Simple Intranet penetration probing command

Source: Internet
Author: User
Tags domain server
1. ipconfigall can view the current Nic configuration information, including the domain and IP segment this command can see: host name --- shwdm, IP--192.168.103.8, Gateway IP---192.168.103.10, DNS domain name resolution address IP---192.168.100.1, primary WINS server IP---10.0.22.52. netview display is calculated by the specified

1. ipconfig/all
// You can view the current Nic configuration, including the domain name and IP address segment.

ThisCommandYou can see: host name --- shwdm, IP--192.168.103.8, Gateway IP---192.168.103.10, DNS domain name resolution address IP---192.168.100.1, Master WINS server IP---10.0.22.5

2. net view
// Displays a list of domains, computers, or resources that are being shared by a specified computer. If no parameters are available, net view displays the list of computers in the current domain.

We can see that there are eight machines in our current domain, and SHWDM is also in this machine.

3.PingMachine name
// Display the IP address of the machine name

Ping bjcwserver. the IP address of the host named BJCWSERVER is 192.168.103.50.

4. net view/domain
// View the number of domains

5. net view/domain: testdomain (testdomain is assumed to be one of the target domains)
// This command is used to view the list of computers in the testdomain domain



We can view the computer lists in the three domains respectively. We can find that there is only one machine named ncserver in the mygroup domain, and the system is LINUX and a SAMBA server.

6. net user/domain
// Obtain the list of all Domain Users


7. net group/domain
// Obtain the domain user group information

8. net group "domain admins"/domain
// View and manage group members

9. net user domain-admin/domain
// View the Administrator Logon Time, password expiration time, logon script, group allocation, and other information!

10. netTime/Domain
// You can view the domain time and the name of the Domain Server (By LCX, one of the methods for quickly searching the domain)

To sum up, we can get the following information through this collection:

1. The intranet gateway is 192.168.103.10, the DNS domain name resolution IP is 192.168.100.1, and the primary WINS server is 10.0.22.5.

2. There are a total of three domains, of which there are eight machines under the WORKGROUP domain (the local machine also belongs to its domain), one under the POLYCOMRSS domain, and one samba server under the MYGROUP domain. The system is LINUX

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.