There are far too many command options to list here. However there is a handy resource when looking for the command syntax for what you are trying to accomplish. Commandlinefu is an amazing repository of command strings accomplishing different tasks. Simply search the task and see what commands have worked for others.
- https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltea7de5267932e94b/5eb08aafcf88d36e47cf0644/Cheatsheet_SEC301-401_R7.pdf
- https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf146e4f361db3938/5e34a7bc946d717e2eab6139/power-shell-cheat-sheet-v41.pdf
- Open file you do not have permission for
- In the folder, view owner, permissions and UUID
- # ls -la
- Add new user
- # sudo add user pwn
- Change the UUID of the new user to that of the user that created the file
- # sudo sed -i -e ‘s/[pwnUUID]/[targetUUID]/g’ /etc/passwd
- Check the new UUID
- # cat /etc/passwd | grep pwn
- In the folder, view owner, permissions and UUID
- RTFM: Linux Utility Commands - pg. 6
- PTFM: Linux Utility Commands - pg. 78
- Operator Handbook: Linux_Commands - pg. 118
- Operator Handbook: Linux_tricks - pg. 147
- Add user to administrator group
- > net user <name> <pass> /add
- > net localgroup “Administrators" <user> add
- Disable firewall
- > netsh advfirewall set currentprofile state off
- > netsh advfirewall set allprofiles state off
- Uninstall patch to exploit a vulnerability
- Display all patches
- > dir /a /b c:\windows\kb*
- Uninstall patch
- > Wusa.exe /uninstall /kb:<###>
- Display all patches
- RTFM: Windows Utility Commands - pg. 17
- RTFM: Powershell Commands - pg. 22
- PTFM: Windows Utility Commands - pg. 1
- Operator Handbook: Windows_Commands - pg. 328
- Operator Handbook: Windows Tricks - pg.415
- Operator Handbook: MacOS Commands - pg. 154
- Operator Handbook: MacOS Tricks - pg. 189
- Impacket scripts
- wmiquery.py: It allows to issue WQL queries and get description of WMI objects at the target system (e.g. select name from win32_account).
- wmipersist.py: This script creates/removes a WMI Event Consumer/Filter and link between both to execute Visual Basic based on the WQL filter or timer spec
- RTFM: WMIC Commands - pg. 20