Windows Command Line

Windows command line is an interface that enables the user to run specific commands directly to the system. Those commands can be very specific whilst providing more in-depth functionality compared to the GUI(Graphical User Interface). You can access Windows Command Line by typing "cmd" in windows' search bar.

-General command line functionalities-

Help/Assistance

-h or help or /?

 

-Change Directory CD: command line-

As you can see from above, the MS DOS command CD displays the name of or changes the current directory. So if you wanted to change from the default user profile directory to the Windows System32 directory to delete a virus file, you would type in the following to navigate to that directory:

cd c:\window\system32 and press Enter

Now that you are in that directory, you may want to view all of the files and directories first, so you can type in the command DIR and press Enter.

Dir

You’ll now get a giant list of all of the files and folders in that directory. You can type in DIR /? and see what parameters you can pass to it.

DEL delete a file

To delete a file, we can simply type in DEL filename and that will delete the file. When you use the command this way, it won’t prompt you to confirm before deleting the file, so make sure you have typed in the correct file name.

Also, you have to enter the file name with the extension, so it would be DEL Test.txt to delete that file. Also, if you need to delete a file that has spaces in the name, you have to use quotes like DEL “This is a test.txt”.

MKDIR and RMDIR

If you need to create or delete folders, you would use the MKDIR and RMDIR commands. It’s worth noting that if you try to delete a non-empty directory, you will get an error message.

However, if you are sure you want to delete the directory and everything inside, you can use the RMDIR /S folder name command.

DISKPART

Again, when you end up with hard drive problems, this command can prove to be very useful. DISKPART lets you administer the hard disks installed on your computer.

You can do things like set a partition to be the active partition, assign a drive letter to a partition, shrink a disk, take a disk offline or online, etc.

 

 

SFC

System File Checker is really useful because it scans all protected system files and replaces incorrect versions with correct file versions.

There will be a lot of times when certain system files in Windows have become corrupt and system file checker will fix them for you easily.

You just run sfc /scannow and it will perform a scan and fix any issues. It does take quite a bit of time, but worth it if you’re having any kind of corruption issues.

 

A couple of other very useful commands that you might have to end up using are listed below:

chkdsk – Verifies a hard disk or a floppy disk for file system integrity.

copy – Copies files from one location to another. The destination defaults to the current directory. If there are multiple source files, the destination must be a directory or else you will get an error.

fc – Compares two files or sets of files and displays the differences between them.

fdisk – Manipulates hard disk partition tables. When run from the command line, it displays a menu of various partitioning operations.

format – Delete all the files on the disk and reformat it for MS-DOS. Use mostly for formatting floppy disks or other removable disks.

scandisk – Disk diagnostic utility that is a replacement for the CHKDSK utility.

 

systeminfo – The command to retrieve extensive information about your system, including Windows serial number, computer model, and available RAM.

 

driverquery – For a list of all drivers installed on your system, driverquery is the quickest solution.

-NETSTAT-

Netstat (network statistics) is a command-line network utility tool that displays network connections. Depending on how the command is written, it can provide various information about the current network status. 

< netstat -h > Typing this command will provide information about all available switches that can be used with the command to access specific information.

< netstat -b  > Using this switch we can observe extended information about the current connections such as the executable involved with the connection. In order to run this command you will need administrative privileges. 

< netstat -ano > Using this switch(-a/-n/-o) we can observe an overall collection of information about the current connections. You can use these information to check the connections that are "ESTABLISHED" under the "State" column and grab their PID (Process ID). You can then check those PIDs using the Task Manager to identify the process name that keeps an established connection. Following that, you can right click on the process and click "Search Online" for more information. DO NOT END any Microsoft associated processes and services. With some research you might be able to find connections that are not "expected" and might be malicious.

*If you are not able to view the "PID" column in Task Manager, right click on any other column name and then check the box next to "PID".

netstat-h.PNG

-PING-

By using the command <ping {+IP}> you can check if the inputted IP can communicate over the network with your machine.