One, Ping
It is a command to check whether the network is unobstructed or the speed of the network connection. As an administrator or hacker living on the network, the ping command is the first DOS command that must be mastered, and it uses the same principle: the machine on the network has a unique IP address, we send a packet to the destination IP address, and the other party returns a packet of the same size. According to the returned packets we can determine the existence of the target host, can initially determine the target host operating system and so on. Here's a look at some of its most common operations. Let's take a look at the Help, type in the DOS window: ping/? Enter, here, we only have some basic very useful parameters to be able to (the same below).
-T means that packets will be sent uninterrupted to the destination IP until we force it to stop. Imagine, if you use 100M broadband access, and the target IP is 56K kitten, then it will not be long, the target IP is not able to withstand so much data and dropped, hehe, an attack is so simple to achieve.
-L defines the size of the sending packet, which defaults to 32 bytes, which we can use to define the maximum to 65500 bytes. Combined with the-t parameter described above, there will be a better effect oh.
-N defines the number of times a packet is sent to the destination IP, which defaults to 3. If the network speed is slow, 3 times for us also wasted a lot of time, because now our goal is only to determine whether the target IP is present, then define it as a time.
Note that if the-t parameter is used with the-n parameter, the ping command is standard with the following parameters, such as "Ping Ip-t-N 3", although the-t parameter is used, but it is not ping all the time, but only 3 pings. In addition, the ping command does not have to ping the IP, you can ping the host domain name directly, so that you can get the host's IP.
Let's give an example to illustrate the usage,
Here time=2 indicates that the time taken from sending a packet to receiving a return packet is 2 seconds, from which you can determine the size of the network connection speed. The return value from the TTL can be initially judged by the Ping host's operating system, the reason is that the "preliminary judgment" is because this value can be modified. Here ttl=32 indicates that the operating system may be win98.
(Tip: If ttl=128, the target host might be Win2000; if ttl=250, the target host might be Unix)
As for the use of ping command can quickly find LAN fault, you can quickly search the fastest QQ server, you can ping others to attack ... It's all on the people's own play.
Two, nbtstat
This command uses NetBIOS on TCP/IP to display protocol statistics and current TCP/IP connections, and you can use this command to get NetBIOS information about the remote host, such as the user name, the workgroup to which it belongs, the MAC address of the NIC, and so on. Here we need to understand a few basic parameters.
-A Use this parameter, as long as you know the name of the remote host machine, you can get its NetBIOS information (hereinafter).
-A This parameter can also get NetBIOS information from the remote host, but requires you to know its IP.
-N lists NetBIOS information for the local machine.
When the other side of the IP or machine name, you can use the nbtstat command to further get the other party's information, which adds to our invasion of the safety factor.
Three, Netstat
This is a command to view the status of the network, easy to use and powerful.
-A View all open ports of the local machine, can effectively discover and prevent Trojan Horse, can know the service that the machine opens and so on information.
Here you can see that the local machine is open with FTP service, Telnet service, mail Service, Web service and so on. Usage: netstat-a IP.
-r lists the current routing information and tells us about the gateway, subnet mask, and so on of the local machine. Usage: netstat-r IP.
Four, tracert
Track routing information and use this command to find out all the ways that data travels from the local machine to the target host, which is helpful for us to understand the network layout and structure.
This shows that the data is transferred from the local machine to the 192.168.0.1 machine without any relay in the middle, indicating that the two machines are in the same LAN. Usage: tracert IP.
Five, net
This command is the most important of the network commands and must be thoroughly mastered by the use of each of its subcommands, because it is so powerful that it is simply the best hack tool Microsoft has to offer us. First, let's see if it has those subcommands, type net/? Carriage return.
Here, we focus on several common sub-commands for intrusion.
NET view
Use this command to view the remote host's shared resources. The command format is net view \ip.
NET use
The remote host of a shared resource is mapped to the site, the graphical interface for easy use, hehe. The command format is net use x: \ip\sharename. The above one indicates that the 192.168.0.5IP shared directory named Magic is mapped to the local Z-disk. The following represents the establishment of IPC with 192.168.0.7 evenConnect(NeTuseI P \IPC "Password"/user: "name").
Established the IPC evenConnectafter,OhOh,justcan beinonPasstextpiecesthe:CoPy NC.exe 192.168.0.7 \admin , it means that the local directory Nc.exe to the remote host, combined with other DOS commands to be introduced in the following can be implemented intrusion.
net start
Use it to start the service on the remote host. When you establish a connection with a remote host, what if you find that the service is not started and you want to take advantage of the service? Just use this command to start it. Usage: net start servername, successfully started the Telnet service.
net stop
How do I find a service in the remote host after the intrusion? Using this command to stop is OK, usage and net start are the same.
NET user
View account-related scenarios, including creating new accounts, deleting accounts, viewing specific accounts, activating accounts, disabling accounts, and more. This is very advantageous for our invasion, and most importantly, it provides a precondition for our cloning of the account. Type NET user without parameters to view all users, including those that have been disabled. The following are explained separately.
1,net user ABCD 1234/add, create a new account named ABCD with a password of 1234, default to the user group member.
2,net user Abcd/del, delete the user named ABCD.
3,net user Abcd/active:no, disables the user named ABCD.
4,net user Abcd/active:yes, activates the user named ABCD.
5,net user ABCD, view the situation of the user named ABCD.
net localgroup
View all information related to the user group and perform related actions. Type net localgroup without parameters to list all current user groups. During the intrusion process, we generally use it to promote an account to the Administrator group account, so that we can control the entire remote host with this account. Usage: net localgroup groupname Username/add,
Now we put the new user ABCD added to the Administrator group, the ABCD user is already a super administrator, hehe, you can use net user ABCD to view his state, and figure 10 to compare can be seen. But this is too obvious, network management a look at the user situation can leak out flaws, so this method can only deal with rookie network management, but we have to know. Now the means are to use other tools and means to clone a network management can not see the Super administrator, this is something. Interested friends can refer to the "Hacker line of Defense" in the 30th issue of the "Analytic Long account".
NET time
This command can view the current time of the remote host. If your goal is to go into a remote host, you may not be using this command. But the simple invasion succeeded, is it just a look? We need further infiltration. This even the remote host needs to know the current time, because the use of time and other means (described later) can achieve a command and program timing start, for our further intrusion lay a good foundation. Usage: NET time \ip.
VI, at
The purpose of this command is to schedule a particular command and program to be executed on a specific date or time (knowing the importance of net time?). )。 When we know the current time of the remote host, you can use this command to execute a program and command at a later time, such as 2 minutes later. Usage: at time command \computer.
Indicates that at 6:55, a computer with the name a-01 is turned on for the Telnet service (where net start Telnet is the command to turn on the Telnet service).
Seven, FTP
You should be more familiar with this order, right? There are many open FTP hosts on the network, a large part of which is anonymous, which means anyone can log in. Now if you sweep to a host that has an open FTP service (typically a 21-port machine), what if you don't use the FTP command? The following is a basic way to use the FTP command.
Start by typing the FTP carriage return at the command line with the prompt for the FTP, and you can type "help" to view assistance (any DOS command can use this method to view its help).
As you may see, how do you use so many commands? In fact, there is not so much to master a few basic is enough.
The first is the landing process, which will be used to open, directly in the FTP prompt input "Open host IP FTP port" Enter, the general port is 21 by default, you can not write. Then enter a valid user name and password to login, here with anonymous FTP as an example introduced.
The user name and password are FTP, and the password is not displayed. When prompted * * logged in, it indicates successful landing. The user is shown as anonymous because it is logged anonymously.
The next step is to introduce how to use the specific commands.
Dir is the same as the DOS command, used to view the server files, directly hit Dir Enter, you can see the file on this FTP server.
CD into a folder.
Get download file to local machine.
Put to upload files to the remote server. This depends on whether the remote FTP server has given you permission to write, if you can, hehe, how to use it is not much to say, we will freely play to it.
Delete Deletes the files on the remote FTP server. This must also ensure that you have writable permissions.
Bye exits the current connection.
Quit ditto.
Eight, Telnet
Powerful remote login command, almost all intruders like to use it, always tried. Why? It is easy to operate, just like using your own machine, as long as you are familiar with DOS commands, you can use it to do everything you want to do after you have successfully connected the remote machine as a administrator. Here's how to use it, first type Telnet carriage return, and then type help to view its helpful information.
Then at the prompt type open IP Enter, then there is a login window, let you enter a valid user name and password, here to enter any password is not displayed.
When you enter the user name and password are correct after the successful establishment of the Telnet connection, this time you on the remote host with the same permissions as this user, the use of DOS commands to achieve what you want to do. Here I use Super admin privileges to log on.
Common network-related commands (Ping,nbtstat,netstat, etc.)