Join Telegram Study Group ▷
SPOTO summarize the most common network commands in this article to help you master it.
1, ping
It is a command to check if the network is fluent or the speed of the network connection. As an administrator or hacker living on the network, the ping command is the first DOS command that must be mastered. The principle it uses is this: the machines on the network have uniquely determined IP addresses, and we give the target The IP address sends a data packet, and the other party returns a data packet of the same size. According to the returned data packet, we can determine the existence of the target host, and can initially determine the operating system of the target host. Let's take a look at some of its common operations. First look at the help, type in the DOS window: ping /? Enter. The help screen shown. Here, we only have some basic and useful parameters (the same below).
-t means that the packet will be sent to the target IP without interruption until we force it to stop. Imagine if you use 100M broadband access and the target IP is a 56K kitten, then it will take a long time for the target IP to drop because it can't bear so much data. Oh, an attack is as simple as that.
-l Defines the size of the sent packet. The default is 32 bytes, which we can use to define up to 65500 bytes. Combined with the -t parameter described above, there will be better results.
-n Defines the number of times a packet is sent to the destination IP. The default is 3 times. If the network speed is slow, 3 times is a waste of time for us, because now our goal is only to determine whether the target IP exists, then define it as once.
Explain that if the -t parameter is used with the -n parameter, the ping command is based on the following parameters, such as "ping IP -t -n 3". Although the -t parameter is used, it is not always pinged. But only ping 3 times. In addition, the ping command does not have to ping the IP, you can also directly ping the host domain name, so you can get the host's IP.
Let's take an example to illustrate the specific usage.
Here time=2 means that the time taken from the time the packet is sent to the time the packet is received is 2 seconds, from which the speed of the network connection can be judged. The return value from the TTL can be used to initially determine the operating system of the pinged host. The reason for saying "preliminary judgment" is because this value can be modified. Here TTL=32 means the operating system may be win98.
(Small knowledge: If TTL=128, it means the target host might be Win2000; if TTL=250, the target host might be Unix)
As for the ping command, you can quickly find the LAN fault, you can quickly search for the fastest QQ server, you can ping other people... These are all played by yourself.
2, nbtstat
This command uses the NetBIOS display protocol statistics on TCP/IP and the current TCP/IP connection. With this command, you can get the NETBIOS information of the remote host, such as the user name, the working group to which it belongs, and the MAC address of the network card. Here we need to understand a few basic parameters.
-a Use this parameter, as long as you know the machine name of the remote host, you can get its NETBIOS information (the same below).
-A This parameter also gets the NETBIOS information of the remote host, but you need to know its IP.
-n Lists the NETBIOS information of the local machine.
When you get the IP or machine name of the other party, you can use the nbtstat command to get the other party's information further, which increases the insurance factor of our invasion.
3, netstat
This is a command to view the status of the network, which is easy to use and powerful.
-a View all open ports of the local machine, you can effectively find and prevent Trojans, you can know the information about the services opened by the machine, as shown in Figure 4.
Here you can see that the local machine is open with FTP service, Telnet service, mail service, WEB service, etc. Usage: netstat -a IP.
-r Lists the current routing information and tells us the local machine's gateway, subnet mask and other information. Usage: netstat -r IP.
4, tracert
Track routing information,
Use this command to find out all the ways that data is transferred from the local machine to the target host, which is helpful for us to understand the network layout and structure. As shown in Figure 5.
Here, the data is transferred from the local machine to the 192.168.0.1 machine, without any intermediate transfer, indicating that the two machines are in the same LAN. Usage: tracert IP.
5, net
This command is the most important one in the network command. It must thoroughly grasp the usage of each of its subcommands, because its function is too powerful, which is simply the best intrusion tool Microsoft provides us. First let's take a look at the subcommands that it has, type net /? Enter as shown in Figure 6.
Here, we focus on several subcommands that are commonly used for intrusions.
Net view
Use this command to view shared resources of remote hosts. The command format is net view \IP.
Net use
Map a shared resource of the remote host to a local drive letter, and the graphical interface is convenient to use, huh, huh. The command format is net use x: \IP\sharename. The above one indicates that the directory named 192.168.0.5IP with the shared name magic is mapped to the local Z disk. The following shows the IPC$ connection with 192.168.0.7 (net use \IP\IPC$ "password" /user:"name"),
After establishing the IPC$ connection, hehe, you can upload the file: copy nc.exe \192.168.0.7\admin$, which means that the nc.exe in the local directory is transferred to the remote host, combined with other DOS commands to be introduced later. It is possible to achieve an invasion.
Net start
Use it to start a service on a remote host. When you establish a connection with a remote host, what if you find that its services are not started and you want to take advantage of this service? Just use this command to start it. Usage: net start servername, as shown in Figure 9, successfully started the telnet service.
Net stop
After the invasion, I found that a certain service of the remote host is in the way. What should I do? Use this command to stop it, it is ok, the usage is the same as net start.
Net user
View information about your account, including creating new accounts, deleting accounts, viewing specific accounts, activating accounts, disabling accounts, and more. This is very beneficial for our invasion, and most importantly, it provides a prerequisite for us to clone the account. Type net user with no parameters to view all users, including those that have been disabled. Explain separately below.
1, net user abcd 1234 /add, create a new user name abcd, password is 1234 account, the default is the user group member.
2, net user abcd /del, delete the user whose name is abcd.
3, net user abcd /active: no, disable the user named abcd.
4, net user abcd /active:yes, activate the user whose name is abcd.
5, net user abcd, check the status of the user named abcd
Net localgroup
View all information related to user groups and perform related operations. Type net localgroup with no parameters to list all current user groups. In the process of intrusion, we generally use it to promote an account to the administrator group account, so that we can use this account to control the entire remote host. Usage: net localgroup groupname username /add.
Now we add the newly created user abcd to the administrator group. At this time, the abcd user is already a super administrator. Oh, you can use net user abcd to check his status. Compare it with Figure 10. come out. But this is too obvious, the network management can see the user's situation can leak flaws, so this method can only deal with the rookie network management, but we still have to know. The current method is to use other tools and means to clone a super administrator that the network administrator can't see. This is a postscript. Interested friends can refer to the article "Analysis from Long to Deep" on the 30th issue of "Hacker Defense".
Net time
This command can view the current time of the remote host. If your goal is only to enter the remote host, then you may not use this command. But the simple invasion is successful, is it just a look? We need further penetration. This requires even the current time of the remote host to be known, because the time and other means (described later) can be used to achieve the timing of a certain command and program, laying the foundation for further invasion. Usage: net time \IP.
6, at
The purpose of this command is to schedule a specific command and program to be executed on a specific date or time (Is it important to know the net time?). When we know the current time of the remote host, we can use this command to execute a program and command at a later time (such as 2 minutes). Usage: at time command \computer.
It means that at 6:55, let the computer with the name a-01 turn on the telnet service (here net start telnet is the command to open the telnet service).
7, ftp
Should everyone be familiar with this order? There are a lot of open ftp hosts on the network, and a large part of them are anonymous, which means that anyone can log in. Now if you scan to a host that has an open ftp service (usually a 21-port machine), what if you don't use the ftp command? The basic ftp command usage is given below.
First type ftp at the command line and the ftp prompt appears. At this time, type "help" to view the help (any DOS command can use this method to view its help).
You may have seen how to use so many commands? In fact, it is not used much, and mastering a few basic ones is enough.
The first is the login process, which is used to open, directly enter the "open host IP ftp port" at the ftp prompt, press Enter, the general port default is 21, you can not write. Then enter the legal username and password to log in. Here is an example of anonymous ftp.
The username and password are both ftp and the password is not displayed. When prompted **** logged in, it means the login is successful. Here is an anonymous login, so the user is shown as Anonymous.
Next, we will introduce the use of specific commands.
The dir is the same as the DOS command. It is used to view the server's files. Just type dir and press Enter to see the files on the ftp server.
Cd into a folder.
Get downloads the file to the local machine.
Put uploads files to a remote server. This depends on whether the remote ftp server gives you the right to write, if you can, huh, huh, how to use it, not much to say, everyone will free to play.
Delete Deletes the file on the remote ftp server. This must also ensure that you have write access.
Bye exits the current connection.
Quit Same as above.
Eight, telnet
Powerful remote login commands, almost all intruders like to use it, tried and tested. why? It's easy to use, just like using your own machine. As long as you are familiar with DOS commands, after successfully connecting to a remote machine as administrator, you can use it to do everything you want. Here's how to use it. First type telnet and press enter and type help to view its help information.
Then type open IP at the prompt, and the login window will appear, allowing you to enter a valid username and password. Any password entered here will not be displayed.
When the user name and password are entered correctly, the telnet connection is successfully established. At this time, you have the same permissions as the user on the remote host. You can use the DOS command to do what you want. Here I am using the super administrator privileges to log in.
So far, the introduction of the network DOS command has come to an end, the purpose of the introduction here is only to give the rookie network an impression, let it know the importance of familiar with and master the network DOS command. In fact, the DOS commands related to the network are far more than these. This is just a joke, and I hope to help the rookie network management. Learning DOS is very helpful for good network management, especially skilled in some network DOS commands.
In addition, everyone should be aware that anyone who wants to enter the system must have a valid username and password (the input method vulnerability is almost extinct), even if you only have a small permission to get the account, you can use it to Achieve the final purpose. Therefore, it is the best way to defend against weak password intrusion by firmly eliminating the empty password and adding a strong password to your account.
Finally, sincerely, it is most important to develop a good sense of security.
Start → Run → Command Highlights
Winver---------Check the Windows version
Wmimgmt.msc----Open Windows Management Architecture (WMI)
Wupdmgr--------windows updater
Wscript--------windows script host settings
Write----------Wordboard
Winmsd---------System Information
Wiaacmgr-------Scanner and Camera Wizard
Winchat--------XP comes with LAN chat
Mem.exe--------display memory usage
Msconfig.exe---System Configuration Utility
Mplayer2-------Simple widnows media player
Mspaint--------painting board
Mstsc----------Remote Desktop Connection
Mplayer2-------media player
Magnify-------- Magnifier utility
Mmc------------ open the console
Mobsync--------sync command
Dxdiag---------Check DirectX information
Drwtsn32------ system doctor
Devmgmt.msc--- Device Manager
Dfrg.msc-------Disk Defragmenter
Diskmgmt.msc---disk management utility
Dcomcnfg-------Open system component service
Ddeshare-------Open DDE sharing settings
Dvdplay--------DVD player
Net stop messenger-----stop messenger service
Net start messenger----start messenger service
Notepad--------Open Notepad
Nslookup-------Network Management Tool Wizard
Ntbackup------- system backup and restore
Narrator------- screen "narrative"
Ntmsmgr.msc----Mobile Storage Manager
Ntmsoprq.msc---Mobile Storage Administrator Operation Request
Netstat -an----(TC) command check interface
Syncapp--------Create a briefcase
Sysedit--------system configuration editor
Sigverif-------file signature verification program
Sndrec32-------recorder
Shrpubw--------Create a shared folder
Secpol.msc-----local security policy
Syskey--------- system encryption, once encrypted can not be unlocked, protect the double password of windows xp system
Services.msc---local service settings
Sndvol32-------Volume Control Program
Sfc.exe--------System File Checker
Sfc /scannow---windows file protection
Tsshutdn-------60 seconds countdown shutdown command
Introduction to tourstart------xp (roaming xp program that appears after installation is complete)
Taskmgr--------task manager
Eventvwr-------Event Viewer
Eudcedit-------word making program
Explorer-------Open the resource manager
Packager-------object wrapper
Perfmon.msc----computer performance monitoring program
Progman--------Program Manager
Regedit.exe----registry
Rsop.msc-------Group Policy Result Set
Regedt32-------Registry Editor
Rononce -p ----15 seconds off
Regsvr32 /u *.dll----stop dll file running
Regsvr32 /u zipfldr.dll------Cancel ZIP support
Cmd.exe--------CMD command prompt
Chkdsk.exe-----Chkdsk disk check
Certmgr.msc----Certificate Management Utility
Calc----------- start calculator
Charmap--------start character mapping table
Cliconfg-------SQL SERVER client network utility
Clipbrd--------Clipboard Viewer
Conf----------- start netmeeting
Compmgmt.msc---Computer Management
Cleanmgr-------garbage
Ciadv.msc------ indexing service program
Osk------------Open the screen keyboard
Odbcad32-------ODBC Data Source Manager
Oobe/msoobe /a----Check if XP is activated
Lusrmgr.msc----native users and groups
Logoff---------logout command
Iexpress------- Trojan bundle tool, the system comes with
Nslookup-------IP address detector
Fsmgmt.msc-----Shared Folder Manager
Utilman--------Accessibility Manager
Gpedit.msc-----group policy
