Destructive DOSKEY Aliases

Monday, March 07, 2011

Rob Fuller

D8853ae281be8cfdfa18ab73608e8c3f

Not sure how far back it goes (Win95?) but 2000, XP and all the way up to Win 7 have a program called DOSKEY:

C:\Users\vmadmin>doskey /?

Edits command lines, recalls Windows commands, and creates macros.

DOSKEY [/REINSTALL] [/LISTSIZE=size] [/MACROS[:ALL | :exename]]
[/HISTORY] [/INSERT | /OVERSTRIKE] [/EXENAME=exename] [/MACROFILE=filename]
[macroname=[text]]

  • /REINSTALL Installs a new copy of Doskey.
  • /LISTSIZE=size Sets size of command history buffer.
  • /MACROS Displays all Doskey macros.
  • /MACROS:ALL Displays all Doskey macros for all executables which have
  • Doskey macros.
  • /MACROS:exename Displays all Doskey macros for the given executable.
  • /HISTORY Displays all commands stored in memory.
  • /INSERT Specifies that new text you type is inserted in old text.
  • /OVERSTRIKE Specifies that new text overwrites old text.
  • /EXENAME=exename Specifies the executable.
  • /MACROFILE=filename Specifies a file of macros to install.
  • macroname Specifies a name for a macro you create.
  • text Specifies commands you want to record.

UP and DOWN ARROWS recall commands; ESC clears command line; F7 displays
command history; ALT+F7 clears command history; F8 searches command
history; F9 selects a command by number; ALT+F10 clears macro definitions.

The following are some special codes in Doskey macro definitions:

$T Command separator. Allows multiple commands in a macro.
$1-$9 Batch parameters. Equivalent to %1-%9 in batch programs.
$* Symbol replaced by everything following macro name on command line.

Just like the Linux 'alias' command in some ways, you can remap pretty much any command you want.

Here are some of the more evil ones I have used in the past:

  • doskey cd=del /f /s $1
  • doskey tasklist=cat tasklist.txt
  • doskey dir=dir \..\..\..\

I'm sure you can think of a ton more..

The great thing is that there isn't a /delete - you just have to know that in order to remove a doskey macro you need to issue the command without the aliased part, so 'doskey tasklist=' will delete the tasklist macro.

Cross-posted from Room362

Possibly Related Articles:
13198
Windows Operating Systems Linux DOSKEY Macro
Post Rating I Like this!
B64e021126c832bb29ec9fa988155eaf
Dan Dieterle Nice!
1299594763
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.