\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{fred} \pdfinfo{ /Title (windows-things-i-forget.pdf) /Creator (Cheatography) /Author (fred) /Subject (Windows Things I Forget Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{00A336} \definecolor{LightBackground}{HTML}{EFF9F2} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Windows Things I Forget Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{fred} via \textcolor{DarkBackground}{\uline{cheatography.com/22666/cs/9094/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}fred \\ \uline{cheatography.com/fred} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Published 13th September, 2016.\\ Updated 13th September, 2016.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{4} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Networking}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{{\bf{Extract Wifi Keys}} \newline % Row Count 1 (+ 1) \seqsplit{https://www.purehacking.com/blog/vitaly-nikolenko/extracting-wireless-wep/wpa/wpa2-preshared-keys/passwords-from-windows-7} \newline % Row Count 4 (+ 3) {\bf{ICMP Tunneling}} \newline % Row Count 5 (+ 1) icmpsrv \& icmpsend \newline % Row Count 6 (+ 1) `icmpsrv -{}-install` (on Victim) \newline % Row Count 7 (+ 1) `netstat -a` (icmpsrv should not show) \newline % Row Count 8 (+ 1) `icmpsend 192.168.1.8` (on Attacker, to connect to Victim) \newline % Row Count 10 (+ 2) Capture with Wireshark for more info \newline % Row Count 11 (+ 1) {\bf{Hosts File}} \newline % Row Count 12 (+ 1) \seqsplit{https://www.petri.com/easily-edit-hosts-file-windows-10} \newline % Row Count 14 (+ 2) Copy from `C:\textbackslash{}Windows\textbackslash{}System32\textbackslash{}Drivers\textbackslash{}etc` to desktop then edit and copy back \newline % Row Count 16 (+ 2) {\bf{Open URL from CMD without the Browser}} \newline % Row Count 17 (+ 1) \seqsplit{http://stackoverflow.com/questions/20782734/open-a-url-without-using-a-browser-from-a-batch-file}% Row Count 19 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{WMIC GPUPDATE}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{`Runas /user:DOMAIN\textbackslash{}domainadminuser "explorer /separate"` \newline % Row Count 2 (+ 2) `Wmic product list status` \newline % Row Count 3 (+ 1) `gpupdate /force` \newline % Row Count 4 (+ 1) `net user userid /domain`% Row Count 5 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Processes}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{`fport` (to list pids, ports, protocols, exe) \newline % Row Count 1 (+ 1) `prcview.exe` \newline % Row Count 2 (+ 1) `tcpview.exe` (ports, exe, etc...)% Row Count 3 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{CMD Tricks}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{WINKEY+R, `cmd /K dir` (run dir in cmd) \newline % Row Count 1 (+ 1) WINKEY+R, `cmd /C tree C:\textbackslash{} ` (run tree in cmd then close) \newline % Row Count 3 (+ 2) WINKEY+R, `cmd /C "start /MIN explorer \textbackslash{}\textbackslash{}x.x.x.x" ` \newline % Row Count 5 (+ 2) WINKEY+R, `powershell Start-Process cmd -Verb runAs` (open cmd prompt as admin. hit ALT+Y to approve) \newline % Row Count 8 (+ 3) `start . `(open windows explorer in current dir) \newline % Row Count 9 (+ 1) `start /MIN . `(open explorer minimised)% Row Count 10 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Find Outlook PST Files}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{If a user has removed their pst files from outlook and has forgotten where they are located you can find them by editing the xml file below in notepad: \newline % Row Count 4 (+ 4) `C:\textbackslash{}Documents and Settings\textbackslash{}userid\textbackslash{}Application Data\textbackslash{}Microsoft\textbackslash{}outlook\textbackslash{}userid.xml` \newline % Row Count 6 (+ 2) Then look for instances of something like: \newline % Row Count 7 (+ 1) `\textless{}eidstore\textgreater{}00000000...6F74646E6800\textless{}/eidstore\textgreater{}` \newline % Row Count 8 (+ 1) Copy and paste the HEX part \seqsplit{`(0000000038A1BB1005E...E74732F636E3D6F74646E6800)`} into a HEX to ASCII converter and it will show you the pst file location in plain-text. \newline % Row Count 12 (+ 4) {\bf{Note:}} Sometimes the first 2 instances just show the exchange data. If that's the case just move onto the next HEX instance.% Row Count 15 (+ 3) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Psexec - Execute commands remotely}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{`psexec \textbackslash{}\textbackslash{}x.x.x.x -u DOMAIN\textbackslash{}user -i 0 cmd.exe /c "dir c:\textbackslash{} \textgreater{} c:\textbackslash{}temp\textbackslash{}temp.txt"` \newline % Row Count 2 (+ 2) `psexec \textbackslash{}\textbackslash{}x.x.x.x -u DOMAIN\textbackslash{}user -i 0 cmd.exe /c "start"`% Row Count 4 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Giving Local Admin}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{Via a Domain Admin account \newline % Row Count 1 (+ 1) Right click on 'My Computer' -\textgreater{} Manage \newline % Row Count 2 (+ 1) Right click on "Computer Management (Local)" -\textgreater{} "Connect to another computer" \newline % Row Count 4 (+ 2) Type in Computer Name -\textgreater{} Press OK \newline % Row Count 5 (+ 1) System Tools -\textgreater{} Local Users and Groups -\textgreater{} Groups \newline % Row Count 6 (+ 1) Double click on "Administrators" -\textgreater{} Add \newline % Row Count 7 (+ 1) Click on Locations and then select their computer name \newline % Row Count 9 (+ 2) DOMAIN\textbackslash{}username -\textgreater{} Press Ok% Row Count 10 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Hotkeys}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{WINKEY+R (Run) \newline % Row Count 1 (+ 1) ALT+F4 OR CTRL+SPACE C (Quit) \newline % Row Count 2 (+ 1) ALT+Y (Hit Yes)% Row Count 3 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Files \& Directories}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{`tree c:\textbackslash{} `(view in tree format)% Row Count 1 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Recover hard deleted items in Outlook}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{User has hard deleted an item (SHIFT+DEL) and cannot recover it using 'Recover deleted items'. \newline % Row Count 2 (+ 2) Full description = Microsoft KB246153. \newline % Row Count 3 (+ 1) {\bf{Steps}} \newline % Row Count 4 (+ 1) 1. Close Outlook \newline % Row Count 5 (+ 1) 2. Start Registry Editor (Regedt32.exe). \newline % Row Count 6 (+ 1) 3. Locate and click the following key in the registry: \newline % Row Count 8 (+ 2) HKEY\_LOCAL\_MACHINE\textbackslash{}SOFTWARE\textbackslash{}Microsoft\textbackslash{}Exchange\textbackslash{}Client\textbackslash{}Options \newline % Row Count 10 (+ 2) 4. On the Edit menu, click Add Value, and then add the following registry value: \newline % Row Count 12 (+ 2) Value name: DumpsterAlwaysOn \newline % Row Count 13 (+ 1) Data type: DWORD \newline % Row Count 14 (+ 1) Value data: 1 \newline % Row Count 15 (+ 1) 5. Quit Registry Editor. \newline % Row Count 16 (+ 1) Start Outlook, click on folder (in folder view) which item was hard deleted from, select Recover Deleted Items from Tools menu and you should be able to recover items.% Row Count 20 (+ 4) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}