21 hours 43 minutes
Windows command line.
Now, we're gonna learn about some basic commands and Windows
don't forget about Windows. I think this is a big mistake or something that many pen testers. Junior pen testers have problems with is you learn so much about Lennox, Lennox is great to learn on Lennox is great to hack.
But you know, Windows, Windows is a big weakness of mine in O. S. C. P. I really was not comfortable with Windows and the commands that I had to use when I actually got into a Windows box to do privilege escalation or or where to look for sensitive files. I just it wasn't a strong point of mine. And I, you know, I think some of the
places like hack the box or try hack me
are trying to to do both. Windows and Lennox hosts now so you can get comfortable with both.
Um but you know, like I said, it's important to know windows as well because we don't really use Windows when we are hacking and we're not really in the command line when I,
you know, I started using Windows when I was young, I never really use the command line at all, but the command line actually has a great amount of information um when you know how to use it.
Also with the with the utilization of power shell, um we have even more abilities in Windows. I don't really talk about power Shell in this course, but it's important. It's important to understand both, you know, a command terminal or command shell and how to use Power Shell as well. And we will use Power Shell a little bit later when we talk about privilege escalation, but
it's important to know both command line and power show.
So the structure of Windows, it's it's different than Lennox. There are named drives. If you're old like me, you know, you've seen A A and B uh as like floppy disks back in the day, um D you used to be, I guess that's even old nowadays. Cd rom's
program files. And you also see program files X 86. Just because of interoperability between the 32 64 bit uh programs, but all programs are in these two directories, so maybe there's a vulnerable program. You're looking for vulnerable. Program for privilege escalation
could be in program files or program files X 86
X 86. Just being the old school or 32 bit or 16 bit programs. Really old.
Uh The user's directory, that's where you're gonna find what users on that box, you know, administrator, um Whatever other users may be on that box, you know, maybe the local file. Local uh for CTS is going to be in the user's desktop or or downloads. It will be in there.
Windows will have system and system 32 folders. That's why you're executed balls and DLL files are. If you get into forensics, this is where the really important stuff happens. Um I net pub.
So if you see this directory, I had no idea what it was when, because when when did I stand up in I. S server? Never, not until I started doing this kind of stuff, but that's your default directory for your web server. So if you hack into a web server or you know, the box has a web server, you maybe you can put some interesting files in there or you can see what files are on that server in I net pub.
So unlike Lennox, Windows is case insensitive. So cyber uppercase Ibori lower case,
it's going to be the same thing because it is case insensitive
up arrows, like Lennox also goes through your history. Um So if you want to get to a command that you used, you know 55 commands go up up up up, you know, five times
also using quotes. So you know, we have program files, it's two words. So you want to do, you know, maybe you're gonna change directory or you want to see some that what's in that directory and it's two words, make sure you use quotations, quotation marks. Um Windows has different command prompts, unlike Lennox where you had the dollar sign and the and the pound sign.
Windows is different terminals, so you can run a command on TFC as as an unprivileged user and you can run it as the administrator, that's where you a c comes into play and you have to actually hit yes when you run something as an administrator. Hard to do from the command line.
Um Well you can't really do it from the command line. So uh forward slash question mark is the equivalent in Lenox to help. So hopefully we'll tell you what that command does when you do forward slash question mark.
Who am I like I said before, it's a system agnostic. It works on both Lennox and Windows. Or you can do Echo percent username percent. Maybe this is a Windows XP box. I don't know if they have who am I on them? You can try the echo username to see who you are,
Who am I four slash all shows a great deal of information. I recommend doing that if you're on a Windows box, just to see everything that you can do is that user
we'll show you information about that account. So maybe you want to or any account on that box. Maybe you want to see more information about the administrator, so you do. Net user administrator.
System info is also another good one that I use just to see all the information I can about that system. Maybe see what patches it has or maybe it doesn't have. So system info is kind of like you name a on Lennox,
D I R forward slash a will list all files and some capture the flags. You might see that, you know, maybe files hidden. Well, you can show all all files, even hidden files with your uh forward slash a
um endure forward slash s searches all the folders in that directory.
Kind of like a recursive search
type is like cat. So that just displays the contents of a file, sort of using cat. You'll use type when you find the flag
task list, displays all the tasks that are processes that are currently running.
You can also use Echo in windows, like you couldn't Lennox to create a file so echo some text into example. Dot txt will create that file. Fine string is like grip, it will search for text in files
so similar to Lennox, but not copy. Like we said in Lennox's CP here is copy move like envy. This is the whole word move.
Del deletes files and DAS key forwards. Space forward slash history is like doing history on Lennox.
So in summary. Now, hopefully you can demonstrate some of the basic commands in Windows.