Open source software security

Little Known MS-DOS Commands

30 November -0001
Little-Known DOS Commands That Have Saved My Ass

For those of us stuck on Win boxes there's always the annoying necessity of dependance on a GUI. Most Win based programs explicitly require interaction with icons, mouse clicks, and pretty buttons. What most Windows users don't realize is that there is a host of functionality hidden at the command line prompt. Cleverly hidden, its even difficult to get to a command prompt from Win desktops. I've gone ahead and added a shortcut to the DOS prompt to my desktop. Although Windows 2000 makes this slightly easier by offering 'Command Line' in the Start menu, this prompt may be cryptic for the inexperienced. For instance, did you know that you can FTP from a DOS prompt? Not just one file at a time, but whole directories? The sad situation of affairs is that most of this functionality goes unused by the majority of Windows users, and this is understandable. I haven't been able to find a single good book outlining DOS commands. Sure, I've got the 1,000 page MS-DOS manual on my desk (you can get those pretty cheap these days), but even these manuals don't outline the vast majority of commands I use from a DOS prompt in any understandable way. The following is a list of DOS commands I use at a command prompt regularly, and a short synopsis of their common usages. Please feel free to write and let me know if there are any I forgot. As the purpose of Hack In The Box is to free information, and I feel this is information that vitally needs to be free, any reader tips would be greatly appreciated. Well, enough of the smarmy intro, here's the guts:

This command is used to display a directory's contents. We're probably all familiar with this handy gem. The problem with 'dir' is that if you're listing a long directory, then the contents scroll quickly across the screen and disappear, and since there is no scroll bar at the command prompt are lost. In order to view a long directory one screen at a time, try 'dir | more'. This will splash out one screen-full at a time so you can actually examine the directories contents. * is the wildcard for dir, so to find all the files or folders in a directory starting with 'a', try 'dir a*'. To find a sequence in the name of any of the files or folders in a directory try 'dir | find "dir"', this will find any files or folders with the sequence 'dir' in their names. Lets say, however, that you would like to sort this list alphabetically. Try 'dir | find "dir" | sort' and you will get an alphabetically sorted list.

This is actually a small program found in c:\windows by default. Ping is used to send packets of data to a destination and measure their time of travel and loss. Since this is such a handy tool it may be useful to actually give you the usage and options available in ping as provided by the program itself:

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
            [-r count] [-s count] [[-j host-list] | [-k host-list]]
            [-w timeout] destination-list

-t Ping the specified host until stopped. To see statistics and continue - type Control-Br To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.

This one is pretty similar to the *nix command of the same name, only if you simply type 'ping' you will only transmit 4 32 bit packets (the default settings). Ping is also useful because if you don't know an IP address for a domain, you can simply ping the domain and the IP will be displayed ('ping' shows that Hack In The Box is at

Ah yes, the infamous traceroute does have a DOS manifestation. The official usage and options are as follows:

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.

Tracert is useful for trying to figure out if an IP is in a subnet. Now, because of the internet's distributed architecture, the packets traced by tracert won't always take the same route, but by examining the last few hops to a destination you can usually figure out where a target is located, or a target's ISP. It is useful to note that tracert will fail if packets time out 3 times consecutively. The last few steps in tracert from my IP to are as follows:
12 488 ms * *
13 484 ms * * []
14 487 ms 502 ms *
15 501 ms 506 ms 517 ms
16 525 ms 518 ms * []
17 521 ms * 517 ms []

so it's a good bet that has something to do with

This handy little command is used for windows IP configuration. The parameters are as follows:

Windows 98 IP Configuration
Command line options:
 /All 	       - Display detailed information. 
 /Batch [file] - Write to file or ./WINIPCFG.OUT 
 /renew_all    - Renew   all adapters. 
 /release_all  - Release all adapters.
 /renew   N    - Renew   adapter N. 
 /release N    - Release adapter N.

This command is extremely useful for figuring out the IP address of the machine you're sitting on, whether its not your usual terminal or you get a dynamically assigned IP address.

This command lists open ports on you computer, the protocols being used, the port's local address, any foreign connections to that port, and the state of the port. This one is handy for figuring out if anyone whom you don't know is connected to your computer, or if a certain connection is established, syncing or waiting. The official usage, etc. is as follows:

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default.
interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.

The built in DOS command line file transfer program. This baby has come in handy so many times I couldn't even begin to tell you. Simply type in ftp and you're off. The commands available under the DOS ftp can be found by issuing the 'help' command once inside the ftp program. For information's sake though, here they are: Commands may be abbreviated. Commands are:
! delete literal prompt send
? debug ls put status
append dir mdelete pwd trace
ascii disconnect mdir quit type
bell get mget quote user
binary glob mkdir recv verbose
bye hash mls remotehelp
cd help mput rename
close lcd open rmdir

You'll notice a lot of similarity here to *nix commands. I find 'get' and 'put' to be the most commonly used. For instance, say I want to get a file through FTP from I simply type in 'ftp' and when prompted enter my username and password. It is important to note that whenever you initiate an ftp from the DOS command line you're operating out of the directory in DOS in which you initiated the FTP. For instance, if I issue an FTP command from C:\Windows: Then all the files I 'get' will end up in the Windows directory, and I will not be able to 'put' any files from my hard drive onto the host machine ( for instance) except those that are in my Windows directory. I find it most useful to FTP from the C:\ directory.

While this is actually a DOS command to launch the external Windows based Telnet program (found in C:\Windows by default), you can issue optional arguments to telnet from the DOS prompt. For instance, if you wish to telnet to a port other than 23, you can issue that command at the prompt. For instance, if I wish to telnet to Hack In The Box's SMTP port I can issue 'telnet 25'. There is a bit of help offered in the telnet program itself, so I won't go into detail here.

The last few commands I've got are programs found on a Windows boot disk, but are enormously helpful. These two are the format command and the fdisk command. Format will actually launch, found again in C:\Windows\Command by default. Format can be used to format a drive and essentially wipe it clean (good for rebuilding a machine). Fdisk is another beautiful tool found in C:\Windows\Command. This is the DOS disk-partitioning tool (very handy when dual partitioning). Since fdisk is a fairly extensive program and has its own help section I won't go into any more detail than to mention it and tell you that it is really handy to know how to use (you should check it out if you never have before, simply issue 'fdisk' at the command prompt and poke around the program, it will alert you if you are about to do anything bad and won't actually mess with your partitions unless you direct it to).

Well those are my top 9 commands to use at a DOS prompt, perhaps some of you will write me and let me know what the last command is in the DOS top 10. Take care and enjoy.