weyne/pwnwiki.github.io
1
0
Fork 0
mirror of https://github.com/oXis/pwnwiki.github.io.git synced 2025-10-29 16:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
pwnwiki.github.io/windows/find_files.md
Rob Fuller 78e3953cbc bring everything up
2013-11-29 12:53:31 -05:00

3.9 KiB
Executable File
Raw Blame History

Windows Finding File Commands

Commands that find files on the filesystem and are usually executed from the context of the cmd.exe or command.exe prompt.

dir

Attributes Showing

  • Command with arguments: dir /a
  • Description: Displays files with specified attributes. Examples: D=Directories, R=Read-only files, H=Hidden files, A=Files ready for archiving, S=System files
  • Output:
    • **Windows 2008:** Show/Hide
      C:\Users\johndoe>dir /a c:\
      Volume in drive C has no label. Volume Serial Number is 1A09-5F16

      Directory of c:\

      01/19/2008 03:45 AM       $Recycle.Bin
      09/18/2006 04:43 PM 24 autoexec.bat
      10/08/2013 10:27 PM       Boot
      04/11/2009 08:00 AM 333,257 bootmgr
      10/08/2013 10:27 PM 8,192 BOOTSECT.BAK
      09/18/2006 04:43 PM 10 config.sys
      01/19/2008 06:47 AM Documents and Settings [C:\Users]
      10/23/2013 07:39 PM 2,460,454,912 pagefile.sys
      01/19/2008 04:40 AM       PerfLogs
      10/08/2013 06:36 PM       Program Files
      10/08/2013 06:36 PM
      10/10/2013 07:59 PM       Users
      10/23/2013 07:38 PM       Windows
      5 File(s) 2,460,796,395 bytes
      10 Dir(s) 33,311,416,320 bytes free

Recursive

  • Command with arguments: dir /b /s [directory or filename]
  • Description: Displays files recursively (all subdirectories). Good for post processing with find (example: find /I “searchstring”) or sending to another tool.
  • Output:
    • **Windows 2008:** Show/Hide
      C:\Users\johndoe>dir /b /s c:\temp
      c:\Users\Default\AppData\Local\Temp
      c:\Users\johndoe\AppData\Local\Temp
      c:\Windows\Temp
      c:\Windows\assembly\temp
      c:\Windows\assembly\NativeImages_v2.0.50727_32\Temp
      c:\Windows\System32\DriverStore\Temp
      c:\Windows\winsxs\Temp

find

  • Command with arguments: [somecommand] \| find /c /v ”[searchstring]”
  • Description: Counts the number of times the [searchstring] is found in the output of [somecommand].
  • Output:
    • **Windows 2008:** Show/Hide
      C:\Users\johndoe>dir /a /s c:\ |find /c /v "svchost"

99184

tree

  • Command with arguments: tree C:\ /f /a > C:\output_of_tree.txt
  • Description: Prints a directory listing in tree format. The /a makes the tree printed with ASCII characters instead of special ones and the /f displays file names as well as folders.
  • Output:
    • **Windows 2008:** Show/Hide
      C:\Users\johndoe>tree C:\ /f /a
      Folder PATH listing
      Volume serial number is 1A09-5F16
      C:\
      | autoexec.bat
      | config.sys
      |
      +---PerfLogs
      +---Program Files
      | +---Common Files
      | | +---microsoft shared
      | | | +---DAO
      | | | | dao360.dll
      | | | |
      | | | +---ink
      | | | | | penchs.dll
      | | | | | pencht.dll
      | | | | | penjpn.dll
      | | | | | penkor.dll
      | | | | | penusa.dll
      | | | | | pipanel.dll
      | | | | | pipanel.exe
      | | | | | pipres.dll
      | | | | | skchobj.dll
      | | | | | skchui.dll
      | | | | |
      | | | | +---ar-SA
      | | | | | tipresx.dll.mui
      | | | | |
      [...SNIP...]