- Netbackup Windows Command Line Cheat Sheet
- Windows Server Command Line Cheat Sheet
- Windows Command Line Cheat Sheet Sans
When coming up to speed as a Linux user, it helps to have a cheat sheet that can help introduce you to some of the more useful commands.
In the tables below, you’ll find sets of commands with simple explanations and usage examples that might help you or Linux users you support become more productive on the command line.
Getting familiar with your account
These commands will help new Linux users become familiar with their Linux accounts.
Command | Function | Example |
---|---|---|
pwd | Displays your current location in the file system | pwd |
whoami | Displays your username – most useful if you switch users with su and need to be reminded what account you're using currently | whoami |
ls | Provides a file listing. With -a, it also displays files with names starting with a period (e.g., .bashrc). With -l, it also displays file permissions, sizes and last updated date/time. | ls ls -a ls -l |
env | Displays your user environment settings (e.g., search path, history size, home directory, etc.) | env |
echo | Repeats the text you provide or displays the value of some variable | echo hello echo $PATH |
history | Lists previously issued commands | history history | tail -5 |
passwd | Changes your password. Note that complexity requirements may be enforced. | passwd history | tail -5 |
Examining files
Linux provides several commands for looking at the content and nature of files. These are some of the most useful commands.
Command | Function | Example |
---|---|---|
cat | Displays the entire contents of a text file. | cat .bashrc |
more | Displays the contents of a text file one screenful at a time. Hit the spacebar to move to each additional chunk. | more .bash_history |
less | Displays the contents of a text file one screenful at a time, but in a manner that allows you to back up using the up arrow key. | less .bash_history |
file | Identifies files by type (e.g., ASCII text, executable, image, directory) | file myfile file ~/.bashrc file /bin/echo |
Managing files
These are some Linux commands for changing file attributes as well as renaming, moving and removing files.
Command | Function | Example |
---|---|---|
chmod | Changes file permissions (who can read it, whether it can be executed, etc.) | chmod a+x myscript chmod 755 myscript |
chown | Changes file owner | sudo chown jdoe myfile |
cp | Makes a copy of a file. | cp origfile copyfile |
mv | Moves or renames a file – or does both | mv oldname newn |
To continue reading this article register now
Learn More Existing Users Sign In
In the event that your Windows machine has been compromised or for any other reason, this cheat sheet is intended to help. This article is for Windows Administrators and security personnel to better execute a thorough examination of their framework (inside and out) keeping in mind the end goal is to search for indications of compromise.
1.Unusual Log Entries:
Check your logs for suspicious events, such as:
- “Event log service was stopped.”
- “Windows File Protection is not active on this system.”
- “The protected System file [file name] was not restored to its original, valid version because of the Windows File Protection…”
- “The MS Telnet Service has started successfully.”
- Look for a large number of failed logon attempts or locked out accounts.
To do this using the GUI, run the Windows event viewer:
C:> eventvwr.msc
Using the command prompt:
C:> eventquery.vbs | more
Or, to focus on a particular event log:
C:> eventquery.vbs /L security
2.Unusual Processes and Services:
Look for unusual/unexpected processes, and focus on processes with User Name “SYSTEM” or “Administrator” (or users in the Administrators’ group). You need to be familiar with normal processes and services and search for deviations.
Using the GUI, run Task Manager:
C:> taskmgr.exe
Using the command prompt:
C:> tasklist
C:> wmic process list full
C:> wmic process list full
Also look for unusual services.
Using the GUI:
C:> services.msc
C:> services.msc
Using the command prompt:
C:> net start
C:> sc query
C:> sc query
For a list of services associated with each process:
C:> tasklist /svc
3.Unusual Files and Registry Keys
Check file space usage to look for sudden major decreases in free space, using the GUI (right-click on a partition), or type:
C:> dir c:
Look for unusually big files:
Start–> Search–>For Files of Folders… Search Options–>Size–>At Least 10000KB
Look for strange programs referred to in registry keys associated with system start up:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HKLMSoftwareMicrosoftWindowsCurrentVersionRunonce
HKLMSoftwareMicrosoftWindowsCurrentVersionRunonceEx
Note that you should also check the HKCU counterparts (replace HKLM with HKCU above).
Using the GUI:
Using the GUI:
C:> regedit
Using the command prompt:
C:> reg query <reg key>
4.Unusual Network Usage
Torrentz2. Look at file shares, and make sure each has a defined business purpose:
C:> net view 127.0.0.1
Look at who has an open session with the machine:
C:> net session
Look at which sessions this machine has opened with other systems:
C:> net use
Look at NetBIOS over TCP/IP activity:
C:> nbtstat –S
Look for unusual listening TCP and UDP ports:
C:> netstat –na
For continuously updated and scrolling output of this command every 5 seconds:
C:> netstat –na 5
The –o flag shows the owning process id:
C:> netstat –nao 5 Usb to rs232 driver windows 10.
The –b flag shows the executable name and the DLLs loaded for the network connection.
C:> netstat –naob 5
Note that the –b flag uses excessive CPU resources.
Again, you need to understand normal port usage for the system and look for deviations.
Again, you need to understand normal port usage for the system and look for deviations.
Also, check Windows Firewall configuration:
C:> netsh firewall show config
5.Unusual Scheduled Tasks
Look for unusually scheduled tasks, especially those that run as a user in the Administrators group, as SYSTEM, or with a blank user name.
Using the GUI, run Task Scheduler:
Start–>Programs–>Accessories–>System Tools–>Scheduled Tasks
Using the command prompt:
C:> schtasks
Check other autostart items as well for unexpected entries, remembering to check user autostart directories and registry keys.
Using the GUI, run msconfig and look at the Startup tab:
Start –> Run, msconfig.exe
Netbackup Windows Command Line Cheat Sheet
Using the command prompt:
C:> wmic startup list full
6.Unusual Accounts
Look for new, unexpected accounts in the Administrators group:
C:> lusrmgr.msc
Click on Groups, Double Click on Administrators, then check members of this group.
This can also be done at the command prompt:
This can also be done at the command prompt:
C:> net user
C:> netlocalgroup administrators
C:> netlocalgroup administrators
7.Other Unusual Items
Look for unusually sluggish performance and a single unusual process hogging the CPU:
Task Manager –> Process and Performance tabs
Look for unusual system crashes, beyond the normal level for the given system.
Windows Server Command Line Cheat Sheet
On a periodic basis (daily, weekly, or each time you logon to a system you manage,) run through these quick steps to look for anomalous behavior that might be caused by a computer intrusion. Each of these commands runs locally on a system.
Windows Command Line Cheat Sheet Sans
You can get more articles in our Website https://gbhackers.com/