Windows Command Line

• Windows Command Reference describes the use of the command-line tools used to perform various tasks related to Windows Vista, Windows Server 2003, and Windows Server 2008.
• Windows Command Line Cheatsheet by Ed Skoudis
• Windows Command Line
• Useful Command Line Commands On Windows at ServerFault.com
• PowerShell Quick Reference
• Ben Pearce’s PowerShell Cheat Sheet

• Delete all files smaller than 20K

FOR %F IN (*.*) DO (IF %~zF LSS 20480 DEL %F)

• Given a list of domain names (zeusscc.txt), learn what IP addresses your DNS server reports:

for /F %N in (zeuscc.txt) do nslookup %N>>zeuscc_log.txt

• Unzip a file (using 7-zip) to the “example” folder:

7z x -oexample example.zip

Command line syntax for 7z.exe can be found in the 7-zip.chm Windows help file.

• Test integrity of all zip files in the current folder and save results in temp.txt:

"C:\Program Files\7-Zip\7z.exe" t *.zip *.*>temp.txt

• Zip all folders into their own zip files

for /d %i in (*) do "c:\Program Files\7-Zip\7z.exe" a "%i.zip" "%i\"

• Unzip all zip files in the current folder to their own folders (assumes no duplicate file name conflicts will arise when adding “~” to the start of the folder name; allows for spaces in file names):

for %i in (*.zip) do 7z x -o"~%i" "%i"

• Unzip all zip files in the current folder to their own folders (assumes no duplicate file name conflicts will arise when adding “~” to the start of the folder name; allows for spaces in file names), and specify the path to the 7z.exe program:

for %i in (*.zip) do "C:\Program Files\7-Zip\7z.exe" x -o"~%i" "%i"

Note that this was not the effect I was looking for. I wanted to extract each zip file into its own subdirectory, while preserving the folder name. For example, “test.zip” would be extracted to “test”, not “~test.zip”. This is easily done from the Windows Explorer interface. Select the zip files you want to extract from, then use File –> 7-zip –> Extract to “*\”.

• Use wget to download all the URLs in Pages.txt and log activity to wgetlog.txt.

wget -i Pages.txt -o wgetlog.txt

• Using the Sysinternals utility psloglist, collect log in (538) and log off (540) events from the Security log for the last 90 days from an named set of Windows computers (machines.txt), with each event in a single, tab-delimited line (output.txt):

psloglist @machines.txt -d 90 -i 538,540 -s -t "\t" Security > output.txt

Windows Vista includes a Windows Events Command Line Utility (WEvtUtil.exe) which enables you to retrieve information about event logs and publishers, install and uninstall event manifests, run queries, and export, archive and clear logs.

• Strip HTML codes (using sed):

sed -e :a -e 's/<[^>]*>//g;/</N;//ba'

• Repeat a command, with a counter. In this example, pad file names with leading zeroes.

FOR /L %%N IN (0,1,9) DO ren example%%N.jpg example00%%N.jpg
FOR /L %%N IN (10,1,99) DO ren example%%N.jpg example0%N.jpg

In this example, use multiple commands. Includes downloading a file (without a browser, using wget)

FOR /L %%N IN (0,1,9) DO (

wget http://www.example.com/%%N.jpg
ren %%N.jpg "example00%%N.jpg"

)

List or change file associations with ASSOC.

Overwrite free space with CIPHER (cipher /w:F). SysInternals equivalent is SDelete.

List installed drivers with DRIVERQUERY (driverquery -v). SysInternals equivalent?

List open ports and associated IP addresses with NETSTAT (netstat -an).

Restart in Safe Mode and Windows Recovery Utilities with SHUTDOWN (shutdown /r /o).

Create a Windows 8 Recovery Disk with RECIMG (recimg /showcurrent).

The command line version of Task Manager is TASKLIST (tasklist /v) (tasklist /svc) (tasklist /m). End tasks with TASKKILL (taskkill -im name) (taskkill -im pid). You cannot restart Windows Explorer with taskkill /im explorer.exe. SysInternals equivalent?