The cmd thing.

One, Ping

It is used to check whether the network is smooth or network connection Speed command. As an administrator or hacker who lives on the web, the ping command is the first DOS command that must be mastered, which uses the principle that the machine on the network has a unique IP address, we send a packet to the destination IP address, and the other side returns a packet of the same size, According to the returned packets we can determine the target host's existence, can initially judge the target host's operating system and so on. Let's take a look at some of its common operations. First look at the Help bar, in the DOS window type: ping/? Enter. The Help screen shown. Here, we can only master some basic and useful parameters (hereinafter).

-T indicates that packets will be sent to the destination IP until we force it to stop. Just imagine, if you use 100M broadband access, and the target IP is 56K kitten, then it will not be long, the target IP because can not bear so much data and drop the line, oh, an attack on such a simple realization.

-L defines the size of the packet to be sent, which defaults to 32 bytes, which we can use to define to a maximum of 65500 bytes. Combined with the-t parameter described above, there will be better results.

-N defines the number of packets sent to the destination IP, which defaults to 3 times. If the network speed is slow, 3 times for us also wasted a lot of time, because now our goal is only to determine whether the target IP exists, then define it as once.

Note that if the-t parameter and the-n parameter are used together, the ping command is based on the following parameters, such as "Ping Ip-t-N 3", although the-t parameter is used, but Ping is not always ping, but only 3 times. In addition, the ping command does not have to ping IP, you can ping the host domain name directly, so you can get the host IP.

Let's give an example to illustrate the specific usage.

Here time=2 means that the time taken from the packet to the returned packet is 2 seconds, from which the speed of the network connection can be judged. The return value from the TTL can initially be used to determine the operating system of the ping host, and the reason for the "preliminary judgment" is that the value can be modified. Here ttl=32 indicates that the operating system may be win98.

(Small knowledge: if ttl=128, the target host may be Win2000; if ttl=250, the target host may be Unix)

As for the use of ping command can quickly find LAN fault, you can quickly search the fastest QQ server, you can ping people to attack ... It's up to everyone to play it by themselves.

Second, nbtstat

This command uses the NetBIOS Display protocol statistics on TCP/IP and the current TCP/IP connection, which allows you to obtain NetBIOS information for remote hosts, such as user name, workgroup to which they belong, MAC address of the NIC, and so on. Here we need to know a few basic parameters.

-A Use this parameter, as long as you know the remote host machine name, you can get its NetBIOS information (hereinafter).

-A This parameter can also get NetBIOS information for a remote host, but requires you to know its IP.

-N lists NetBIOS information for the local machine.

When the other side of the IP or machine name, you can use the nbtstat command to further get the information of the other side, which adds to our invasion of the Pau.

Three, Netstat

This is a command to view the status of the network, easy to operate powerful.

-A View all open ports of the local machine, you can effectively detect and prevent trojans, you can know the service of the machine and other information, such as Figure 4.

Here you can see that the local machine is open to FTP services, Telnet services, mail services, Web services, and so on. Usage: netstat-a IP.

-r lists the current routing information and tells us about the local machine's gateway, subnet mask, and so on. Usage: netstat-r IP.
Four, tracert

Trace routing information, which can be used to identify all the ways in which data is transmitted from the local machine to the target host, which is helpful in understanding the layout and structure of the network. As shown in Figure 5.

This indicates that the data is transferred from the local machine to the 192.168.0.1 machine, without any relay in the middle, indicating that the two machines are in the same section of the LAN. Usage: tracert IP.

Five, net

This command is one of the most important of the network commands and must have a thorough grasp of the usage of each of its commands, because it is so powerful that it is simply the best intrusion tool Microsoft has given us. First let's take a look at all the subcommand commands, type net/? carriage return as shown in Figure 6.

Here, we will focus on a few of the commonly used sub commands to invade.

NET view

Use this command to view shared resources for a remote host. The command format is net view \ip.

NET use

The remote host of a shared resource to the site, the graphical interface for easy use, hehe. The command format is net use x: \ip\sharename. The above indicates that a directory with a 192.168.0.5IP share name of magic is mapped to a local z disk. The following represents the establishment of a ipc$ connection with 192.168.0.7 (net use \ip\ipc$ "password"/user: "name"),

Established a ipc$ connection, oh, you can upload files: copy nc.exe \192.168.0.7\admin$, said the local directory Nc.exe to the remote host, combined with the following to introduce the other DOS commands can be implemented invasion.

net start

Use it to start a service on a remote host. When you establish a connection with a remote host, if you find out what service it does not start, and you want to take advantage of this service. Use this command to start it. Usage: net start servername, as shown in Figure 9, successfully started the Telnet service.

net stop

After the intrusion to find a remote host of a service in the drag, how to do. Use this command to stop on the OK, usage and net start with.

NET user