1. ping
It is a command used to check whether the network is smooth or the network connection speed. As an administrator or hacker living on the network, the ping command is the first DOS command that must be mastered. The principle used is as follows: each machine on the network has a unique IP address. When we send a packet to the target IP address, the other party will return a packet of the same size. Based on the returned packet, we can determine the existence of the target host, the operating system of the target host can be preliminarily determined. Next let's take a look at some of its common operations. Let's take a look at the help. In the DOS window, type: ping /? Press enter ,. . Here, we can only master some basic useful parameters (the same below ).
-T indicates that data packets are continuously sent to the target IP address until we force it to stop. Imagine that if you use M broadband access and the target IP address is a 56 K kitten, it will not take long for the target IP address to be dropped because it cannot bear so much data, an attack is implemented in this simple way.
-L defines the size of the sent data packet. The default value is 32 bytes. We can use it to define a maximum of 65500 bytes. It works better with the-t parameter described above.
-N indicates the number of data packets sent to the target IP address. The default value is 3. If the network speed is slow and three times is a waste of time, because our goal is to determine whether the target IP address exists.
Note: If the-t parameter and the-n parameter are used together, the ping command is based on the following parameters, such as "ping IP-t-n 3 ", although the-t parameter is used, the ping is not always done, but only three times. In addition, the ping command does not have to ping the IP address. You can also directly ping the host domain name to obtain the Host IP address.
The following is an example to illustrate the specific usage.
Here time = 2 indicates that the time taken from sending a data packet to receiving the returned data packet is 2 seconds. Here we can determine the network connection speed. From the returned value of TTL, You Can preliminarily judge the operating system of the host to be pinged. The reason why "preliminary judgment" is said is that this value can be modified. Here, TTL = 32 indicates that the operating system may be win98.
(TIPS: If TTL = 128, the target host may be Win2000; If TTL = 250, the target host may be Unix)
The ping command can be used to quickly locate LAN faults, quickly search for the fastest QQ server, and ping attacks to others ...... All of this depends on everyone.
Ii. nbtstat
This command uses NetBIOS on TCP/IP to display protocol statistics and current TCP/IP connection. With this command, you can obtain the NETBIOS information of the remote host, for example, the user name, the working group, and the MAC address of the NIC. Here we need to know several basic parameters.
-A uses this parameter. If you know the name of the remote host machine, you can obtain its NETBIOS information (the same below ).
-The parameter A can also obtain the NETBIOS information of the remote host, but you need to know its IP address.
-N: lists the NETBIOS information of the local machine.
When the IP address or machine name of the other party is obtained, you can use the nbtstat command to further obtain the information of the other party, which increases the insurance coefficient of our intrusion.
Iii. netstat
This is a command used to view the network status, which is easy to operate and powerful.
-A: view all open ports on the local machine to effectively detect and prevent Trojans, and know the services opened by the machine.
Here we can see that the local machine is open to FTP service, Telnet service, mail service, WEB Service, and so on. Usage: netstat-a IP address.
-R: lists the current route information and tells us the gateway, subnet mask, and other information of the local machine. Usage: netstat-r IP address.
Iv. tracert
Trace route information. This command can be used to identify all the routes through which data is transmitted from the local machine to the target host. This is helpful for us to understand the network layout and structure. 5.
It indicates that the data is transmitted from the local machine to the machine 192.168.0.1 without any intermediate transfer. It indicates that the two machines are in the same LAN. Usage: tracert IP.
V. net
This command is the most important one in network commands. You must thoroughly understand the usage of each of its sub-commands, because it is too powerful, this is the best intrusion tool that Microsoft provides for us. First, let's take a look at all the sub-commands it has, and type net /? Press enter 6.
Here, we will focus on several common subcommands for intrusion.
Net view
Use this command to view shared resources of the remote host. The command format is net view IP.
Net use
A shared resource of the remote host is projected as a local drive letter, which is easy to use on the graphic interface. The command format is net use x: IPsharename. In the preceding example, the shared IP address 192.168.0.5IP is hashed into a local Z disk. Set up an IPC $ connection with 192.168.0.7 (net use IPIPC $ "password"/user: "name "),
After the IPC $ connection is established, you can upload the file: copy nc.exe 192.168.0.7admin.pdf, upload the nc.exe file under the local directory to the remote host, and use other doscommands to be introduced later to implement intrusion.
Net start
Use it to start services on the remote host. After you establish a connection with the remote host, what service does you want to use if it is not started? Use this command to start it. Usage: net start servername, 9. the telnet service is successfully started.
Net stop
What should I do if I find that a service on the remote host is out of the way after the intrusion? Use this command to stop and it will be OK. The usage is the same as that of net start.
Net user
View account-related information, including creating accounts, deleting accounts, viewing specific accounts, activating accounts, and disabling accounts. This is very beneficial to our intrusion, and most importantly, it provides a prerequisite for us to clone accounts. Type a net user without parameters to view all users, including disabled users. The following is a separate explanation.
1. net user abcd 1234/add: create an account with the username abcd and password 1234. The default account is a member of the user group.
2. net user abcd/del: Delete the user whose user name is abcd.
3. net user abcd/active: no. Disable the user whose user name is abcd.
4. net user abcd/active: yes. Activate the user whose user name is abcd.
5. net user abcd: view the situation of users whose user name is abcd.
Net localgroup
View all information related to the user group and perform related operations. Enter a net localgroup without parameters to list all current user groups. During the intrusion process, we generally use this account to escalate an account to an administrator account, so that we can use this account to control the entire remote host. Usage: net localgroup groupname username/add.
Now we have added the newly created user abcd to the administrator Group. At this time, the user abcd is already a super administrator. Haha, you can use the net user abcd to view his status, and figure 10. However, this is so obvious that the network management system can leak flaws when looking at the user situation. Therefore, this method can only deal with cainiao network management, but we still need to know. The current method is to use other tools and means to clone a super administrator that cannot be seen by the network administrator. If you are interested, refer to the article "from simple to deep resolution long account" in section 30th of "black line of defense.
Net time
This command can view the current time of the remote host. If your goal is to enter the remote host, you may not be able to use this command. But a simple intrusion is successful. Are you just looking at it? We need further penetration. Even the current time of the remote host needs to be known, because time and other means (which will be discussed later) can be used to implement timed startup of a command and program, laying a solid foundation for further intrusion. Usage: net time IP.
Sat.
The purpose of this command is to execute a specific command and program on a specific date or time (Do you know the importance of net time ?). When we know the current time of the remote host, we can use this command to execute a program and command at a later time (such as two minutes later. Usage: at time command computer.
Enables the telnet service on the computer named a-01 at 06:55 (net start telnet is the command to enable the telnet service here ).
7. ftp
Are you familiar with this command? There are many ftp hosts open on the network, most of which are anonymous. That is to say, anyone can log in. Now, if you scan a host that opens the ftp service (usually a machine with port 21 enabled), what if you still don't use the ftp command? The following describes how to use basic ftp commands.
First, enter ftp in the command line and press enter to display the ftp prompt. At this time, you can type "help" to view help (any doscommand can use this method to view its help ).
You may have seen how to use so many commands? In fact, it is enough to master a few basics.
The first is the login process, which requires open. Enter "open Host IP ftp port" at the ftp prompt and press Enter. Generally, the default port is 21, which can be left empty. Then, enter a valid user name and password to log in. Here we will use anonymous ftp as an example.
The username and password are both ftp and are not displayed. When *** logged in is displayed, the logon is successful. The user is shown as Anonymous because the logon is Anonymous.
Next we will introduce how to use specific commands.
Like the doscommand, dir is used to view the files on the server. Press dir and press enter to view the files on the ftp server.
Cd to enter a folder.
Get to download the file to the local machine.
Put: upload files to the remote server. It depends on whether the remote ftp server has granted you the writeable permission. If yes, you can use it easily.
Delete deletes files on the remote ftp server. This must also ensure that you have the write permission.
Bye exits the current connection.
Same as quit.
8. telnet
Powerful remote login commands, which almost all intruders like to use, have tried and tested. Why? It is easy to operate, just like using your own machine. As long as you are familiar with the doscommand and have successfully connected to a remote machine as administrator, you can use it to do everything you want. The following describes how to use it. First, enter telnet and press enter, and then enter help to view the help information.
Enter the open IP address at the prompt and press Enter. the login window appears, asking you to enter a valid user name and password. No Password is displayed here.
After you enter the correct username and password, you have successfully established a telnet connection. At this time, you have the same permissions as this user on the remote host, you can use the doscommand to implement what you want. Here I use the super administrator permission to log on.
So far, the introduction of the network doscommand has come to an end. The purpose of this article is to give the rookie Network Administrator an impression, so that they can be familiar with and master it.