Here’s a copy of some Onenote notes I made about 4 years ago when I was a Linux user desperately trying to learn Windows (and this was before WSL). Back in my day we were forced to use Cygwin or MinGW! There are some other similar guides out there. Hopefully this helps someone! I’ve done some light editing, but this is mostly my notes in raw form.
A powershell survival guide:
Rosetta
| Powershell | Linux/Unix | Windows CMD | PS Alias |
| get-acl | whoami | whoami | whoami |
| get-alias | aliases | gal | |
| clear-host | clear | cls | clear |
| get-volume | df | ||
|
repair-volume |
fdisk | chkdisk | |
| enter-pssession | ssh | etsn | |
| Get-ChildItem | ls | dir | ls, dir |
| Remove-Item | rm | del | rm, del |
| Get-Process
Get-Service |
ps | tasklist | ps |
| Get-Location | pwd | pwd | |
| Move-Item | mv | move | mv |
| Stop-Process | kill | taskkill | kill |
| Get-History | h | [f7] | h,history |
| Set-Location | cd | cd | cd |
| Get-Content | cat | type | cat,gc,type |
| Copy-item | cp | copy | cp |
| Tee-Object | tee | tee | |
| New-Item -type file | touch | ni | |
| Get-ChildItem Env:/gci Env: | env | set | env (sometimes) |
| Get-Help | man | help | man, help |
| Select-String | grep | findstr | sls |
| logout | shutdown /l
logoff |
||
| Get-ChildItem | find | where | gci |
| Sort-Object | sort | sort | |
| Get-Content -totalcount
Select-Object -first |
head | gc
select |
|
| Get-Service | update-rc.d/chkconfig | sc config | gsv |
| start-service | service start /etc/init.d/<service>start | net start/sc start | sasv |
| get-content <file> -tail <n>
select -last <x> |
tail -n <x> | gc | |
| Get-Service | service –status-all/ | Gsv | |
| Get-Netipaddress/New-NetIpAddress | Ifconfig | ipconfig | |
| Get-NetAdapaterStatistics | ifconfig | ||
| adduser | net user | ||
| Get-Command | which, alias <command> | where | gcm |
| Test-NetConnection | ping | ping | |
| Test-NetConnection -Traceroute | traceroute | tracert | |
| Test-Netconnection -Port | tcping | ||
| Test-Connection | ping | ping | |
|
ldd |
dumpbin /dependents “file.exe”
(dumpbin comes with visual studio) |
||
| foreach {“{0}” -f ($_ -split ‘\s+’)} or
foreach {($_ -split ‘\s+’)[0]} |
awk ‘{ print $1}’ | ||
|
measure-object -line |
wc -l | measure | |
| measure-command | time | ||
|
stop-computer |
shutdown -h now | shutdown /s /t 0 | |
|
w |
qwinsta,rwinsta | ||
| set-alias | alias command= | sal | |
| get-culture | locale | ||
|
get-date |
date | ||
| dd if=/dev/random of=/temp/file size=1gb | fsutil file createnew 1gbtest (1gb) | ||
| write-eventlog | logger | eventcreate | |
| Rename-computer newhostname | hostname new-hostname | ||
| Add-Computer -DomainName ADDOMAIN | Joindomain-cli ADDOMAIN adminuser (using powerbroker) otherwise…winbind | ||
| Test-ComputerSecureChannel -credential domain\admin -Repair | |||
| New-netfirewallrule | iptables |
uptime:
$wmi = Get-WmiObject -Class Win32_OperatingSystem;$wmi.ConvertToDateTime($wmi.LocalDateTime) – $wmi.ConvertToDateTime($wmi.LastBootUpTime)
Process Magic
Get a process with a listening port:
netstat -aon|sls LISTENING|sls port
Use WMI to get a procid
get-wmiobject win32_process -filter "ProcessID like '1234'"
Use WMI to get a process with owners
Get-WMIObject Win32_Process -filter 'name="explorer.exe"' -computername 'localhost' | ForEach-Object { $owner = $_.GetOwner(); '{0}\{1}' -f $owner.Domain, $owner.User } | Sort-Object | Get-Unique
Use WMI to get something similar to ps auxww
Get-WmiObject Win32_Process -Filter "Name like '%java%'" | select-Object ProcessId,CommandLine|format-list
qwista, query session
Powershell Commands are in Verb-Noun form. You can search for them:
get-command (list of commands)
get-command -Verb Get (your verb choice)
get-command -Noun String (your noun choice)
Get-Help man (man works)
Get detailed info about a drive
Fsutil fsinfo ntfsinfo c:
GUI: Computer Management
# Like du -s
gci . | %{$f=$_; gci -r $_.FullName| measure-object -property length -sum | select @{Name=”Name”; Expression={$f}} , @{Name=”Sum (MB)”; Expression={ “{0:N3}” -f ($_.sum / 1MB) }}, Sum } | sort Sum -desc | format-table -Property Name,”Sum (MB)”, Sum -autosize
Command similar to Linux find:
# This will find mp* files
Get-ChildItem “file_location” -Recurse -Include “*.mp*”,”*.m4*” | foreach-object {$_.Fullname}
Remote session in windows (like ssh)
ssh enter-pssession ComputerName –credential UserName,
Needs port 5985 open
# Open up firewall on the server
netsh firewall add portopening TCP 5985 “Winrm 2.0 port 5985″
or the new way
netsh advfirewall firewall add rule name=”Winrm 2.0 Port 5985″ dir=in action=allow protocol=TCP localport=5985
# Trusting the remote host
winrm set winrm/config/client @{TrustedHosts=”RemoteComputerName”}
Making a profile (equiv edit .profile):
New-Item -path $profile -type file -force
Pipe things:
get-command | select-string -pattern “Start”
Select-String vs Where-Object
Frequently, output of commands is formatted in object columns. Select-string won’t grok it, but where-object (where) will. You’ll just need to specify the object name:
get-service|where {$_.DisplayName -like “*Apache*”}
Additional Info on using “Where-Object” to pass multiple conditions
Example:
dir E:\temp | Where-Object { $_.PSIsContainer -and $_.Name -like ‘t*’ }
#You will often need to add parentheses to group expressions on either side of the -and and -or operators
Get some vim
Vim doesn’t really work remotely, nor does any editor.
You can do some fun pipe tricks to download the file, and reupload it, but your best bet is probably just to go into file explorer, and edit the file that way.
Reference
Windows Command Line Reference
Section6 