Intranet infiltration some commands to collect and organize

Intranet Infiltration some commands to collect and organize

=====

Some command to gather information

=====

@ Query Some of the circumstances of this machine

Ipconfig/all

@ Query machines with relationships

Net View

@ Query has several fields

Nei view/damin

@ View the list of computers in the TestDomain domain

NET View/domain:testdomain

@ query groups within a field

NET Group/domain

@ Divide Network Segment

dsquery subnet

@ query users in the domain

NET User/domain

@ Query group information in a field

NET Group/domain

@ Query domain management User group

NET Group "Domain Admins"/domain

@ View Admin login time, password expiration time, whether there are login scripts, group distribution and other information.

NET user Domain-admin/domain

@ Querying computers in a domain

NET group "Domain Computers"/domain

@ Determine which domain the machine belongs to

NET config Workstation

@ Judge the primary domain. The primary domain server does the time server

NET Time/domian//This trick was learned in the LCX Ox article.

NET Group "Domain Admins"/domain

Connect within @ipc domain

NET use \\IP\ipc$ Password/user:username@domain

====

Some commands and tools to guess the structure of intranet

====

Tracert 10.1.0.1

Ping x.x.x.x

Nbtscan-r 192.168.16.0/24

@ Scan Some of the pieces//Thank you for the tools of Uncle Rose. Thanks to the cat master for telling me this stuff.

Hd.exe-hscan 10.0.0.1-10.0.0.255/a/T 200

There is also a graphical representation of the intranet structure tool

Dude///thank the LInux520 group friends said

There is a part of it that is not sorted. After a period of time in the hair come up ~ welcome all the cows together to exchange intranet penetration.