Windows Remote Access Commands
Commands that move data and files between systems on a network and are usually executed from the context of the cmd.exe
or command.exe
prompt.
Miscellaneous
dir
- Command with arguments:
dir \\[computername|ip]\share
- Description: Must have token to the remote system. See
net use
below to establish such a connection. Displays the contents of the remote computer’s share. - Output:
-
C:\Users\johndoe>dir \\192.168.10.34\c$ Volume in drive \\192.168.10.34\c$ has no label. Volume Serial Number is 1A09-5F16
Directory of \\192.168.10.34\c$
09/18/2006 05:43 PM 24 autoexec.bat 09/18/2006 05:43 PM 10 config.sys 01/19/2008 05:40 AMPerfLogs 10/08/2013 07:36 PM Program Files 10/23/2013 08:20 PM temp 10/10/2013 08:59 PM Users 10/23/2013 08:38 PM Windows 2 File(s) 34 bytes 5 Dir(s) 33,316,192,256 bytes free</code></div>
-
qprocess
- Command with arguments:
qprocess * [/SERVER:computername]
- Description: Shows information about processes locally or remotely if you provide the computername or IP.
- Output:
-
C:\Users\johndoe>qprocess * /SERVER:192.168.1.2 USERNAME SESSIONNAME ID PID IMAGE (unknown) services 0 0 (unknown) services 0 4 system (unknown) services 0 268 smss.exe (unknown) services 0 356 csrss.exe (unknown) services 0 408 wininit.exe >(unknown) console 1 420 csrss.exe >(unknown) console 1 460 winlogon.exe (unknown) services 0 516 services.exe >johndoe console 1 1584 dwm.exe >johndoe console 1 1600 explorer.exe (unknown) services 0 1708 vmtoolsd.exe >johndoe console 1 1936 vmwaretray.exe >johndoe console 1 1944 vmtoolsd.exe (unknown) services 0 316 tpautoconnsv... >johndoe console 1 1716 tpautoconnec... >johndoe console 1 1680 conhost.exe (unknown) services 0 1984 searchindexe... (unknown) services 0 2076 msdtc.exe (unknown) services 0 2844 svchost.exe (unknown) services 0 2920 sppsvc.exe (unknown) services 0 2976 svchost.exe >johndoe console 1 3576 cmd.exe >johndoe console 1 3540 conhost.exe >johndoe console 1 2340 cmd.exe >johndoe console 1 1560 conhost.exe >johndoe console 1 3616 qprocess.exe
-
qwinsta
- Command with arguments:
qwinsta [/SERVER:computername]
- Description: Shows information about Remote Desktop Sessions locally or remotely if you provide the computername or IP.
- Output:
-
C:\Users\johndoe>qwinsta
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
>console johndoe 1 Active
rdp-tcp 65536 Listen
-
Remote Assistance Enable
- Command with arguments:
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fAllowToGetHelp /t REG_DWORD /d 1 /f
- Description: Must be admin to run this. Enable remote assistance through adding a registry entry on the local system.
- Output:
-
C:\Windows\system32>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f The operation completed successfully.
-
Remote Desktop Enable
- Command with arguments:
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f
- Description: Must be admin to run this. Enable remote desktop through adding a registry entry on the local system.
- Output:
-
C:\Windows\system32>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f The operation completed successfully.
-
tasklist
- Command with arguments:
tasklist /v /s [computername|IP]
- Description: Retrieve the current running processes from the remote system. Microsoft manual.
- Output:
-
C:\Windows\system32>tasklist /V /S 192.168.10.34
Type the password for WIN-V32NJ7H3AQE\johndoe:************************
Image Name PID Session Name Session# Mem Usage User Name CPU Time
========================= ======== ================ =========== ============ ================================================== ============
System Idle Process 0 0 24 K N/A 4:01:47
System 4 0 2,244 K N/A 0:00:13
smss.exe 388 0 696 K NT AUTHORITY\SYSTEM 0:00:00
csrss.exe 452 0 4,992 K NT AUTHORITY\SYSTEM 0:00:01
csrss.exe 492 1 10,800 K NT AUTHORITY\SYSTEM 0:00:17
wininit.exe 500 0 3,740 K NT AUTHORITY\SYSTEM 0:00:00
winlogon.exe 532 1 4,244 K NT AUTHORITY\SYSTEM 0:00:00
services.exe 580 0 7,308 K NT AUTHORITY\SYSTEM 0:00:03
lsass.exe 592 0 36,968 K NT AUTHORITY\SYSTEM 0:00:06
lsm.exe 600 0 5,128 K NT AUTHORITY\SYSTEM 0:00:00
svchost.exe 840 0 6,576 K NT AUTHORITY\SYSTEM 0:00:02
svchost.exe 908 0 6,652 K NT AUTHORITY\NETWORK SERVICE 0:00:00
svchost.exe 984 0 7,976 K NT AUTHORITY\LOCAL SERVICE 0:00:02
svchost.exe 1036 0 7,992 K NT AUTHORITY\SYSTEM 0:00:00
svchost.exe 1056 0 26,740 K NT AUTHORITY\SYSTEM 0:00:08
SLsvc.exe 1072 0 11,280 K NT AUTHORITY\NETWORK SERVICE 0:00:12
svchost.exe 1124 0 9,720 K NT AUTHORITY\LOCAL SERVICE 0:00:01
svchost.exe 1184 0 8,888 K NT AUTHORITY\SYSTEM 0:00:01
svchost.exe 1208 0 15,332 K NT AUTHORITY\NETWORK SERVICE 0:00:01
svchost.exe 1368 0 10,140 K NT AUTHORITY\LOCAL SERVICE 0:00:00
taskeng.exe 1572 0 7,024 K NT AUTHORITY\SYSTEM 0:00:00
spoolsv.exe 1680 0 9,892 K NT AUTHORITY\SYSTEM 0:00:00
dfsrs.exe 1732 0 8,608 K NT AUTHORITY\SYSTEM 0:00:00
dns.exe 1756 0 39,456 K NT AUTHORITY\SYSTEM 0:00:00
-
net
net time
- Command with arguments:
net time \\[computername|ip]
- Description: Display the time from the remote system.
- Output:
-
C:\Users\johndoe>net time \\192.168.10.34 Current time at \\192.168.10.34 is 10/23/2013 9:03:04 PM
The command completed successfully.
-
net use
- Command with arguments:
net use \\[computername|ip] [/user:DOMAIN\USERNAME] [password]
- Description: Create a connection to the remote computer. This maps IPC$ which does not show up as a drive but allows you to access the remote system as the current user. If the user you launch the command as is not valid on the remote system you will need to specify a valid DOMAIN\USER and PASSWORD. This is useful when you have credentials from somewhere and wish to use them but do not have an active token on a machine you have a session on.
- Output:
-
C:\Users\johndoe>net use \\192.168.10.34 /user:lab\johndoe The password or user name is invalid for \\192.168.10.34.
Enter the password for 'lab\johndoe' to connect to '192.168.10.34': The command completed successfully.
-