master
Raw Download raw file 
 1#  ,whoami,windows_cmd
 2#  ,hostname,windows_cmd
 3#  ,ver,windows_cmd
 4#  ,systeminfo,windows_cmd
 5#  ,date /t,windows_cmd
 6#  ,time /t,windows_cmd
 7#  ,type,windows_cmd
 8#  ,echo,windows_cmd
 9#  ,more,windows_cmd
10#  ,start,windows_cmd
11#  ,sort,windows_cmd
12#  ,cls,windows_cmd
13#  ,ipconfig,windows_cmd
14#  ,,windows_cmd
15#  ,,windows_cmd
16#  ,,windows_cmd
17#  ,,windows_cmd
18# 
19#  ,,
20# auditpol 
21Displays information about and performs functions to manipulate audit policies: ?,auditpol,windows_cmd
22auditpol.exe was added in which version of Windows?,vista,windows_cmd
23[Flag] Display the current audit policy: auditpol /[?] /category:*,get,windows_cmd
24[Flag] Save the current audit policy to a file: auditpol /[?] /file:c:\filename,backup,windows_cmd
25[T/F] auditpol.exe can be run on a remote system (via /s)?,F,windows_cmd
26
27# driver query
28Display a list of all installed device drivers and their properties: [?].exe,driverquery,windows_cmd
29[T/F] driverquery.exe can be run on a remote system?,T,windows_cmd
30[Flag] Display digital signature information: driverquery /[?],si,windows_cmd
31
32# cmd
33Windows' default command shell: [?].exe,cmd,windows_cmd
34
35# ds
36Active Directory Domain Services commands (add, mod, get, query) start with this prefix,ds,windows_cmd
37Add active directory object: [?].exe,dsadd,windows_cmd
38Modify an active directory object: [?].exe,dsmod,windows_cmd
39View active directory objects: [?].exe,dsget,windows_cmd
40Rename or Move an active directory object to a different OU: [?].exe,dsmove,windows_cmd
41Delete active directory objects: [?].exe,dsrm,windows_cmd
42
43# acl
44Display or modify Access Controle Lists (Pre-Vista): [?].exe,cacls,windows_cmd
45Display or modify Access Controle Lists (Vista+): [?].exe,icacls,windows_cmd
46Which version of Windows introducted the new ACL file/folder permissions tool icacls.exe?,vista,windows_cmd
47
48# sc
49Create, stop, start, query or delete any windows service: [?].exe,sc,windows_cmd
50
51# systeminfo
52Display detailed config info about a computer: [?].exe,systeminfo,windows_cmd
53[T/F] systeminfo.exe can be run on a remote system (via /s)?,T,windows_cmd
54
55# taskkill
56End one or more processes (by id or name): [?].exe,taskkill,windows_cmd
57[T/F] taskkill.exe can be run on a remote system (via /s)?,T,windows_cmd
58[T/F] taskkill.exe can be used to kill more than one process?,T,windows_cmd
59[Flag] Specify the process to be killed by name: taskkill /[?] notepad.exe?,im,windows_cmd
60[Flag] Specify the process to be killed by process id: taskkill /[?] notepad.exe,pid,windows_cmd
61
62# tasklist
63List of applications and services with their Process ID: [?].exe,tasklist,windows_cmd
64[T/F] tasklist.exe can be run on a remote system (via /s)?,T,windows_cmd
65[T/F] tasklist.exe can be used to kill more than one process?,T,windows_cmd
66[Flag] Specify the process to be killed by name: taskkill /[?] notepad.exe,im,windows_cmd
67[Flag] Specify the process to be killed by process id: taskkill /[?] notepad.exe,pid,windows_cmd
68
69# task[kill|list] filters
70[T/F] /fi "PID eq 2223" is a valid taskkill or tasklist filter?,T,windows_cmd
71[T/F] /fi "PID gt 2233" is a valid taskkill or tasklist filter?,T,windows_cmd
72[T/F] /fi "USERNAME eq NT AUTHORITY\SYSTEM" is a valid taskkill or tasklist filter?,T,windows_cmd
73[T/F] /fi "USERNAME ne NT*" is a valid taskkill or tasklist filter?,T,windows_cmd
74[T/F] /fi "IMAGENAME eq Notepad.exe" is a valid taskkill or tasklist filter?,T,windows_cmd
75[T/F] /fi "PID == 2223" is a valid taskkill or tasklist filter?,F,windows_cmd
76[T/F] /fi "PID > 2233" is a valid taskkill or tasklist filter?,F,windows_cmd
77[T/F] /fi "USERNAME == NT AUTHORITY\SYSTEM" is a valid taskkill or tasklist filter?,F,windows_cmd
78[T/F] /fi "USERNAME != NT*" is a valid taskkill or tasklist filter?,F,windows_cmd
79[T/F] /fi "IMAGENAME == Notepad.exe" is a valid taskkill or tasklist filter?,F,windows_cmd
80[T/F] /fi "IMAGENAME ge Notepad.exe" is a valid taskkill or tasklist filter?,F,windows_cmd
81[T/F] /fi "Services eq 0" is a valid taskkill or tasklist filter?,F,windows_cmd
82[T/F] /fi "Session eq 0" is a valid taskkill or tasklist filter?,T,windows_cmd
83[T/F] /fi "Modules eq stsfp.dll" is a valid taskkill or tasklist filter?,T,windows_cmd
84[T/F] /fi "Modules == stsfp.dll" is a valid taskkill or tasklist filter?,T,windows_cmd
85[T/F] /fi "Status eq ACTIVE" is a valid taskkill or tasklist filter?,F,windows_cmd
86[T/F] /fi "Status eq DISABLED" is a valid taskkill or tasklist filter?,F,windows_cmd
87[T/F] /fi "Status eq RUNNING" is a valid taskkill or tasklist filter?,T,windows_cmd
88
89# wevutil
90Retrieve information about event logs and publishers: [?].exe,wevtutil,windows_cmd
91Display the names of all logs (short version): wevtutil [?],el,windows_cmd
92Display System event logs (short version): wevtutil [?] System,qe,windows_cmd
93[Flag] Return events in reverse order: wevtutil /[?]:true,rd,windows_cmd
94[Flag] Limit the results to 5 logs: wevtutil /[?]:5,c,windows_cmd
95