" >}})
The Services Controller (SC) utility is native to Windows, and is included with the installation of the operating system. It includes a number of options that provide the functionality to allow you to view, manage and configure the services on the local computer as well as a remote computer.
-https://technet.microsoft.com/en-us/library/bb490995.aspx
## Usage
windows/cli/taskkill.md → windows/commands/taskkill.md
@@ -1,12 +1,11 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "taskkill"
-+++
-# taskkill
-https://technet.microsoft.com/en-us/library/bb491009.aspx
+---
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/bb491009.aspx)
## Examples
| command | description |
windows/cli/tasklist.md → windows/commands/tasklist.md
@@ -1,11 +1,10 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "tasklist"
-+++
-# tasklist
-https://technet.microsoft.com/en-us/library/bb491010.aspx
+---
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/bb491010.aspx)
## Examples
windows/commands/template.md
@@ -0,0 +1,27 @@
+---
+date: "2016-12-01"
+draft: false
+title: "template"
+
+---
+
+```
+* [TechNet Manual]({{< relref "windows/commands/template.md" >}})
+
+### Alternatives
+ * SysInt: [pstemplate]({{< relref "windows/sysinternals/pstemplate.md" >}})
+ * WMIC: none known
+ * PS: none known
+
+### See Also
+ * [anothercmd]
+
+
+## Usage
+
+Summary of usage to include a table of flags if appropriate
+
+## Examples
+| command | description |
+|---------|-------------|
+```
windows/commands/tracert.md
@@ -0,0 +1,19 @@
+---
+date: "2016-12-01"
+draft: false
+title: "tracert"
+
+---
+* [TechNet Manual](https://technet.microsoft.com/en-us/library/cc940128.aspx)
+
+### alternatives
+ * sysint alt - [psping]({{< relref "windows/sysinternals/psping.md" >}})
+ * wmic alt - none known
+ * ps alt - none known
+
+## Syntax
+
+## Examples
+| command | description |
+|-------------------------------------------------------|---------------------------------------|
+
windows/auditing.md → windows/meta/auditing.md
@@ -1,9 +1,11 @@
-+++
-date = "2016-12-01"
-draft = false
-title = "Windows Auditing"
+---
+date: "2016-12-01"
+draft: false
+title: "Windows Auditing"
-+++
+---
+
+# Windows Auditing
### Useful Links
windows/meta/index.md
@@ -0,0 +1,6 @@
+---
+date: "2016-12-01"
+draft: false
+title: "Windows"
+
+---
windows/win_env.md → windows/meta/win_env.md
@@ -1,9 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "Environmental Variables"
-+++
+---
# Environmental Variables
windows/win_kernel.md → windows/meta/win_kernel.md
@@ -1,9 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "Windows Kernel"
-+++
+---
# Windows Kernel
windows/win_passive.md → windows/meta/win_passive.md
@@ -1,9 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "Process List"
-+++
+---
## process list
windows/win_registry.md → windows/meta/win_registry.md
@@ -1,9 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "Windows Registry"
-+++
+---
# Windows Registry
windows/win_sid.md → windows/meta/win_sid.md
@@ -1,9 +1,9 @@
-+++
-date = "2016-12-01"
-draft = true
-title = ""
+---
+date: "2016-12-01"
+draft: false
+title: "SID & RID"
-+++
+---
## SID Components
windows/cli/sysinternals/handle.md → windows/sysinternals/handle.md
File renamed without changes
windows/sysinternals/index.md
@@ -0,0 +1,6 @@
+---
+date: "2016-12-01"
+draft: false
+title: "Windows CLI"
+
+---
windows/cli/sysinternals/listdlls.md → windows/sysinternals/listdlls.md
File renamed without changes
windows/cli/sysinternals/pskill.md → windows/sysinternals/pskill.md
File renamed without changes
windows/cli/sysinternals/pslist.md → windows/sysinternals/pslist.md
File renamed without changes
windows/cli/sysinternals/psservice.md → windows/sysinternals/psservice.md
File renamed without changes
windows/cli/wmic/cpu.md → windows/wmic/cpu.md
File renamed without changes
windows/cli/wmic/datafile.md → windows/wmic/datafile.md
File renamed without changes
windows/cli/wmic/process.md → windows/wmic/process.md
File renamed without changes
windows/cli/wmic/useraccount.md → windows/wmic/useraccount.md
File renamed without changes
windows/index.md
@@ -1,6 +0,0 @@
-+++
-date = "2016-12-01"
-draft = false
-title = "Windows"
-
-+++