Hackers commonly use cmd commands (window version)

Table of contents

1. ping command

2. nbtstat command

 3、netstat

4. tracert command

        5. ipconfig command

6. arp command

7. at command

8. nslookup command

9. net command

10. ftp command

11. telnet command

---

1. ping command

The ping command is a commonly used network tool for testing and diagnosing network connection conditions. By sending ICMP (Internet Control Message Protocol) data packets to the target host and receiving the reply data packets, the reachability and average response time of the target host can be measured.

In the Windows operating system, the syntax for using the ping command is:

ping [-t] [-a] [-n count] [-l size] [-f] [-i ttl] [-v tos] [-r count] [-s count] [-w timeout] destination

 

Among them, the meaning of each parameter is:

• -t: Send ping packets continuously on the command line until stopped manually.
• -a: Use reverse DNS lookup to find the hostname of the target host.
• -n count: Specifies the number of times to send ping packets.
• -l size: Specifies the size (bytes) of the ping packet.
• -f: After setting this parameter, ping packets will be prohibited from routing.
• -i ttl: TTL (Time-to-Live) lifetime, that is, the maximum number of hops that a ping packet can pass through in the network.
• -v tos: Set the TOS (Type-of-Service) field to specify the priority of the ping packet.
• -r count: Specifies the number of recorded routes for ping packets.
• -s count: Specifies the data length (number of bytes) of the ping packet.
• -w timeout: Specifies the timeout (in milliseconds) for waiting for a response.
• destination: IP address or host name of the target host.

2. nbtstat command

nbtstat is a NetBIOS Name Resolution (NetBIOS Name Resolution) and NetBIOS Name Cache (NetBIOS Name Cache) tool based on the network, which can be used to diagnose and solve network connection problems.

nbtstat [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-S] [-s] [interval]
 

Among them, the meaning of each parameter is:

• -a RemoteName: query the IP address and NetBIOS name information of the remote host through the NetBIOS name.
• -A IP address: query the NetBIOS name information of the remote host through the IP address.
• -c: Displays the contents of the computer's NetBIOS name cache.
• -n: Display the computer's NetBIOS name table (registry list).
• -r: Clear the NetBIOS name cache of the local computer.
• -R: Refreshes the computer's NetBIOS name cache by broadcast.
• -S: Displays a list of NetBIOS sessions currently in use by the computer.
• -s: Displays the connection status of NetBIOS sessions between the computer and other computers.
• interval: Specifies the time interval at which the information output by the command is updated.

 3、netstat

The netstat command is a common network tool used to display network-related information such as network connection status, routing table, and interface statistics, which can help diagnose and solve network problems.

netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [-t] [interval]
 

Among them, the meaning of each parameter is:

• -a: Display all network connections and listening ports.
• -e: Display Ethernet statistics.
• -n: Do not perform reverse DNS lookup, and directly display the IP address.
• -o: Display the process ID associated with each connection.
• -p Protocol: Only display network statistics for the specified protocol (TCP, UDP, ICMP, etc.).
• -r: Display routing table information.
• -s: Display protocol statistics, such as the number of TCP and UDP protocols, the number of errors, etc.
• -t: Only display connections of the TCP protocol.
• interval: Specifies the time interval at which the information output by the command is updated.

 

 

4. tracert command

The tracert command is a network tool used to trace the path of data packets from the source host to the destination host, and query information such as the IP address and name of each router in order to diagnose and solve network connection problems.

The syntax of the tracert command is as follows:

tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

 

Among them, the meaning of each parameter is:

• -d: Disable translation of IP addresses to hostnames.
• -h maximum_hops: Specifies the maximum number of hops that a packet passes when reaching the destination host.
• -j host-list: Specifies the list of hosts to encapsulate routing headers.
• -w timeout: Specifies the timeout in milliseconds to wait for each stanza response.
• target_name: Specifies the name or IP address of the target host.

5. ipconfig command

The ipconfig command is a command-line tool in the Windows operating system, which is used to display the network configuration information of the current computer, including IP address, gateway, DNS server, etc. Using the ipconfig command can help us diagnose network problems and understand the network configuration information of the local computer

ipconfig: Display the network configuration information of the current computer

ipconfig /all: Display all network cards (including those not enabled) and their configuration information, such as IP address, subnet mask, default gateway, DNS server, MAC address, etc.

ipconfig /release: Release the currently used IP address.

ipconfig /renew: Update the currently used IP address.

ipconfig /flushdns: Clear the DNS cache.

ipconfig /displaydns: Display DNS cache records.

ipconfig /registerdns: Register the DNS name and IP address of the computer.

ipconfig /showclassid: Display the class identifier of the DHCP client.

ipconfig /setclassid: Set the class identifier of the DHCP client.

ipconfig /showclassid6: Displays the class identifier of IPv6 DHCP clients.

ipconfig /setclassid6: Set the class identifier of the IPv6 DHCP client.

 

6. arp command

The arp command is a command-line tool in Windows and Linux operating systems, which is used to display and manipulate the ARP cache table of the local computer. ARP (Address Resolution Protocol) is a protocol for resolving the correspondence between IP addresses and MAC addresses. The local computer needs to know the MAC address of the target computer to send data frames when communicating, and the ARP protocol obtains the MAC address of the target computer by querying the ARP cache table

1. -a: Display all items in the ARP cache table, including IP addresses and corresponding MAC addresses.

2. -d: Delete the ARP cache entry of the specified IP address, and re-query the MAC address in the next communication.

3. -s: Add a static ARP cache entry, manually specify the IP address and the corresponding MAC address.

 

7. at command

The at command is a command-line tool in the Windows operating system, which is used to execute a specified command or program at a specified time. In other words, using the at command can automatically perform an operation at a certain point in the future, which can help us save time and improve efficiency.

at [time] [command]
Common commands are as follows:

1. /interactive: Specifies interactive execution. Indicates that the display and keyboard input of an interactive application are allowed while a command or program is being executed.

2. /every: Specifies the repeat interval. Indicates that the executed operation will be repeated, and the /d parameter can be used to specify the repeated interval.

3. /next: Specifies the time for the next run. Indicates adding the scheduled task to the list of scheduled tasks.

4. /delete: Cancels a scheduled task. Indicates the cancellation of a scheduled task that has been added to the list of scheduled tasks.

5. /query: Displays a list of tasks scheduled for execution.

6. /run: Immediately execute the tasks in the scheduled task list.

 

8. nslookup command

The nslookup command is a command-line tool in Windows and Linux operating systems. It is used to query the Domain Name System (DNS) server to obtain information such as the IP address and domain name server corresponding to the specified domain name. The nslookup command can help us solve some domain name resolution problems, such as querying whether the domain name is correctly resolved, querying the DNS record of the domain name, and checking the availability of the DNS server. The following are some commonly used nslookup command options:

1. Basic query: Enter nslookup and the domain name to be queried at the command prompt to query the IP address corresponding to the domain name, such as: nslookup www.example.com.

2. Reverse query: Query the corresponding domain name through the IP address, such as: nslookup 192.0.2.1.

3. Query DNS server: query the DNS server used for domain name resolution, such as: nslookup -type=NS example.com.

4. Query the MX record corresponding to the domain name: query the mail server corresponding to the domain name, such as: nslookup -type=MX example.com.

5. Query the TXT record corresponding to the domain name: query the text record corresponding to the domain name, such as: nslookup -type=TXT example.com.

9. net command

The net command is a command-line tool in the Windows operating system, which is used to manage various operations in network resources, user accounts, and system security. The net command supports many subcommands. Some commonly used subcommands and their functions are as follows:

1. netstat: View network-related statistics and current network connection status.

2. net share: View or control shared resources on your computer.

3. net use: connects the computer to a network shared resource.

4. net view: Displays all shared resources on the local computer.

5. net user: Manage operations such as user accounts and passwords.

6. net group: manage user groups and group members and other operations.

7. net start: Start a service.

8. net stop: Stop a service.

9. net file: Displays all remote file sessions open to the computer.

10. net session: Displays a list of all sessions open to the computer.

 

10. ftp command

The ftp command is a command-line tool in Windows and Linux operating systems. It is used to communicate with a remote FTP server through the File Transfer Protocol (FTP) to perform operations such as file upload and download. The FTP protocol is a standard network protocol for file transfer over the TCP/IP protocol. Through the FTP protocol, we can connect to a remote FTP server and execute some common FTP commands as follows:

1. open: connect to a remote FTP server, such as: ftp open ftp.example.com.

2. user: specify the user name and password, such as: ftp user username password.

3. get: download the specified file or directory, such as: ftp get remotefile localfile.

4. put: upload the specified file or directory, such as: ftp put localfile remotefile.

5. ls: List the files and folders in the current directory.

6. cd: switch the current directory, such as: ftp cd remotepath.

7. mkdir: Create a new directory, such as: ftp mkdir remotepath.

8. rmdir: delete the specified directory, such as: ftp rmdir remotepath.

9. delete: delete the specified file, such as: ftp delete remotefile.

10. quit: Close the FTP session, such as: ftp quit.

11. telnet command

The telnet command is a command-line tool in Windows and Linux operating systems, which is used to connect to other computers or devices through a remote terminal. Through the telnet command, we can remotely access the terminals of other computers or devices and execute some commands or operations. Here are some commonly used telnet command options:

1. open: connect to the specified remote computer or device, such as: telnet open 192.168.1.1.

2. quit: close the telnet session, such as: telnet quit.

3. user: Specify the user name, such as: telnet user username.

4. password: Specify a password, such as: telnet password password.

5. ?: Display help information for available commands.