Foreword: The struggle of network management and hackers will never stop, their relationship is like police and thieves. On the battlefield without smoke in the network, who the technical means is high, who is flexible, whoever is unable to learn, who can stand in an invincible place. In order to safeguard the security of its server, the hacker in order to successfully invade a server, they use the tools to use a very simple, very time, very efficient approach, but you have thought that many problems are not what we imagine, And the tools are others, and they are not very comfortable to use their hearts. Defense is also invasive, can we use the easiest way to achieve your own purpose? The answer is affirmative, proficient in some and the network-related DOS command, let us complete the work of others using tools under the DOS window. Noteping less, Follow Me. (Instead, this is originally in order to write the network invasion of DOS. When writing is almost the same, it suddenly feels that there is too much such thing, and there is no change, rewritten into a common usage of network DOS orders. Take a focus on the DOS command of the network, it is very uncomfortable - or why is it called "incomplete tutorial"? Hehe. Just hope that there is a correct understanding of DOS, although it has reached the era of Windows, But its function is still not a small peek. Said, learn DOS friends, the computer's accomplishment is different, everyone should recognize this.)
First, ping
It is used to check if the network is smooth or a network connection speed. As a living administrator or hacker living online, the ping command is the first DOS command that must be mastered. The principle it uses is that the machine has a unique IP address on the network, we give the target The IP address sends a packet, and the other party returns a different size packet. According to the returned packet we can determine the existence of the target host, you can initially determine the operating system of the target host, etc. Let's take a look at some of its commonly used operations. Let's take a look at the help, type in the DOS window: ping /? Enter, appear as shown in Figure 1. The help screen shown. Here, we only master some basic useful parameters (below).
-t indicates that the packet is sent between the uninterrupted target IP until we force it to stop. Imagine if you use 100M broadband access, and the target IP is 56K kitten, then how long, the target ip is turned off because of the data that can not bear so much data, huh, an attack is so simple to achieve.
-l Define the size of the sending packet, the default is 32 bytes, and we use it to maximize to 65500 bytes. It will have a better effect in combination with the -t parameter introduced above.
-n defines the number of times the data packet to the target IP, the default is 3 times. If the network speed is slower, it is also a lot of time for us for 3 times, because now our purpose is just to determine if the target IP exists, then it is defined as once.
Description, if the -t parameter is used together, the ping command is based on the back parameters, such as "ping ip -t -n 3", although the -t parameter is used, but not always ping. But only ping 3 times. In addition, the PING command is not necessarily ping IP, or the host domain name can be directly ping, so that the IP of the host can be obtained.
Below we will give an example to illustrate the specific usage, as shown in Figure 2. [img] http://www.54master.com/bbs/non-cgi/USR/21/21_16366_62.jpgimg] Here Time = 2 indicates that the time used from issuing a packet to accepting the return packet is 2 seconds, from Here, you can determine the size of the network connection speed. The return value from the TTL can initially determine the operating system of the PING host, which says "initial judgment" is because this value can be modified. Here TTL = 32 indicates that the operating system may be Win98. (Small knowledge: If TTL = 128, the target host may be Win2000; if tlt = 250, the target host may be UNIX) As for the use of the ping command to quickly find the local area network failure, quickly search the fastest QQ server, can be Others conduct ping attacks ... These are * Everyone will play. Second, NBTSTAT
This command uses the NetBIOS display protocol statistics and current TCP / IP connections on TCP / IP. Use this command you can get the NetBIOS information of the remote host, such as user name, the workgroup, NIC's MAC address, etc. Here we need to know a few basic parameters.
-a uses this parameter, as long as you know the machine name of the remote host, you can get its NetBIOS information as shown in Figure 3.
-A This parameter can also get the NetBIOS information of the remote host, but you need to know its IP. -n lists NetBIOS information of the local machine.
When the other party's IP or machine name is obtained, the nbtstat command can be used to further get the other party's information, which has added the insurance factor we invaded.
Third, NetStat This is a command to view the network status, and the operation is simple and powerful.
-A View all open ports of the local machine, which can effectively discover and prevent Trojans, you can know information such as services that machines driven, as shown in Figure 4.
Here you can see that the local machine has an FTP service, Telnet service, email service, web service, etc. Usage: NetStat -a IP. -r Lists the current routing information, telling us of the gateway, subnet mask of the local machine, and other information. Usage: NetStat -R IP.
Fourth, Tracert Tracks Routing Information, use this command to detect all the ways throughout the data from the local machine to the target host, which is very helpful for us to understand the network layout and structure. Figure 5.
Here, the data is transmitted from the local machine to 192.168.0.1 machine, and there is no transfer in the middle, indicating that the two machines are in the same local area network. Usage: Tracert IP.
V. Net
This command is the most important one in the network command. It is necessary to thoroughly understand the usage of each subcommand, because its function is too powerful, which is simply Microsoft to provide us the best intrusion tool. First let's take a look at it all the subcommands, type the NET /? Enter as shown in Figure 6.
Here, we focus on grasping a few intrudes commonly used subcommands.
Net view
Use this command to view the remote host so sharing resources. The command format is NET View File: // IP /. Figure 7.
NET USE uses a shared resource of the remote host as the local origin, and the graphical interface is convenient, huh, huh. Command format is Netuse X: File: // IP / ShaName. One of the above represents a total of 192.168.0.5IP's total names of Magic to a local Z disk. The following representation is established in 192.168.0.7 (NET USE File: // IP / IPC $ "Password" / user: "name"), as shown in Figure 8.
After the IPC $ is connected, huh, you can upload the file: copy nc.exe file: //192.168.0.7/admin $, indicating that nc.exe under the local directory is transmitted to the remote host, combined with later introduction Other DOS commands can be invaded. Net Start uses it to launch the service on the remote host. When you have a connection to the remote host, if you find what the service doesn't start, and you want to use this service? Use this command to start. Usage: Net Start ServerName, as shown in Figure 9, successfully launched a Telnet service.
What should I do after the NET STOP invasion discovers a service of the remote host? The use of this command is OK, usage and NET Start.
NET User Viewings related to accounts, including new accounts, delete accounts, view specific accounts, activation accounts, account disabilities, etc. This is very advantageous for our invasion, and it provides a premise for our cloning account. Type NET User without parameters, you can view all users, including disabled. The following explanation. 1, NET User ABCD 1234 / Add, newly built a user name ABCD, password 1234 account, default is a member of the user. 2, Net User ABCD / DEL, delete users named ABCD. 3, NET user abcd / activ: NO, disabled users named ABCD. 4, Net User ABCD / Active: YES, activates users named ABCD. 5, net user abcd, see the case where the user name is ABCD, as shown in Figure 10.
Net localgroup View all information related to the user group and perform related operations. Type NET localGroup without parameters to list all current user groups. During the invasion process, we generally use it to increase an account to the Administrator group account so that we can control the entire remote host with this account. Usage: Net localGroup Groupname UserName / Add, as shown in Figure 11.
Now let's add the newly built user ABCD to the Administrator group, this time ABCD users are already super administrators, huh, you can use net user abcd to see his status, and Figure 10 can be seen come out. But this is too obvious, the network management can leak the flaws at a time of seeing the user, so this method can only deal with the rookie network management, but we have to know. The current means is to use other tools and means to clone a super administrator who can't see the network management, which is later. Interested friends can refer to the "Wanted Deep Solvement Account" in the 30th issue of "hacking line".
NET TIME This command can view the current time of the remote host. If your goal is just entering the remote host, then this command may not be used. But simple intrusion is successful, is it just to see? We need further penetration. This requires the current time of the remote host to know, because the time and other means (later) can implement a certain command and program timing start, to further invade the foundation for us. Usage: NET TIME FILE: // IP /. Figure 12.
Sixth, AT
The role of this command is to arrange a specific command and program (knowing NET TIME is important to know the NET TIME.). When we know the current time of the remote host, you can use this command to execute a program and command after a certain time (for example 2 minutes). Usage: At Time Command File: // computer /. Figure 13. Indicates that the computer named A-01 opens Telnet service at 6:55, and the NET Start Telnet is the command to turn on the Telnet service.
Seven, FTP
What should you be more familiar with this order? There are a lot of hosts on the Internet, which is anonymous, that is, anyone can go up. Now if you sweep a host of an open FTP service (generally open 21-port machine), what if you still don't use FTP command? The basic FTP command usage is given below. First, type FTP Enter to enter the FTP, and the ftp prompt will be used, you can type "Help" to view the help (any DOS command can be used to view its help), as shown in Figure 14.
Everyone may see, so much ordered how to use it? In fact, there are so many, mastering a few basic things.
The first is the login process, which is used to use Open, enter the "Open host IP FTP port" in the FTP prompt, and the general port is 21, which is not written. Then enter the legal user name and password to log in, here is an anonymous FTP as an example, as shown in Figure 15.
The username and password are FTP, and the password is not displayed. When prompted **** logged in, you will explain the successful landing. Here is an anonymous login, the user is displayed as anonymous.
Next, the method of use of the specific command is described, as shown in Figure 16.
DIR is the same as the DOS command, used to view the server's file, tapping the DIR to the route, you can see the files on this FTP server. The CD enters a folder. GET downloads to the local machine. PUT upload file to the remote server. This is to see if the remote FTP server gives you a writable permissions, if you can, huh, how can I use it without saying it, everyone will go free to go. Delete deletes files on the remote FTP server. This must also guarantee that you have writable rights. Bye exits the current connection. Quit is the same.
Eight, Telnet features powerful remote login commands, almost all invaders like to use it, trial is not unhappy. why? It is easy to operate, just like using its own machine, as long as you are familiar with the DOS command, you can use it to do everything you want to do after connecting the remote machine with Administrator. Let's take a look at how to use it, first type Telnet Enter, then type HELP to view its help information, as shown in Figure 17.
Then in the prompt, type Open IP Enter, then there is a login window, let you enter the legal username and password, here you enter any password is not displayed, as shown in Figure 18.
When the input username and password are correct, the Telnet connection is successfully established. At this time, you have the same permissions as this user on the remote host. You can achieve what you want to do with the DOS command, as shown in Figure 19. Here I use super administrator privileges to log in.
