Skip to content




  • Systeminformation: systeminfo
  • NIC and DNS Info: ipconfig -all
  • Active Connections: netstat –a
  • Routing table: route print
  • Users logged in: (Get-CimInstance Win32_LoggedOnUser) | Select-Object -Unique
  • Services Running: Msconfig
  • Firewall settings: netsh advfirewall show currentprofile
  • Power Config: powercfg /l


Simple systeminfo.bat script

@echo off
chcp 65001
whoami 2>&1
hostname 2>&1
ipconfig /all 2>&1 
net group "domain admins" /domain 2>&1 
net localgroup administrators 2>&1 
netstat -an 2>&1 & 
systeminfo 2>&1 & 
reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1 
wmic os get Caption /value | more 2>&1 
schtasks /query /FO List /V | findstr /b /n /c:"Repeat: Every:" 2>&1

For are more detailed system info dump run winPEAS.


  • Exclude files: Robocopy /xd excludethis
  • Ignore hidden files Robocopy -s -h

Format and Image stuff

Format FAT32 on >32GB

Use diskpart to clean the disk (requires Admin)

list disk
select disk 2
create partition primary

use h2format to format the disk (64kb clusters) e.g. for drive x:

h2format x: 64

Delete logs

del /f /q /s %windir%\prefetch\*
reg delete “HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache” /va /f
reg delete “HKLM\Software\Microsoft\Windows\ShellNoRoam\MUICache” /va /f
reg delete “HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache” /va /f
reg delete “HKLM\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache” /va /f
reg delete “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU” /va /f
reg delete “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist” /va /f
wmic nteventlog where LogFileName=’File Replication Service’ Call ClearEventlog
wmic nteventlog where LogFileName=’Application’ Call ClearEventlog
wmic nteventlog where LogFileName=’System’ Call ClearEventlog
wmic nteventlog where LogFileName=’PowerShell’ Call ClearEventlog
ren %1 temp000 & copy /y %windir%\regedit.exe temp000 & del temp000

Get MAC Address of remote PC

Option 1

net view machinename
nbtstat -a machinename

Option 2

Ping <IP/machinename>
Arp –a

Option 3


Route network traffic

Requests to will be routed via

route add MASK
route print


pathping (alternative to tracert)

Using ICMP: traceroute -I Using UDP: traceroute -U Using TCP Port 80 (usually allowed by firewalls): traceroute -T -p 80

Send Message

net send /users This is a test message
msg \* /SERVER:localhost /TIME:666 /W This is a test message


  • To hide something: copy /b secret.jpg + pic1.jpg newpic.jpg
  • To merge video files: copy /b video1.avi + video2.avi video.avi
  • Find hidden WiFi network: Netsh wlan show networks mode=bssid
  • Reply from IP: TTL expired in transit: ARP -p <IP> <MAC>
  • Benchmark Drive: Winsat disk –write –ran –ransize 262144 –drive f
  • Create Symbolic links: fsutil hardlink create <destination_path> <file_path>
Back to top