Windows Command Line

  • Delete all files smaller than 20K

FOR %F IN (*.*) DO (IF %~zF LSS 20480 DEL %F)

  • Given a list of domain names (zeusscc.txt), learn what IP addresses your DNS server reports:

for /F %N in (zeuscc.txt) do nslookup %N>>zeuscc_log.txt

  • Unzip a file (using 7-zip) to the “example” folder:

7z x -oexample example.zip

Command line syntax for 7z.exe can be found in the 7-zip.chm Windows help file.

  • Test integrity of all zip files in the current folder and save results in temp.txt:

"C:\Program Files\7-Zip\7z.exe" t *.zip *.*>temp.txt

  • Zip all folders into their own zip files

for /d %i in (*) do "c:\Program Files\7-Zip\7z.exe" a "%i.zip" "%i\"

  • Unzip all zip files in the current folder to their own folders (assumes no duplicate file name conflicts will arise when adding “~” to the start of the folder name; allows for spaces in file names):

for %i in (*.zip) do 7z x -o"~%i" "%i"

  • Unzip all zip files in the current folder to their own folders (assumes no duplicate file name conflicts will arise when adding “~” to the start of the folder name; allows for spaces in file names), and specify the path to the 7z.exe program:

for %i in (*.zip) do "C:\Program Files\7-Zip\7z.exe" x -o"~%i" "%i"

Note that this was not the effect I was looking for. I wanted to extract each zip file into its own subdirectory, while preserving the folder name. For example, “test.zip” would be extracted to “test”, not “~test.zip”. This is easily done from the Windows Explorer interface. Select the zip files you want to extract from, then use File –> 7-zip –> Extract to “*\”.

  • Use wget to download all the URLs in Pages.txt and log activity to wgetlog.txt.

wget -i Pages.txt -o wgetlog.txt

  • Using the Sysinternals utility psloglist, collect log in (538) and log off (540) events from the Security log for the last 90 days from an named set of Windows computers (machines.txt), with each event in a single, tab-delimited line (output.txt):

psloglist @machines.txt -d 90 -i 538,540 -s -t "\t" Security > output.txt

Windows Vista includes a Windows Events Command Line Utility (WEvtUtil.exe) which enables you to retrieve information about event logs and publishers, install and uninstall event manifests, run queries, and export, archive and clear logs.

  • Strip HTML codes (using sed):

sed -e :a -e 's/<[^>]*>//g;/</N;//ba'

  • Repeat a command, with a counter. In this example, pad file names with leading zeroes.

FOR /L %%N IN (0,1,9) DO ren example%%N.jpg example00%%N.jpg
FOR /L %%N IN (10,1,99) DO ren example%%N.jpg example0%N.jpg

In this example, use multiple commands. Includes downloading a file (without a browser, using wget)

FOR /L %%N IN (0,1,9) DO (

wget http://www.example.com/%%N.jpg
ren %%N.jpg "example00%%N.jpg"

)

List or change file associations with ASSOC.

Overwrite free space with CIPHER (cipher /w:F). SysInternals equivalent is SDelete.

List installed drivers with DRIVERQUERY (driverquery -v). SysInternals equivalent?

List open ports and associated IP addresses with NETSTAT (netstat -an).

Restart in Safe Mode and Windows Recovery Utilities with SHUTDOWN (shutdown /r /o).

Create a Windows 8 Recovery Disk with RECIMG (recimg /showcurrent).

The command line version of Task Manager is TASKLIST (tasklist /v) (tasklist /svc) (tasklist /m). End tasks with TASKKILL (taskkill -im name) (taskkill -im pid). You cannot restart Windows Explorer with taskkill /im explorer.exe. SysInternals equivalent?

Advertisements

3 Responses to Windows Command Line

  1. […] java utility that scans (Oracle, IBM DB2, Microsoft SQL Server, … See original here: Windows Command Line « Aggressive Virus Defense Share and […]

  2. Issac Maez says:

    If you need a hidden process windows base command line tool and more windows base command line tools can be found in here, and you can get it for free.

  3. Giri says:

    many command line windows configuration tips can be found on this site. http://www.windows-commandline.com