Skip to content

Some Basic Commands

Windows

dir | sort LastWriteTime | select -last 1

Get-Content postgresql_11.log -wait -tail 1 | Select-String -Pattern "select version"

Get-Content postgresql_24.log -tail 100 | Select-String -pattern "(resourceid( >|\)|syntax error)"

tasklist | findstr /i calc
taskkill /f /IM calc.exe

# restart IIS service
iisreset /noforce

In Windows, the equivalent of Linux's /etc/passwd (a publicly readable file containing user account information) is:

  1. C:\Windows\System32\drivers\etc\hosts

Purpose: Maps hostnames to IP addresses (like /etc/hosts in Linux).

Accessibility: Readable by all users (even unprivileged).

Why it’s a good target:

Always exists in Windows.

Often accessed in SSRF/file-read attacks.

  1. C:\Windows\win.ini

Purpose: Legacy Windows configuration file (rarely used today).

Accessibility: Readable by default.

  1. C:\Windows\System32\config\SAM (Restricted)

Purpose: Stores password hashes (like /etc/shadow in Linux).

Accessibility: Locked by SYSTEM (not readable without admin privileges).

Compute MD5 hash

certutil -hashfile "C:\path\to\your\file" MD5

Get-FileHash -Algorithm MD5 "C:\path\to\your\file" | Format-List

(Get-FileHash -Algorithm MD5 "C:\path\to\your\file").Hash

SQL

select distinct(RESOURCEID) from AM_USERRESOURCESTABLE where userid=1 union select 1;

select distinct(RESOURCEID) from AM_USERRESOURCESTABLE where userid=1 union select case when (select 1)=1 then 1 else 0 end;