• Hello! If you are not a bot and are interested in creating an account, contact us using the contact us form at the bottom of the page!

Blue/Red Team Commands

DarkMaster

DarkMaster

The Boss
Administrator
Messages
30
Reaction score
0
Points
27

Windows

Net view /all (Network discovery)

Nbtstat -A <IP ADDRESS> (Basic nbtstat scan)

Netstat -o -f -n (List active network connections, PID, FQDN)

Psloggedon \\COMPUTERNAME (Users logged on)

Quser (Lists users logged on + sessions)

Logoff 2 (Logs off user #2 from quser)

Netdom query WORKSTATION (List of PCs in domain)

Sc query (Get list of services)

Wmic service where name=’<SERVICE NAME>’ call ChangeStartmode Disabled (Stop services)

Netsh advfirewall firewall show rule name=all (List FW rules)

Netsh advfirewall set allprofile state on (Turn on firewall)

Netsh advfirewall set allprofile state off (Turn off firewall)

Netsh advfirewall firewall add rule name="BlockSMB" protocol=TCP dir=in remoteport=445 action=block (Add FW rule to block port 445 SMB inbound)

netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=<IP_Address>/## (Block IP on FW)

for /f %i in (ips.txt) do echo netsh advfirewall firewall add rule name="Block %i" dir=in protocol=any action=block remoteip=%i (Blocks IP’s listed in ips.txt file)

net user <UNAME> <NEW PW> (Change password)

pspasswd.exe \\<IP ADDR or REMOTE PC NAME> -u <REMOTE UNAME> -p <NEW P/W> (Change password remotely)

Ipconfig /flushdns (Clear DNS of bad IPs)

Nbtstat -R (Clear netbios cache of IPs)

Gpupdate /force (Update group policies)

Reg add “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server” /f /v fDenyTSConnections /t REG_DWORD /d 1 (Disable remote desktop)

Net user(s) (Lists user accounts)

Net user group1 <password> /add (Adds account named group 1)

Net localgroup “Administrators” group1 /add (Adds group1 to admins group)

Net user <user> /ACTIVE:no (Disables user account)

Wmic useraccount where name=’user’ set disabled=true (Disables user account)

Tasklist /svc (Lists service info for running processes)

Wmic process list (Lists running processes)

Wmic process <PID> delete (Kill running process)

Shutdown /m \\*IP* /r /t 0 /f (Remotely shutdown machine)



Linux

Smbtree -b/d/s (Net view, broadcast/domain/server)

Ps or service –status-all (Lists services, two dashes before ‘status’)

Systemctl disable <SERVICE NAME> (Disable service)

Iptables-policy INPUT DROP (Blocks connections, can use OUTPUT/FORWARD too)

Sudo Ufw enable/disable (Turn on/off FW)

Sudo ufw status numbered (Lists FW rules)

Passwd <UNAME> (Change password of user)

W (View logged in users)

Cat /etc/passwd (View user accounts)

Cat /etc/sudoers (View sudo access)

Ifconfig (IP config info)

Netstat -antup or Netstat -plantux (View network connections)

Ps -aux (View processes)
 
You must log in or register to reply here.
Back
Top