Simple Intranet penetration probing command

1. ipconfigall can view the current Nic configuration information, including the domain and IP segment this command can see: host name --- shwdm, IP--192.168.103.8, Gateway IP---192.168.103.10, DNS domain name resolution address IP---192.168.100.1, primary WINS server IP---10.0.22.52. netview display is calculated by the specified

1. ipconfig/all
// You can view the current Nic configuration, including the domain name and IP address segment.

ThisCommandYou can see: host name --- shwdm, IP--192.168.103.8, Gateway IP---192.168.103.10, DNS domain name resolution address IP---192.168.100.1, Master WINS server IP---10.0.22.5

2. net view
// Displays a list of domains, computers, or resources that are being shared by a specified computer. If no parameters are available, net view displays the list of computers in the current domain.

We can see that there are eight machines in our current domain, and SHWDM is also in this machine.

3.PingMachine name
// Display the IP address of the machine name

Ping bjcwserver. the IP address of the host named BJCWSERVER is 192.168.103.50.

4. net view/domain
// View the number of domains

5. net view/domain: testdomain (testdomain is assumed to be one of the target domains)
// This command is used to view the list of computers in the testdomain domain



We can view the computer lists in the three domains respectively. We can find that there is only one machine named ncserver in the mygroup domain, and the system is LINUX and a SAMBA server.

6. net user/domain
// Obtain the list of all Domain Users


7. net group/domain
// Obtain the domain user group information

8. net group "domain admins"/domain
// View and manage group members

9. net user domain-admin/domain
// View the Administrator Logon Time, password expiration time, logon script, group allocation, and other information!

10. netTime/Domain
// You can view the domain time and the name of the Domain Server (By LCX, one of the methods for quickly searching the domain)

To sum up, we can get the following information through this collection:

1. The intranet gateway is 192.168.103.10, the DNS domain name resolution IP is 192.168.100.1, and the primary WINS server is 10.0.22.5.

2. There are a total of three domains, of which there are eight machines under the WORKGROUP domain (the local machine also belongs to its domain), one under the POLYCOMRSS domain, and one samba server under the MYGROUP domain. The system is LINUX