Eight DOS orders that must be mastered
First, ping
It is used to check if the network is smooth or a network connection speed. As a living administrator or hacker living online, the ping command is the first DOS command that must be mastered. The principle it uses is that the machine has a unique IP address on the network, we give the target The IP address sends a packet, and the other party returns a different size packet. According to the returned packet we can determine the existence of the target host, you can initially determine the operating system of the target host, etc. Let's take a look at some of its commonly used operations. Let's take a look at the help, type in the DOS window: ping /? Enter,. The help screen shown. Here, we only master some basic useful parameters (below).
-t indicates that the packet is sent between the uninterrupted target IP until we force it to stop. Imagine if you use 100M broadband access, and the target IP is 56K kitten, then how long, the target ip is turned off because of the data that can not bear so much data, huh, an attack is so simple to achieve.
-l Define the size of the sending packet, the default is 32 bytes, and we use it to maximize to 65500 bytes. It will have a better effect in combination with the -t parameter introduced above.
-n defines the number of times the data packet to the target IP, the default is 3 times. If the network speed is slower, it is also a lot of time for us for 3 times, because now our purpose is just to determine if the target IP exists, then it is defined as once.
Description, if the -t parameter is used together, the ping command is based on the back parameters, such as "ping ip -t -n 3", although the -t parameter is used, but not always ping. But only ping 3 times. In addition, the PING command is not necessarily ping IP, or the host domain name can be directly ping, so that the IP of the host can be obtained.
Let's take an example to illustrate the specific usage.
Here, Time = 2 indicates that the time used from the issuance of packets to the return packet is 2 seconds, and can determine the size of the network connection speed from here. The return value from the TTL can initially determine the operating system of the PING host, which says "initial judgment" is because this value can be modified. Here TTL = 32 indicates that the operating system may be Win98.
(Small knowledge: If TTL = 128, the target host may be Win2000; if TTL = 250, the target host may be UNIX)
As for the use of the ping command to quickly find the local area network failure, quickly search the fastest QQ server, you can take Ping attack on others ... These depends on everyone.
Second, NBTSTAT
This command uses the NetBIOS display protocol statistics and current TCP / IP connections on TCP / IP. Use this command you can get the NetBIOS information of the remote host, such as user name, the workgroup, NIC's MAC address, etc. Here we need to know a few basic parameters.
-a Use this parameter, as long as you know the machine name of the remote host, you can get its NetBIOS information (below).
-A This parameter can also get the NetBIOS information of the remote host, but you need to know its IP.
-n lists NetBIOS information of the local machine.
When the other party's IP or machine name is obtained, the nbtstat command can be used to further get the other party's information, which has added the insurance factor we invaded.
Third, NetStat
This is a command to view the network status, and the operation is simple and powerful.
-A View all open ports of the local machine, which can effectively discover and prevent Trojans, you can know information such as services that machines driven, as shown in Figure 4. Here you can see that the local machine has an FTP service, Telnet service, email service, web service, etc. Usage: NetStat -a IP.
-r Lists the current routing information, telling us of the gateway, subnet mask of the local machine, and other information. Usage: NetStat -R IP.
Four, Tracert
Track routing information, using this command can detect all the ways throughout the data from the local machine to the target host, which is very helpful for us to understand the network layout and structure. Figure 5.
Here, the data is transmitted from the local machine to 192.168.0.1 machine, and there is no transfer in the middle, indicating that the two machines are in the same local area network. Usage: Tracert IP.
V. Net
This command is the most important one in the network command. It is necessary to thoroughly understand the usage of each subcommand, because its function is too powerful, this is simply
Microsoft provides the best intrusion tools for us. First let's take a look at it all the subcommands, type the NET /? Enter as shown in Figure 6.
Here, we focus on grasping a few intrudes commonly used subcommands.
Net view
Use this command to view the remote host so sharing resources. The command format is NET View / IP.
Net USE
The image of a shared resource of the remote host is used as the local origin, and the graphical interface is convenient, huh, huh. The command format is NET USE X: / IP / ShaName. One of the above represents a total of 192.168.0.5IP's total names of Magic to a local Z disk. The following representation is established in 192.168.0.7 (NET USE / IP / IPC $ "PASSWORD" / user: "name"),
After the IPC $ is connected, huh, you can upload the file: Copy nc.exe / 192.168.0.7/admin $, indicating that nc.exe under the local directory is passed to the remote host, combine the other DOS commands you want later. You can achieve invasion.
NET START
Use it to launch the service on the remote host. When you have a connection to the remote host, if you find what the service doesn't start, and you want to use this service? Use this command to start. Usage: Net Start ServerName, as shown in Figure 9, successfully launched a Telnet service.
NET STOP
What should I do if I find a service in the interruption of the remote host? The use of this command is OK, usage and NET Start.
Net user
View and account-related situations, including new accounts, delete accounts, view specific accounts, activation accounts, account disabled, etc. This is very advantageous for our invasion, and it provides a premise for our cloning account. Type NET User without parameters, you can view all users, including disabled. The following explanation.
1, NET User ABCD 1234 / Add, newly built a user name ABCD, password 1234 account, default is a member of the user.
2, Net User ABCD / DEL, delete users named ABCD.
3, NET user abcd / activ: NO, disabled users named ABCD.
4, Net User ABCD / Active: YES, activates users named ABCD.
5, net user abcd, see the case where the user name is ABCD
Net localgroup
View all information related to the user group and perform related operations. Type NET localGroup without parameters to list all current user groups. During the invasion process, we generally use it to increase an account to the Administrator group account so that we can control the entire remote host with this account. Usage: Net localgroup groupname usrname / add. Now let's add the newly built user ABCD to the Administrator group, this time ABCD users are already super administrators, huh, you can use net user abcd to see his status, and Figure 10 can be seen come out. But this is too obvious, the network management can leak the flaws at a time of seeing the user, so this method can only deal with the rookie network management, but we have to know. The current means is to use other tools and means to clone a super administrator who can't see the network management, which is later. Interested friends can refer to the "Wanted Deep Solvement Account" in the 30th issue of "hacking line".
NET TIME
This command can view the current time of the remote host. If your goal is just entering the remote host, then this command may not be used. But simple intrusion is successful, is it just to see? We need further penetration. This requires the current time of the remote host to know, because the time and other means (later) can implement a certain command and program timing start, to further invade the foundation for us. Usage: NET TIME / IP.
Sixth, AT 6, AT
The role of this command is to arrange a specific command and program (knowing NET TIME is important to know the NET TIME.). When we know the current time of the remote host, you can use this command to execute a program and command after a certain time (for example 2 minutes). Usage: at Time Command / Computer.
Indicates that the computer named A-01 opens Telnet service at 6:55, and the NET Start Telnet is the command to turn on the Telnet service.
Seven, FTP
What should you be more familiar with this order? There are a lot of hosts on the Internet, which is anonymous, that is, anyone can go up. Now if you sweep a host of an open FTP service (generally open 21-port machine), what if you still don't use FTP command? The basic FTP command usage is given below.
First, type the FTP Enter to the command line, the ftp prompt, you can type "Help" to view the help (any DOS command can use this method to see its help).
Everyone may see, so much ordered how to use it? In fact, there are so many, mastering a few basic things.
The first is the login process, which is used to use Open, enter the "Open host IP FTP port" in the FTP prompt, and the general port is 21, which is not written. Then enter the legal username and password to log in, here is an anonymous FTP as an example.
The username and password are FTP, and the password is not displayed. When prompted **** logged in, you will explain the successful landing. Here is an anonymous login, the user is displayed as anonymous.
Next, you will introduce the method of use of the specific command.
DIR is the same as the DOS command, used to view the server's file, tapping the DIR to the route, you can see the files on this FTP server.
The CD enters a folder.
GET downloads to the local machine.
PUT upload file to the remote server. This is to see if the remote FTP server gives you a writable permissions, if you can, huh, how can I use it without saying it, everyone will go free to go. Delete deletes files on the remote FTP server. This must also guarantee that you have writable rights.
Bye exits the current connection.
Quit is the same.
Eight, Telnet
The powerful remote login commands, almost all invaders like to use it, and try not to try. why? It is easy to operate, just like using its own machine, as long as you are familiar with the DOS command, you can use it to do everything you want to do after connecting the remote machine with Administrator. Let's introduce the method of use, first type Telnet Enter, then type Help to view its help.
Then in the prompt, type Open IP Enter, then there is a login window, let you enter a legal username and password, here you enter any password is not displayed.
When the input username and password are correct, the Telnet connection has been successfully established. At this time, you have the same permissions as this user on the remote host, and you can use the DOS command to achieve what you want to do. Here I use super administrator privileges to log in.
Here, the introduction of the network DOS command will tell a paragraph. The purpose introduced here is just an impression of the rookie network management, so that it is familiar with and master the importance of the network DOS command. In fact, the DOS command-related DOS command is still far more than this, just throwing bricks, hoping to help the vast rookie network management. Learn DOS for a great help when a good network management, special proficiency masters some network DOS commands.
In addition, everyone should clear that anyone wants to enter the system, must have a legal username and password (the input method is almost extinctive), even if you get the account, there is only a small permission, you can also use it. To achieve the last goal. Therefore, resolutely destroy the empty password, add a strong password to his account, is the best way to defend the invasion of the invasion.
Finally, sincerely, cultivate good safety awareness is the most important.