burmat / nathan burchfield
burmat / nathan burchfield
security and systems administration
security / hacking
One-Liners and Dirty Scripts
Domain Enumeration + Exploitation
MSFvenom Cheetsheet
OSCP / PWK - Random Tips and Tricks
systems administration
Active Directory Administration
Exchange Administration
System Fixes
Helper Commands
Log Parsing
Team Foundation Server Administration
SQL Server Administration
Powered by GitBook

Helper Commands

BATCH / CMD

Uninstall Windows Updates:

Run the following (update the list to contain valid KB numbers) to uninstall updates on a local system:

@ECHO OFF
SET list=3133977 3137061 3138612 3138901 3139923
for %%a in (%list%) do (
	%windir%\syswow64\wusa.exe /uninstall /kb:%%a /quiet /norestart /log​
)

Get Remote Host Windows Updates

Run the following (update the hosts list with valid hostnames) to get .CSV output of updates on remote systems:

@echo off
SET dFormat=_%date:~-4,4%%date:~-10,2%%date:~-7,2%
SET sCMDparams=qfe get Caption, Description, HotfixID, InstallDate, InstalledBy /format:csv
SET hosts=HOSTNAME1 HOSTNAME2
ECHO %dFormat%
ECHO .
FOR %%f in (%hosts%) DO (
      ECHO Processing %%f
      ECHO   Output file: %%f_%dFormat%.csv
      wmic /NODE:%%f /output:%%f_%dFormat%.csv %sCMDparams%
  )
ECHO .
ECHO Remember to delete the first blank line
ECHO .
ECHO .
ECHO Finished.
ECHO .

Send a Message to Remote Computer

msg susie /SERVER:WKST-ABC.burmat.co "Please call 123-456-7890 x369"

Or you can launch it to all users on a given computer if you don't know the username. Enable verbose mode (/V) and wait for a callback (/W) to get a callback when the user closes it:

msg * /V /W /SERVER:WKST-123 This is a test message

Restart Remote Machine (With Warning)

This script is better kept out in a public place and called with the a remote command utility to loop through a list of hostnames. You can just replace the %1 to hardcode a host if you want though.

@echo off
REM shutdown -m \\%1 /a
echo Start Checking %1
ping -n 1 -l 100 %1
IF %ERRORLEVEL%==1 GOTO BAD
shutdown -r -f -m \\%1 -t 300 -d up:125:1 -c "Please SAVE Your work. In 5 minutes, this machine will reboot for a policy updates (Msg time: %time%)"
GOTO GOOD
:BAD
ECHO %1,Failed,%date%,%time% >> BadPCs.txt
GOTO EXIT
:GOOD
ECHO %1,Good,%date%,%time% >> GoodPCs.txt
GOTO EXIT
:EXIT
echo Stop Checking %1

BASH

Comment / Uncomment Lines

When you need to comment out or uncomment out a line, sed makes it pretty easy. Just change the word pattern to something identifiable:

sed -i '/pattern/s/^/#/g' apache2.conf # comment
sed -i '/pattern/s/^#//g' apache2.conf # uncomment

POWERSHELL

Remotely Log User Out

PS C:\WINDOWS\system32> Invoke-Command -ComputerName 'SERVER01' -ScriptBlock { quser }
 USERNAME              SESSIONNAME        ID  STATE   IDLE TIME  LOGON TIME
 admin                 console             1  Active      none   12/24/2018 10:35 AM
PS C:\WINDOWS\system32> Invoke-Command -ComputerName 'SERVER01' -ScriptBlock { logoff 1 }

systems administration - Previous
System Fixes
Next - systems administration
Log Parsing
Last updated 9 months ago
Contents
BATCH / CMD
Uninstall Windows Updates:
Get Remote Host Windows Updates
Send a Message to Remote Computer
Restart Remote Machine (With Warning)
BASH
Comment / Uncomment Lines
POWERSHELL
Remotely Log User Out