Network security underlying command

Network security underlying command

Text / Heiyeluren

If you want to learn network security, you must learn the basic network common command to better master the network, protect your own system, and prevent intrusion. We must learn the basic network commands based on the Windows NT platform, that is, the lower part of the lower part of Windows 98 / Windows Me cannot be run. So, if you want to learn the network security, you must learn to abandon Windows 9x, of course your computer configuration is too low, then don't argument.

The commands we said below are generally executed under the "command prompt" (cmd) of Win2000 / XP / Server 2003, and some commands are also available under Windows 9x.

(This article is relatively long, there are almost more than 20,000 words, I hope to learn the network security readers can read learning, make a solid foundation, if you encounter problems during the learning process, I hope that I can think about it, or Find information to resolve, develop a good self-study, this will help you learn online security! This article has no screenshots, otherwise the file will be long!)

The following list lists basic network commands and methods of use in the NT system:

First, ipconfig command:

The ipconfig command should be the most basic command. The main function is to display information such as configuration information such as IP protocol inside the user.

Its main parameters are:

All: Displays all detail information related to the TCP / IP protocol, including the host name, IP address, subnet mask, node type, whether IP routing, network card physical address, default gateway, etc.

Renew All: Updates the communication configuration of all adapters, and all tests restart.

Release All: Releases the communication configuration of all adapters.

Renew N: Update the communication configuration of the Nth adapter, all tests resin.

E.g:

C: /> ipconfig

Windows IP Configuration

Ethernet Adapter Local connection:

Connection-Specific DNS SUFFIX.:

IP address...........................................

.................: 255.255.255.0

192.168.0.1

Second, net command:

The NET command is mainly to complete some network work in the Windows NT platform. Its function is very powerful. It can be said if you want to learn the network security under the Windows platform, you must be familiar with the command. There are a lot of grammar of this command, powerful, we just introduce some simple and common.

1. Establish an IPC connection:

As long as you have an IP username and password, use IPC $ to connect, here we get the user is administrator, the password is 123456. Suppose the other party IP is 192.168.0.1

NET use //192.168.0.1/ipc $ "123456" / user: "administrator"

The following information is generally displayed:

C: /> NET Use //192.168.0.1/IPC $ "123456" / user: "administrator"

The command successfully completed.

The commanded command is: NET use //192.168.0.1/ipc $ / DEL

The following information will be displayed after general execution:

C: /> Net use //192.168.0.1/ipc $ / del

//192.168.0.1/IPC $ has been deleted.

Of course, you can also create an empty IPC connection, which is the empty connection we often say, that is, IPC connections that need usernames and passwords, usually to establish such connections, you can get the system information, such as user name , Share resources, etc. It is the same as the establishment of an empty connection and establish an IPC connection, but the username and password are not required. For example, we have to establish a machine for machines from 192.168.0.39, using the following command: NET use //192.168.0.39/ipc $ "/ user" "

If the prompt is successfully established and the IP address is empty connection, then you can get some information about the system through other commands, which plays a very important role in intrusion or network maintenance, such as you get it. User name, then you can perform violent crack passwords.

2. Map Disk:

If the IPC connection is established with the other party, the other party's disk can be mapped.

Here is the C disk that is mapped to the other party. Of course, other disc can also, as long as there is, we will map the other C disk to the local Z disk.

Net use z: //127.0.0.1/C $

The effect after the command is executed is as follows:

C: /> NET USE Z: //192.168.0.92/C

The command successfully completed.

If you map the disk, we can access the opposite C disk by accessing the local Z disk.

3. Open the service:

If you want to open some of your own services, you can use the NET Start command, for example:

Net Start Telnet

You can open the Telnet service.

Generally there is information display:

C: /> NET Start Telnet

The Telnet service is starting.

Telnet service has been successfully launched.

C: />

4. Turn off the service:

Close the service uses the NET STOP command, for example:

NET STOP TENET / / You can close Telnet service.

After general execution, there is the following information:

C: /> NET STOP TELNET

The Telnet service is stopping.

The Telnet service has been successfully stopped.

C: />

5. Create users:

There must be sufficient permissions, establishing a user can be a native, if it is a machine, you must log in to the other party remotely, or get a shell to execute. (Pay attention to space when entering the command)

We add a HACKER user password to lovehacker:

NET User Hacker LoveHacker / Add

As long as the command is displayed successfully, then we can join him to the Administrator group (administrator group):

Net localgroup administrators Hacker / Add

6. Activate users / stop users:

Guest users are open by default, but there is a writer to stop it, how do we activate it from new? Can you use Net User commands:

NET User Guest / Active: YES

If we want to stop an active user, such as stopping guest users:

NET User Guest / Active: No

7. Show network resource sharing conditions

NET View, you can display network resource shares, such as executing NET View // IP addresses, you can view the resource sharing of the machine, provided that IPC connections must be established, of course, you can build an empty IPC connection, that is IPC connections that require usernames and passwords. (The above IPC connection is said, please read it carefully), for example:

C: /> Net view //192.168.0.39

Shared resource sharing names in //192.168.0.39 is used as comments

-------------------------------------------------- --------

FTPROOT DISK

Webroot Disk

The command successfully completed.

8. Send a web message:

Use the NET Send command to send a message to the LAN / WAN, format: NET Send IP address "message content", such as:

Net send 192.168.0.1 "This is the message sent by Net Send!"

Then, the machine of 192.168.0.1 will appear a window title "Letter Service", which shows the message you sent, of course, if the other party closes the Messenger service, this message will not display, if you You don't want to receive this type of message, you can also turn your Messenger service in your service.

Third, the AT command:

1. Local AT command:

The AT command is a planned task command, the same as the plan task in our Windows, but it is through the way.

Generally we can use the AT command directly to run some existing programs directly, such as 19:58, we want to run cmd.exe at 20:00: AT 20:00 C: / Winnt / System32 / cmd.exe

Then display "New Job, Ho ID = 1", and then you can see the following information on the execution of the "At" command:

Status ID date time command line

-------------------------------------------------- ---------------------

1 Today, 20:00 pm cmd.exe

Then open a CMD window at 20:00. If you want to cancel the planned task, you can use the following command:

The AT ID number / del, the ID number is the ID -> 1 displayed above, then if we want to cancel the ID of the ID 1, you can perform the following command:

AT 1 / DEL

If you are unfamiliar with the command, you can use the at /? Command to view its help.

2. Remote AT command:

Generally, an intruder will leave the back door after the invasive invasion, that is, the Trojans, you have passed the Trojan, how to start him?

Then you need to use the AT command, here you have already logged in that server, you first have to get the other party,

Net Time //127.0.0.1

Will return a time, here the time is 12: 1, now you need to create a job, Id = 1:

AT //127.0.0.1 12: 3 c: /winnt/system32nc.exe

The back path is the program to run in the directory of the other party, this is clear.

It is assumed here, named nc.exe, this thing is on the other party.

Fourth, telnet command:

The TELNET command is a remote login command that can be used to remotely log in remotely on the network has developed a remote terminal function to reach the local computer management remote computer.

This command format: Telnet Remote Host IP Port

For example: telnet 192.168.0.1 23

If we don't enter a port, the default is 23 port. Generally log in, the other side remote terminal service will ask you to enter the username and password, and you will log in.

The following message generally appears:

Welcome to Microsoft Telnet Service

Login: root

PASSWORD: ******

If the login is successful, the following information will appear:

* ============================================

Welcome to Microsoft Telnet Server.

* ============================================

C: / Documents and Settings / root>

Then you can do everything in your user's privilege!

Five, ftp command:

The ftp command is a file transfer command, which can transfer files between two interconnected machines, which is the same as our commonly used FTP software, but our software is generally the GUI (visual) interface, but It is the type of command.

The ftp command is mainly transmitted on the Internet, and its subcommand is very large, we pick some main purposes.

Once the FTP is typically entered at the command prompt, open the following interface:

C: /> ftp

FTP>

Then we entered the commands behind "FTP>", that is, after we enter the ftp command, then we entered the FTP platform, all the operations are based on FTP. If we want to open a server that has already opened an FTP service, then we can log in to the server, then upload / download files, sometimes our permissions can only download, then we can't upload, this specific See you have permissions.

If we want to open an FTP server, then we can enter under the FTP platform:

Open host IP port

For example: FTP> Open 192.168.0.39 21, then the following effects are displayed:

C: /> ftp

FTP> Open 192.168.0.39

CONNECTED TO 192.168.0.39.

220 Serv-U FTP Server V4.2 for Winsock Ready ...

User (192.168.0.39: (None):

You need to enter the username here. If the other party is supported, then we can enter users like FTP, such as:

User (192.168.0.39: (None): FTP

331 USER Name Okay, please send complete e-mail address as password.

PASSWORD:

The password is also input FTP, then the login is successful, as follows:

PASSWORD: ***

230- (Welcome to FTP192.168.0.39 server!)

230 User Logged in, Proceed.ftp>

Display 230 will represent the representative to log in, if otherwise, such as 530, then the username or password is incorrect, and the landing failed.

You can use some commands after logging in, including upload / download, execute external commands. To get all commands for FTP, you can type the help command, all of which commands lists as follows:

FTP> HELP

Commands May Be Abbreviated. Commands Are:

DELETE LITERAL PROMPT Send

DEBUG S PUT STATUS

Append Dir Mdelete PWD TRACE

ASCII Disconnect Mdir Quit Type

Bell Get Mget Quote Server

Binary Glob Mkdir Recv Verbose

Bye Hash MLS Remotehelp

CD Help MPUT RENAME

Close LCD Open RMDir

Let's explain the commonly used commands:

1. !: Perform an external command under a non-FTP platform, such as! CLS, will clear the screen.

2. Delete: Delete a file, such as a Dir1.txt file in your current FTP root directory, you need to delete it, enter delete dir1.txt.

3. Ls: List the list of files in the file, which is a command under UNIX / Linux, mainly to list files in the directory, regardless of the folder

4. PUT: Upload a file from the local computer to the FTP server, for example: PUT CMD.exe, then the cmd.exe passed by the current directory 5. The current directory, this command is most common.

6. ASCII: This command allows uploaded files to be transmitted in accordance with the ASCII code.

7. GET: This command is also common, but also downloads files on the other FTP server to its current directory. Such as: Get cmd.exe, will put the FTP server

8. The cmd.exe file is downloaded to the current directory.

9. MDelete / RMDir: Delete a directory / folder, such as: Mdelete A, then the folder will be deleted.

10. PWD: Displays the currently located in the directory of FTP, which is equivalent to displaying the current path. E.g:

FTP> PWD

257 "/ Software / Safe_Tools" IS Current Directory.

11. Quit / Bye: End the current FTP connection and exits the FTP.

12. TYPE: Set the file transfer type, the type is: [ASCII | Binary | Image | Tenex], if you are using the ASCII code, if you are an application, use binary if you are using Image. FTP default is the ASCII code. If you want to pass an application, use binary. For example, we have to upload a LK.exe file, then we set the transfer mode to binary, then upload, such as: ftp> type binary

200 Type Set to I.

FTP> PUT LK.EXE

200 Port Command Successful.

150 Opening Binary Mode Data Connection for LK.exe.

226 Transfer Complete.

FTP: 3800 BYTES SENT IN 0.01seconds 380.00kbytes / sec.

FTP>

13. MGET: Download multiple files at the same time.

14. MPUT: Simultaneously upload multiple files.

15. User: Represents your identity to the remote host, such as:

FTP> User

Username: FTP

331 USER Name Okay, please send complete e-mail address as password.

PASSWORD: ***

230 User logged in, proced.

16. CD: Switch the directory, enter a directory to use the CD directory, and return to the previous layer directory to use CD .. (Note There is a space in the middle), which is more common.

17. Help / ?: Display help, mainly displayed in the ftp.

18. Rename: Rename, rename the file.

19. Close: Turn off the current FTP connection, but does not quit the FTP, and the quit / bye command is different. Such as:

FTP> Clos

221 Goodbye!

FTP>

20. Open opens an FTP connection. Such as:

FTP> Open 192.168.0.39

CONNECTED TO 192.168.0.39.

220 Serv-U FTP Server V4.2 for Winsock Ready ...

User (192.168.0.39: (None):

The Comparable commands in FTP will be these, of course, some other commands are also designed, but also due to different commands supported by different FTP servers, so if they are different, please refer to the relevant information.

Six, ping command:

The ping command is a very important and common command in the network, mainly used to test if the network is connected. This command sees whether to connect to the other party by sending a response to an ICMP (Network Control Message Protocol) package, usually we use whether the target host can be connected, or can judge the version of the other party's operating system through the TTL value.

For example, if you want to test whether the machine is connected to 192.168.0.1, you can use this command: ping 192.168.0.1, then if the connection is returned:

C: /> ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:

Reply from 192.168.0.1: bytes = 32 TIME <1ms TTL = 128Reply from 192.168.0.1: bytes = 32 TIME <1MS TTL = 128

Reply from 192.168.0.1: bytes = 32 TIME <1MS TTL = 128

Reply from 192.168.0.1: bytes = 32 TIME <1MS TTL = 128

Ping Statistics for 192.168.0.1:

Packets: Sent = 4, Received = 4, LOST = 0 (0% LOSS),

Approximate Round Trip Times in Milli-Seconds:

Minimum = 0ms, maximum = 0ms, Average = 0ms

If you don't connect, you will return timeout:

C: /> ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping Statistics for 192.168.0.1:

Packets: SENT = 4, Received = 0, Lost = 4 (100% LOSS),

Then prove that you and the computer's network is unlocked, maybe the other party has no internet access, or has a firewall.

In the LAN, if you are the machine of the same workgroup, you can get the other party's IP address with the machine name of the PIN, such as:

C: /> ping hysw

Pinging hysw [192.168.0.14] with 32 bytes of data:

Reply from 192.168.0.14: Bytes = 32 TIME <1MS TTL = 64

Reply from 192.168.0.14: Bytes = 32 TIME <1MS TTL = 64

Reply from 192.168.0.14: Bytes = 32 TIME <1MS TTL = 64

Reply from 192.168.0.14: Bytes = 32 TIME <1MS TTL = 64

Ping statistics for 192.168.0.14:

Packets: Sent = 4, Received = 4, LOST = 0 (0% LOSS),

Approximate Round Trip Times in Milli-Seconds:

Minimum = 0ms, maximum = 0ms, Average = 0ms

There is also a -t parameter in ping, it is possible to send a package to a machine uninterrupted, using the -l package size parameter to set the maximum value of the sending package, which is the same as the DOS function, that is Flood attack in hacking technology, the maximum is 65500. Such as:

C: /> ping 192.168.0.1 -t -l 65500

Pinging 192.168.0.1 with 65500 BYTES of DATA:

Reply from 192.168.0.1: bytes = 65500 Time = 14ms TTL = 128

Reply from 192.168.0.1: bytes = 65500 Time = 13ms TTL = 128

Reply from 192.168.0.1: bytes = 65500 Time = 14ms TTL = 128Reply from 192.168.0.1: bytes = 65500 Time = 13ms TTL = 128

Reply from 192.168.0.1: bytes = 65500 Time = 14ms TTL = 128

Reply from 192.168.0.1: bytes = 65500 Time = 14ms TTL = 128

Ping Statistics for 192.168.0.1:

Packets: SENT = 6, Received = 6, Lost = 0 (0% LOSS),

Approximate Round Trip Times in Milli-Seconds:

Minimum = 13ms, maximum = 14ms, Average = 13ms

Control-C

^ C

C: />

Because the -t parameter is added, the PING command itself will not stop, so we can use Ctrl C to terminate the command. There are some other parameters, please refer to your help.

Seven, netstat command:

The function of the NetStat command is to display the network connection, routing tables, and network interface information, allowing users to know what network connects are currently working.

It can verify the current connection status of IP, and then verify the service on the system after disconnecting your basic level communication. This service includes checking traffic and / or verifying that you are creating a session with a remote site, it can easily do this.

NetStat parameters are:

-a Displays all sockets, including listening.

-c is redisplayed every 1 second until the user interrupts it.

-i Displays information on all network interfaces, formats with "ifconfig -e".

-n replaces the name in the network IP address, showing the network connection situation.

-r Displays the core route table, formats with "route -e".

-t shows the connection of the TCP protocol.

-u Displays the connection of the UDP protocol.

-v displays working in progress.

We generally use -A, -N. Using the -a parameter, you can display ports in which this machine is listening, including the port of the TCP / UDP protocol, which usually views the listening status of this machine, can be viewed if there is a back door tool at work. E.g:

C: /> netstat -a

Active Connections

Proto Local Address Foreign Address State

TCP HYSW: Echo Hysw: 0 listenging

TCP HYSW: Discard Hysw: 0 listenging

TCP HYSW: Daytime Hysw: 0 listenging

TCP HYSW: QOTD HYSW: 0 listenging

TCP HYSW: Chargen Hysw: 0 listening

TCP HYSW: EPMAP HYSW: 0 listening

TCP HYSW: Microsoft-DS Hysw: 0 listening

TCP HYSW: 1025 HYSW: 0 listeningtcp Hysw: 2103 Hysw: 0 listenging

TCP HYSW: 2105 HYSW: 0 listening

TCP HYSW: 2107 HYSW: 0 listening

TCP HYSW: 3306 HYSW: 0 listenging

TCP HYSW: 1034 localhost: 3306 ESTABLISHED

TCP HYSW: 3306 localhost: 1034 ESTABLISHED

TCP HYSW: NetBIOS-SSN HYSW: 0 listening

UDP HYSW: Echo *: *

UDP HYSW: DISCARD *: *

UDP HYSW: daytime *: *

UDP HYSW: qotd *: *

UDP HYSW: Chargen *: *

UDP HYSW: EPMAP *: *

UDP HYSW: Microsoft-DS *: *

UDP HYSW: isakmp *: *

UDP HYSW: NTP *: *

UDP HYSW: NTP *: *

UDP HYSW: NetBIOS-NS *: *

UDP HYSW: NetBIOS-DGM *: *

C: />

The general-N parameter is mainly to display local connection conditions, including local connecting other systems and other systems to connect this machine, including host IP and ports, such as:

C: /> NetStat -n

Active Connections

Proto Local Address Foreign Address State

TCP 127.0.0.1:1034 127.0.0.1:3306 ESTABLISHED

TCP 127.0.0.1:3306 127.0.0.1:1034 Establish

TCP 192.168.0.14:1371 192.168.0.159:21 ESTABLISHED

C: />

Eight, nbtstat command:

NBTSTAT and NETSTAT can be said to be a network detection tool under Windows, NBTSTAT commands: to view the current NetBIOS-based TCP / IP connection status, you can get a set name and machine name for remote or local machines through this tool. Although users use the IPConfig tool to accurately get the host's network card address, we use the nbtstat command on your own Internet, you can get information such as NIC addresses and username workgroups such as network hosts. important.

Common parameter description:

-a remoteename - Description List its name table using the name of the remote computer, this parameter can view his current state via the NetBIOS name of the remote computer.

-A IP address - Description IP addresses using the remote computer are listed in the name table. This and -a is that this can only use IP, in fact -A, includes -a's functionality.

-c - Lists the NetBIOS name of the remote computer and the IP address of each name this parameter is used to list the IP you connect to the computer you connect to your NetBIOS.

-S - only the IP address of the remote computer is displayed in the client and server session table.

Get the Working Group and User Name of the other party using the -A parameter:

C: /> NBTSTAT -A 192.168.0.14

local connection:

Node ipaddress: [192.168.0.14] Scope ID: []

Netbios Remote Machine Name Table

Name Type Status

---------------------------------------------

Hysw <00> unique registered

MSHOME <00> Group registered

Hysw <20> unique registered

MSHOME <1e> Group registered

Root <03> unique registered

Mac Address = 00-E0-4C-A3-F3-1C

The MSHOME shown for Group is the working group, which proves that the machine is in the MSHOME Working Group, the following <03> The root displayed in front is the user name, the system user name is root. Some other parameters can go to test themselves, or see the associated help.

Nine, tracert command:

The Tracert command is primarily used to display the path to the host to the host, display the relay node list of the data package and arrival time.

The usage format of this command: Tracert host IP address or host name

The execution result returns the list of interrupts reaching the calendar prior to the destination host, and displays the time to reach each succession. This feature is similar to the ping command, but what it sees is much more detailed than the ping command, it will give you the request package you sent to a certain site, and all the routings you tell you, and tell you through the route What is IP, how much is the time of this IP.

This command parameter is:

-d: The name of the target host is not parsed

-h: maximum_hops Specifies the maximum number of jumps to search for target addresses

-j: host_list follows the address release source route in the host list

-w: Timeout Specifies timeout interval, the program default time unit is millisecond

Using the tracert command can be well connected to the connectivity channel of the target host, generally obtain a detailed network information for the next incompetent or test, such as how many times in the middle, take a transfer station, take a transfer station. how long. Through these times, we can easily find out where the user between the user's host and the target website is out. If we add some parameters after the Tracert command, we can also detect more more detailed information. For example, using parameter -D, you can specify the program of the program host when the program is tracked, and also parses the domain name of the target host.

We simply use this command to test the time and passible IP address of www.baidu.com:

C: /> Tracert www.baidu.com

Tracing route to www.baidu.com [202.108.250.228]

OVER A MAXIMUM OF 30 HOPS:

1 <1 ms <1 ms <1 ms 192.168.0.1

2 1 ms <1 ms 1 ms 211.152.23.63 * 5 ms 3 ms 211.152.47.253

4 3 ms 3 ms 3 ms 210.78.156.66

5 3 ms 9 ms 4 ms 211.99.57.113

6 6 MS 5 MS 7 MS 202.108.250.228

TRACE COMPLETE.

See the information We know that we have passed 6 IP nodes and the time used. The first one is generally our machine is from the IP. The second start is the route, and the last is of course our destination. In the invasion, if you are willing to find these address layers, you will have a big gain.

Ten, nslookup command:

The function of the nslookup command is to query the IP address of a machine and its corresponding domain name, usually it can monitor if the DNS server in the network can correct the domain name to resolve it, and its run requires a domain name server to provide domain name service. If the user has already set a domain name server, you can use this command to view the domain name corresponding to the IP address of the different hosts.

The general format of this command is: nslookup [IP address / domain name], if you use the nslookup command on the local machine to query www.baidu.com, you are as follows:

C: /> nslookup www.baidu.com

Server: DNS2000.Ruc.edu.cn

Address: 202.112.112.100

Non-Authoritative Answer:

Name: www.baidu.com

Address: 202.108.250.228

Or you can enter the NSLookup mode before entering the [Domain / IP] to find [Domain / IP]:

C: /> nslookup

DEFAULT Server: DNS2000.Ruc.edu.cn

Address: 202.112.112.100

> www.baidu.com

Server: DNS2000.Ruc.edu.cn

Address: 202.112.112.100

Non-Authoritative Answer:

Name: www.baidu.com

Address: 202.108.250.228

>

If you want to quit the command, enter EXIT and enter your return. Some of some powerful features can explore themselves or find relevant help.

So far, we have finished introducing the basic common network commands under NT, of course, there are some orders, such as finger, arp, hostname, route, ftfp, etc., we will not introduce, if you still want to know more, Please refer to the relevant help or information.

Another point, many commands are almost the same under NT and UNIX / Liunx, and many subcommands and parameters are almost almost, you have learned it, you can justify it, learn more. Of course, we have to learn something is not a chartering, but in long-term learning and use, I hope that you can learn about it in practice, then you will not feel that these orders are difficult; if There are also some basic commands, such as Copy, Dir, MD, Echo, Attrib, etc. I am not familiar, I hope you can read something such as the DOS command, or go online search related things, you can say, learn The network security is mostly under the dark interface of "command prompt", some common commands, help you learn a deep thing.

(Part of this article Reference Network)