Several useful commands are often ignored during domain penetration.

Source: Internet
Author: User

In the process of domain penetration, we often analyze domain information, some of which are GUI tools, but we can do it in the command line. In fact, Microsoft has provided us with a powerful domain management tool called cmdline. This article mainly introduces several tools: nltest.exe Introduction: this tool obtains information about the domain in the forest. At the same time, you can use it to obtain the user's hash. If you get the hash, you can try this. But sometimes the program is not included in the system, because it is in the extended package of window 2003 and needs to be extracted by itself. Ldifde.exe Introduction: Introduction to Plugin: xe.exe is used in fat.ntfs.exe management. It may not be a ms tool. It is a tool for remote command execution and a powerful pstools toolkit. To repeat nltest.exe, refer: http://technet.microsoft.com/zh-cn/library/cc731935 # View domain-a domain controller nltest/dclist: domain-a # displays detailed information about a specific user. Here we can get the complete HASH of the user. nltest/user: "TestAdmin" # lists the trust relationships established for your domain. Nltest/domain_trusts # the domain controller and its corresponding IP address in the list of Domain Name System (DNS) servers queried. This parameter also contacts to check the Connected Domain Controller www.2cto. comnltest/dsgetdc: abcDC: \ server-c95b23ad.abcAddress: \ 192.168.1.10Dom Guid: 6784b216-b3b5-4501-9f52-2f78bb702cacdom Name: abcForest Name: abcDc Site Name: Default-First-Site-NameOur Site Name: default-First-Site-NameFlags: pdc gc ds ldap kdc timeserv gtimeserv writable DNS_DC DNS_DOMAINDNS_FOREST CLOSE_SITE what it means when you see this information ================== ====================================== ==================================================== Ldifde I will not talk nonsense, let's take a look at the official description of MS. ========================================================== ==================================================== Fsutil executable File Allocation Table (FAT) and NTFS file systems, such as managing reanalysis points, managing sparse files, or detaching volume-related tasks. If no parameter is used, fsutil displays the list of supported sub-commands. C: \> fsutil -- Commands Supported -- behavior Control file system Specified Manage volume dirty bitfile File specific commandsfsinfo File system informationhardlink Hardlink specified Object ID specified Quota specified Reparse point specified Sparse file controlusn USN specified Volume management: \> fsutil fsinfodrivers is an invalid parameter. -- FSINFO Commands Supported -- drives List all drivesdrivetype Query drive type for a Query volume informationntfsinfo Query NTFS specific volume informationstatistics Query file system statistics C: \> fsutil fsinfo drives Drives:: \ C: \ D: \ C: \>====================================================== ================================================== export xec \ COMPUTER -u user-p password-d-f-c gsecdump.exe-a> x. TXTpsexec \ computer-u user-p password-d cmd.exe

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.