One, ping
is a command used to check whether the network is smooth or the network connection speed. As an administrator or hacker living on the network, the ping command is the first DOS command that must be mastered. The principle it uses is this: machines on the network have a unique IP address, and we give the target When the IP address sends a data packet, the other party will return a data packet of the same size. Based on the returned data packet, we can determine the existence of the target host and preliminarily determine the operating system of the target host. Let's take a look at some of its common operations. First look at the help, type: ping /? Enter, in the DOS window. The help screen shown. Here, we only need to master some basic and useful parameters (the same below).
-t means that data packets will be sent to the target IP continuously until we force it to stop. Just imagine, if you use 100M broadband access and the target IP is a 56K kitten, then it won’t be long before the target IP will be disconnected because it can’t bear so much data. An attack can be implemented as simple as that.
-l defines the size of the sent data packet, the default is 32 bytes, we can use it to define up to 65500 bytes. Combined with the -t parameter introduced above, there will be better results.
-n defines the number of times to send data packets to the target IP, the default is 3 times. If the network speed is relatively slow, three times is also a waste of time for us, because now our purpose is only to determine whether the target IP exists, then define it as one time.
To explain, if the -t parameter and the -n parameter are used together, the ping command will use the following parameters as the standard, such as "ping IP -t -n 3". Although the -t parameter is used, it does not keep pinging. , But only ping 3 times. In addition, the ping command does not necessarily have to ping IP, you can also directly ping the host domain name, so that you can get the host's IP.
Let us give an example to illustrate the specific usage.
Here time=2 means that the time from sending the data packet to receiving the returning data packet is 2 seconds, from which the size of the network connection speed can be judged. From the return value of TTL, the operating system of the pinged host can be preliminarily judged. The reason for "preliminary judgment" is that this value can be modified. Here TTL=32 means that the operating system may be win98.
(Small knowledge: if TTL=128, it means that the target host may be Win2000; if TTL=250, the target host may be Unix)
As for the use of the ping command to quickly find LAN faults, you can quickly search for the fastest QQ server. Ping attacks by others...These are just *you can play by yourself.
Second, nbtstat
This command uses NetBIOS on TCP/IP to display protocol statistics and current TCP/IP connections. With this command, you can get the NETBIOS information of the remote host, such as the user name, the work group to which it belongs, and the MAC address of the network card. Here we need to understand a few basic parameters.
-a Use this parameter, as long as you know the machine name of the remote host, you can get its NETBIOS information (the same below).
-A This parameter can also get the NETBIOS information of the remote host, but you need to know its IP.
-n List the NETBIOS information of the local machine.
When the IP or machine name of the other party is obtained, the nbtstat command can be used to further obtain the other party's information, which in turn increases the insurance coefficient of our intrusion.
Third, netstat
This is a command used to view the network status, easy to operate and powerful.
-a View all open ports of the local machine, which can effectively detect and prevent Trojan horses, and can know the services opened by the machine and other information.
It can be seen that the local machine has FTP service, Telnet service, mail service, WEB service, etc. open. Usage: netstat -a IP.
-r lists the current routing information and tells us the gateway, subnet mask and other information of the local machine. Usage: netstat -IP
Fourth, tracert
traces routing information. Use this command to find out all the paths through which data is transmitted from the local machine to the target host. This is very helpful for us to understand the network layout and structure.
This shows that the data is transferred from the local machine to the machine with the target ip address without any transit in the middle, indicating that the two machines are in the same LAN. Usage: tracert -IP
usage five. The net
command is the most important one of the network commands. You must thoroughly master the usage of each of its subcommands, because its function is so powerful, this is simply what Microsoft provides for us The best intrusion tool. First, let us take a look at those sub-commands, type net /? and press Enter.
Here, we focus on several commonly used subcommands for intrusion.
net view
Use this command to view all shared resources of the remote host. The command format is net view \IP.
Net use
maps a shared resource of the remote host as a local drive letter, and the graphical interface is easy to use. The command format is net use x: \IPsharename.
If the above one indicates that the directory named magic of the 192.168.0.5IP share is mapped to the local Z drive. The following shows that IPC is established with 192.168.0.7 KaTeX parse error: Undefined control sequence: \IPIPC at position 12: connection (net use \̲I̲P̲I̲P̲C̲ “password” /user: “name”),
IPC is establishedKaTeX parse error: Undefined control sequence: \1 at position 26:… Piece: copy nc.exe \̲1̲92.168.0.7admin , which means to transfer the nc.exe in the local directory to the remote host, combined with the others to be introduced later The DOS command can realize the invasion.
Net start
uses it to start services on remote hosts. After you establish a connection with the remote host, what if you find that some of its services are not started, and you want to use this service? Just use this command to start it. Usage: net start servername, successfully started the telnet service. What should I do if a certain service of the remote host is in the way after
net stop is
invaded? Use this command to stop it and it's ok, and the usage is the same as net start.
Net user
view the account-related situation, including creating new accounts, deleting accounts, viewing specific accounts, activating accounts, disabling accounts, etc. This is very beneficial for us to invade, and most importantly, it provides a premise for us to clone accounts. Type net user without parameters to view all users, including those that have been disabled. Explained separately below.
1. net user abcd 1234 /add, create a new account with a user name of abcd and password of 1234, which is a member of the user group by default.
2. net user abcd /del, delete the user named abcd.
3. net user abcd /active:no, disable the user named abcd.
4. net user abcd /active:yes, activate the user named abcd.
5, net user abcd, view the situation of the user named abcd
net localgroup
view all the information related to the user group and perform related operations. Type net localgroup without parameters to list all current user groups. During the invasion, we generally use it to promote an account to the administrator group account, so that we can use this account to control the entire remote host. Usage: net localgroup groupname username /add.
Now we have added the newly created user abcd to the administrator group. At this time, the abcd user is already a super administrator. You can use net user abcd to view his status.
The net time
command can view the current time of the remote host. If your goal is only to enter the remote host, then this command may not be used. But the simple invasion succeeded, is it just a look? We need to penetrate further. Even the current time of the remote host needs to be known, because time and other means (described later) can be used to implement a certain command and program to start regularly, laying a solid foundation for us to further invade. Usage: net time \IP. Sixth,
the function of the at command is to arrange to execute a specific command and program on a specific date or time (is it important to know the net time?). When we know the current time of the remote host, we can use this command to let it execute a program and command at a later time (for example, 2 minutes later). Usage: at time command \computer.
Indicates that at 6:55, let the computer named a-01 start the telnet service (here net start telnet is the command to start the telnet service).
Seven, ftp
Everyone should be familiar with this command, right? There are many open ftp hosts on the Internet, and a large part of them are anonymous, which means that anyone can log in. Now if you scan a host that opens ftp service (usually a machine with port 21), what if you still can’t use ftp commands? The basic ftp command usage method is given below.
First type ftp enter on the command line, the ftp prompt appears, then you can type "help" to view the help (any DOS command can use this method to view its help).
As you may have seen, how to use so many commands? In fact, I don’t need that much, just master a few basics.
The first is the login process, which requires open, directly enter "open host IP ftp port" at the ftp prompt and press Enter. Generally, the port is 21 by default, so you don't need to write it. Then enter a valid user name and password to log in. Here we take anonymous ftp as an example.
Both the user name and password are ftp, and the password is not displayed. When prompted **** logged in, it means that the login is successful. Because it is an anonymous login, the user is displayed as Anonymous.
Next, we will introduce how to use specific commands.
The dir command is the same as the DOS command. It is used to view the files of the server. Just hit dir and enter, you can see the files on the ftp server.
cd into a folder.
get Download the file to the local machine.
put upload files to the remote server. It depends on whether the remote ftp server has given you writable permissions. If so, I won’t say more about how to use it, so let’s play it freely.
delete Delete files on the remote ftp server. This must also ensure that you have writable permissions.
bye Exit the current connection.
quit Same as above.
Eight, telnet
is a powerful remote login command. Almost all intruders like to use it, and it has been tried and tested. why? It is easy to operate, just like using your own machine. As long as you are familiar with DOS commands, after successfully connecting to the remote machine as an administrator, you can use it to do everything you want. Here's how to use it. First type telnet and press Enter, then type help to view its help information. Then type open IP and press Enter at the prompt, and a login window will appear, asking you to enter a valid user name and password. Any password entered here is not displayed. When the user name and password are correct, the telnet connection is successfully established. At this time, you have the same permissions as the user on the remote host, and you can use DOS commands to achieve what you want. Here I am using the super administrator authority to log in.
This article is derived from computer programming and learning exchange QQ group: 1154676112