Intranet Infiltration some commands to collect and organize
=====
Some command to gather information
=====
@ Query Some of the circumstances of this machine
Ipconfig/all
@ Query machines with relationships
Net View
@ Query has several fields
Nei view/damin
@ View the list of computers in the TestDomain domain
NET View/domain:testdomain
@ query groups within a field
NET Group/domain
@ Divide Network Segment
dsquery subnet
@ query users in the domain
NET User/domain
@ Query group information in a field
NET Group/domain
@ Query domain management User group
NET Group "Domain Admins"/domain
@ View Admin login time, password expiration time, whether there are login scripts, group distribution and other information.
NET user Domain-admin/domain
@ Querying computers in a domain
NET group "Domain Computers"/domain
@ Determine which domain the machine belongs to
NET config Workstation
@ Judge the primary domain. The primary domain server does the time server
NET Time/domian//This trick was learned in the LCX Ox article.
NET Group "Domain Admins"/domain
Connect within @ipc domain
NET use \\IP\ipc$ Password/user:username@domain
====
Some commands and tools to guess the structure of intranet
====
Tracert 10.1.0.1
Ping x.x.x.x
Nbtscan-r 192.168.16.0/24
@ Scan Some of the pieces//Thank you for the tools of Uncle Rose. Thanks to the cat master for telling me this stuff.
Hd.exe-hscan 10.0.0.1-10.0.0.255/a/T 200
There is also a graphical representation of the intranet structure tool
Dude///thank the LInux520 group friends said
There is a part of it that is not sorted. After a period of time in the hair come up ~ welcome all the cows together to exchange intranet penetration.