First, often times it takes pre-made programs to do any sort of hacking. Just to look at a web application to see if it's exploitable it takes at least a web-browser. Many of us here have various addons to protect us and help us view vulnerable spots better. What I think you maybe confused with is skiddy tools. Skiddy tools are never used for any of these missions. The difference between a skiddy tool such as Metasploit loaded with the latest WordPress hack and Firebug being used to look at the page is that with Metasploit, you only need to click a couple of buttons and voilà, hacked. With Firebug, yes it is easier to view the page and change stuff around, but it's still up to you to find the vulnerablity and find out how to exploit it.
Second, the couple of clicks and stuff, that is real, but that's only about 0.1% of the hacker's job. It's like building a space ship. You first build the parts in a factory somewhere, and then you test the life out of them, never even launching the rocket. When you've tested every last part to death and made sure that you can't make it any more stable, you assemble the rocket and hope to god that it won't crash because you may not get another chance to launch one.
Lastly, cmd commands are easily designed, you can make executables in mostly any language, or you can learn how to program batch files. batch files are easier, but they have limits and are unstable and unsafe. executables, it depends on the language.