The cmd command set is required.

The cmd command set is required.

Commands can be divided into three types: network detection (such as ping), network connection (such as telnet), and network configuration (such as netsh ). The previous two are relatively simple. This article only describes two network configuration tools. There are many built-in command line tools for networks, such as ping, tracert, ipconfig, telnet, ftp, tftp, netstat, and unfamiliar nbtstat, pathping, nslookup, finger, route, netsh ...... these commands can be divided into three types: network detection (such as ping), network connection (such as telnet), and network configuration (such as netsh ). The previous two are relatively simple. This article only describes two network configuration tools. Windows scripts are simple to use. The following describes the echo versions of several common scripts.

1. display the system version @ echo for each ps in getobject _> ps. vbs @ echo ("winmgmts ://. /root/cimv2: win32_operatingsystem "). instances _> ps. vbs @ echo wscript. echo ps. caption ^ & "" ^ & ps. version: next> ps. vbs cscript // nologo ps. vbs & del ps. vbs

2. List processes @ echo for each ps in getobject _> ps. vbs @ echo ("winmgmts ://. /root/cimv2: win32_process "). instances _> ps. vbs @ echo wscript. echo ps.handle=&vbtab;&ps.name=&vbtab;&ps.exe cutablepath: next> ps. vbs cscript // nologo ps. vbs & del ps. vbs

3. Terminate the process @ echo for each ps in getobject _> pk. vbs @ echo ("winmgmts ://. /root/cimv2: win32_process "). instances _> pk. vbs @ echo if ps. handle = wscript. arguments (0) then wscript. echo ps. terminate: end if: next> pk. to terminate a process whose PID is 123, vbs uses the following syntax: cscript pk. if vbs 123 is 0, the termination is successful. Then: del pk. vbs

4. restart the system @ echo for each OS in getobject _> rb. vbs @ echo ("winmgmts: {(shutdown )}! //. /Root/cimv2: win32_operatingsystem "). instances _> rb. vbs @ echo OS. win32shutdown (2): next> rb. vbs & cscript // nologo rb. vbs & del rb. vbs

5. List self-starting services @ echo for each SC in getobject ("winmgmts ://. /root/cimv2: win32_service "). instances _> SC. vbs @ echo if SC. startmode = "Auto" then wscript. echo SC. name ^ & "-" ^ & SC. pathname> SC. vbs @ echo next> SC. vbs & cscript // nologo SC. vbs & del SC. vbs

6. List the running services @ echo for each SC in getobject ("winmgmts ://. /root/cimv2: win32_service "). instances _> SC. vbs @ echo if SC. state = "Running" then wscript. echo SC. name ^ & "-" ^ & SC. pathname> SC. vbs @ echo next> SC. vbs & cscript // nologo SC. vbs & del SC. vbs

7. display the last system startup time @ echo for each OS in getobject _> bt. vbs @ echo ("winmgmts ://. /root/cimv2: win32_operatingsystem "). instances _> bt. vbs @ echo wscript. echo OS. lastbootuptime: next> bt. vbs & cscript // nologo bt. vbs & del bt. vbs netsh

To use netsh in a remote shell, you must first solve the problem of an interactive mode. As mentioned above, many shells cannot redirect output again, so they cannot use ftp or other command line tools interactively in this environment. Generally, interactive tools allow scripts (or response files ). For example, ftp-s: filename. The same is true for netsh: netsh-f filename. The netsh command has many functions, including IAS, DHCP, RAS, WINS, NAT server, TCP/IP protocol, IPX protocol, and routing. We are not administrators. we generally do not need to know so much about it. We only need to use netsh to understand the network configuration information of the target host.

1. for TCP/IP, configure echo interface IP> s echo show config> s netsh-f s del s. You can understand that the host has multiple NICs and ip addresses, whether the IP address is dynamically allocated (DHCP) and the Intranet IP address (if any ). The computer knowledge command is similar to ipconfig/all. Note: The following command requires the target host to start the remoteaccess service. If it is disabled, first import the Registry to unban it, And then net start remoteaccess

2. ARP echo interface ip> s echo show ipnet> s netsh-f s del s has more information than arp-.

3. TCP/UDP connection echo interface ip> s echo show tcpconn> s echo show udpconn> s netsh-f s del s is the same as netstat-.

4. Nic information. If other netsh commands can be replaced, what else is necessary for the netsh command? The replacement cannot be found below. Echo interface ip> s echo show interface> s netsh-f s del s netsh other functions, such as modifying the IP address, are generally not necessary (in case the IP address cannot be connected after it is changed, so I skipped it all. IPSec should first point out that the IPSec and TCP/IP filtering are different. Do not confuse them. The TCP/IP filtering function is very limited, far less flexible and powerful than IPSec. The following describes how to control IPSec under the command line. Ipseccmd is used for the XP system and ipsecpol is used for the 2000 system. Unfortunately, none of them come with the system.

Ipseccmd is in SUPPORT/TOOLS/SUPPORT. CAB of the XP system installation disk, and ipsecpol is in 2000 Resource Kit. In addition, to use ipsecpol, the other two files must be included: ipsecutil. dll and text2pol. dll. The three files are 119KB in total. IPSec can be controlled through group policies, but I have searched MSDN and have not found the syntax of the corresponding security template. The configured IPSec Policy cannot be exported as a template. Therefore, the Group Policy cannot be implemented. The IPSec settings are stored in the registry (HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local). In theory, you can modify the Registry to configure IPSec. However, it is difficult to read and modify a lot of information in binary format. In contrast, it is more convenient to upload the command line tool. You can find a lot of information about ipsecpol and ipseccmd on the Internet, so I will not elaborate on this article, just to list some practical examples.

In terms of setting an IPSec Policy, the syntax of the ipseccmd command is almost the same as that of ipsecpol, so only ipsecpol is used as an example:

1. Defend against rpc-dcom attacks: ipsecpol-p myfirewall-r rpc-dcom-f * + 0: 135: tcp * + 0: 135: udp * + 0: 137: udp * + 0: 138: udp * + 0: 139: tcp * + 0: 445: tcp * + 0: 445: the udp-n BLOCK-w reg-x command disables ports TCP135, 139,445, and udp135 and 137,138,445 on the local host. The specific meaning is as follows:-p myfirewall specifies the Policy Name myfirewall-r rpc-dcom and the rule name rpc-dcom-f ...... creates seven filters. * Indicates any address (source); 0 indicates the local address (target); + indicates image (bidirectional) filtering. For detailed syntax, see ipsecpol -? -N BLOCK indicates that the filtering operation is "blocking ". Note that the BLOCK must be in uppercase. -W reg writes the configuration to the Registry, which is still valid after restart. -X immediately activates the policy.

2. Prevent ping ipsecpol-p myfirewall-r antiping-f * + 0: icmp-n BLOCK-w reg-x. If the policy named myfirewall already exists, the antiping rule is added to the rule. Note that this rule also prevents the host from pinging others.

3. Restrict the IP address of the backdoor. Suppose you have installed DameWare Mini Remote Control on a host. To protect it from brute-force password cracking or overflow, access to its service port 6129 should be restricted. Ipsecpol-p myfw-r dwmrc_block_all-f * + 0: 6129: tcp-n BLOCK-w reg ipsecpol-p myfw-r dwmrc_pass_me-f 123.45.67.89 + 0: 6129: tcp-n PASS-w reg-x so that only 123.45.67.89 can access port 6129 of the host.

If you are a dynamic IP address, you should set rules based on the IP address range. For example, ipsecpol-p myfw-r dwmrc_block_all-f * + 0: 6129: tcp-n BLOCK-w reg ipsecpol-p myfw-r dwmrc_pass_me-f 123.45.67. * + 0: 6129: tcp-n PASS-w reg-x allows 123.45.67.1 to 123.45.67.254 IP addresses to access port 6129. When writing rules, be careful not to block yourself. If you are not sure whether the effects of a rule are the same as expected, you can use the scheduled task to "stay behind ". For example, the c:/> net start schedule Task schedle service is starting... The Task Scheduler Service has been started successfully. C:/> time/t c:/> at ipsecpol-p myfw-y-w reg adds a new job whose job ID is 1. Then, you have five minutes to set a myfw policy and test it. After 5 minutes, the scheduled task stops the policy. If the test results are not satisfactory, delete the policy. C:/> ipsecpol-p myfw-o-w reg Note: before deleting a policy, make sure it is stopped. If you do not stop it, the deletion will take effect for a period of time. The duration depends on the refresh time of the policy. The default value is 180 minutes. If the test passes, enable it. C:/> ipsecpol-p myfw-x-w reg. Finally, let's talk about how to view the IPSec Policy.

For XP, it is very simple. One command is done-ipseccmd show filters, while ipsecpol does not have the query function. Use the command line tool netdiag. It is located in SUPPORT/TOOLS/SUPPORT. CAB of the 2000 system installation disk. (If you have uploaded three files, you do not need to upload one. Ipv_^) netdiag must be supported by the RemoteRegistry Service. So start the service first: net start remoteregistry. If RemoteRegistry is not started, an error will be returned: [FATAL] Failed to get system information of this machine. netdiag is a powerful tool that can obtain network-related information! However, the output information is always detailed, and the output cache of cmd.exe is beyond the command line. Instead, each remote cmd shell can use the more command for paging. The command to view the ipsec Policy is netdiag/debug/test: ipsec, followed by a long string of output information. The IPSec Policy is at the end. The Installation Process of a software/tool usually involves copying files to a specific directory and modifying the registry. As long as you understand the specific content, you can implement it in the command line. (Do not consider registration and activation after installation) WinPcap is a very common tool, but must be installed in the window interface. You can also find a version that does not use the GUI on the internet (but there is still a copyright page). In fact, we can do it by ourselves.

Take WinPcap 3.0a as an example. By comparing the file system and registry snapshot before and after installation, you can easily understand the entire installation process. In addition to the anti-installation, there are three key files: wpcap. dll, packet. dll, and npf. sys. The first two files are in the system32 directory, and the third one is in system32/drivers. The Registry changes by adding a system service NPF. Note that the System Service (driver) is not a Win32 service. As a SYSTEM service, you must not only add a primary key under HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services, but also add a primary key under HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Enum/Root. The latter can be modified only by SYSTEM identity by default. Fortunately, you do not need to manually add it. winpcap will automatically handle it when it is called. You don't even need to manually modify the Registry. winpcap will do everything by yourself. Just copy the three files to the appropriate location. As an example, we will demonstrate how to modify the Registry: using the inf file mentioned earlier. [Version] Signature = "$ windows nt $" [DefaultInstall. services] AddService = NPF, winpcap_svr [winpcap_svr] DisplayName = Netgroup Packet Filter ServiceType = 0x1 StartType = 3 ErrorControl = 1 ServiceBinary = % 12%/npf. sys saves the preceding content as _ wpcap _. inf file. Write another batch processing _ wpcap _. bat: rundll32.exe setupapi, InstallHinfSection DefaultInstall 128% CD %/_ wpcap _. inf del _ wpcap _. inf if/I % CD % = % SYSTEMROOT %/system32 goto COPYDRV copy packet. dll % SYSTEMROOT %/system32/copy wpcap. dll % SYSTEMROOT %/system32/del packet. dll del wpcap. dll: COPYDRV if/I % CD % = % SYSTEMROOT %/system32/drivers goto END copy npf. sys % SYSTEMROOT %/system32/drivers/del npf. sys: END del % 0 and then win Rar packs all files (five files) as self-extracted exe files, and sets "Advanced Self-extracting options"-> "decompress and run" to _ wpcap _. bat, the winpcap installation package of the command line is complete.

Note: The last line of batch processing does not have a carriage return. Otherwise, you cannot delete yourself because you are running. This idea can be basically applied to all software installations. But there are also exceptions, that is, the installation of system patches. Because the system patch may replace the file being executed or accessed, you cannot use the copy command. Fortunately, the Windows Patch package supports command line installation. For example, kb2017146.exe-n-z-q-n do not keep backup-z do not restart-q quiet mode if there are a bunch of patches to be played, then use RAR to package them into self-extracting files, add a batch. For % f in (KB ??????. Exe) do % f-n-z-q for % f in (KB ??????. Exe) do del % f del % 0