The DOS commands that the computer master had to know:
One, at command
The purpose of this command is to schedule a particular command and program to be executed at a specific date or time (used together with the net TIME command). When we know the current time of the remote host, we can use this command to execute a program and command at a later time, such as 2 minutes later. Usage: At time command computer.
Second, netstat order
This is a command to view the status of the network, easy to operate powerful.
-A view all the open ports of the local machine, can effectively detect and prevent trojans, you can know the service of the machine and other information.
Here you can see that the local machine is open to FTP services, Telnet services, mail services, Web services, and so on. Usage: NETSTAT-AIP.
-r lists the current routing information and tells us about the local machine's gateway, subnet mask, and so on. Usage: netstat-r IP.
Three, net command, advanced network Management command
This command is one of the most important of the network commands and must have a thorough grasp of the usage of each of its commands, because it is so powerful that it is simply the best intrusion tool Microsoft has given us. First let's take a look at all the subcommand commands, type net/? Enter to see the relevant help information.
Here, we will focus on a few of the commonly used sub commands to invade.
NET view
Use this command to view shared resources for a remote host. The command format is net view IP.
NET use
The remote host of a shared resource to the site, the graphical interface for easy use, hehe. The command format is net use X:ipsharename. The above indicates that a directory with a 192.168.0.5IP share name of magic is mapped to a local z disk. The following represents the establishment of a ipc$ connection with 192.168.0.7 (net use ipipc$ "password"/user: "name"),
Established a ipc$ connection, oh, you can upload files: copy nc.exe 192.168.0.7admin$, said the local directory Nc.exe to the remote host, combined with the following to introduce the other DOS commands can be implemented invasion.
net start
Use it to start a service on a remote host. When you establish a connection with a remote host, what if you find out what service it does not start and what do you want to do with the service? Use this command to start it. Usage: net start servername, as shown in Figure 9, successfully started the Telnet service.
net stop
What happens when a service in a remote host is found in the intrusion? Use this command to stop the OK, usage and net start.
NET user
View account-related situations, including creating new accounts, deleting accounts, viewing specific accounts, activating accounts, account disabling, and so on. This is good for our intrusion, and most importantly, it provides a prerequisite for our cloning of accounts. Type net user with no parameters to view all users, including those that have been disabled. The following are explained separately.
1,net user ABCD 1234/add, create a new account with a username of ABCD, password 1234, and default to user group membership.
2,net user Abcd/del to remove users with a user name of ABCD.
3,net user Abcd/active:no disables users with the user name ABCD.
4,net user Abcd/active:yes to activate users with the user name ABCD.
5,net user ABCD, viewing the situation of users named ABCD
net localgroup
View all information related to the user group and perform related actions. Type net localgroup with no parameters to list all current user groups. During the intrusion process, we typically use it to elevate an account to an administrator account so that we can use this account to control the entire remote host. Usage: net localgroup groupname username/add.
Now that we've added the newly created user ABCD to the Admins group, the ABCD user is already a Super admin, so you can use net user abcd to see his status and compare it to Figure 10. But this is too obvious, network management a look at the user situation can leak a flaw, so this method can only deal with rookie network management, but we have to know. Now the means are to use other tools and means to clone a network management can not see the Super administrator, this is something. Interested friends can refer to the "Hacker line of Defense," the 30th issue of "interpretation of the long account," a text.
NET time
This command allows you to view the current time of the remote host. If your goal is to get into a remote host, you may not be using this command. But the simple invasion succeeded, is it just a look? We need to penetrate further. This even the current time of the remote host needs to know, because the use of time and other means (later) can achieve a certain command and the timing of the program to start, for our further invasion lay a good foundation. Usage: NET time IP.
Four, Telnet command
Powerful remote login command, almost all intruders like to use it, always tried. Why?
It is easy to operate, as with its own machine, as long as you are familiar with the DOS command, after the success of the administrator to connect the remote machine, you can use it to do everything you want to do. Here's how to use it, first type Telnet carriage return, and then type help to view its helpful information.
Then type open IP carriage return at the prompt, at which point a login window appears, allowing you to enter a valid username and password, and any password entered here is not displayed.
When the username and password are correct and the Telnet connection is successfully established, you have the same privileges as the user on the remote host, and you can do what you want with the DOS command. Here I use the Super Admin permission to log in.
Five, ping order
It is used to check whether the network is smooth or network connection Speed command. As an administrator or hacker who lives on the web, the ping command is the first DOS command that must be mastered, which uses the principle that the machine on the network has a unique IP address, we send a packet to the destination IP address, and the other side returns a packet of the same size, According to the returned packets we can determine the target host's existence, can initially judge the target host's operating system and so on. Let's take a look at some of its common operations. First look at the Help bar, in the DOS window type: ping/? Enter. The Help screen shown. Here, we can only master some basic and useful parameters (hereinafter).
-T indicates that packets will be sent to the destination IP until we force it to stop. Just imagine, if you use 100M broadband access, and the target IP is 56K kitten, then it will not be long, the target IP because can not bear so much data and drop the line, oh, an attack on such a simple realization.
-L defines the size of the packet to be sent, which defaults to 32 bytes, which we can use to define to a maximum of 65500 bytes. Combined with the-t parameter described above, there will be better results.
-N defines the number of packets sent to the destination IP, which defaults to 3 times. If the network speed is slow, 3 times for us also wasted a lot of time, because now our goal is only to determine whether the target IP exists, then define it as once.
Note that if the-t parameter and the-n parameter are used together, the ping command is based on the following parameters, such as "Ping Ip-t-N 3", although the-t parameter is used, but Ping is not always ping, but only 3 times. In addition, the ping command does not have to ping IP, you can ping the host domain name directly, so you can get the host IP.
Let's give an example to illustrate the specific usage.
Here time=2 means that the time taken from the packet to the returned packet is 2 seconds, from which the speed of the network connection can be judged. The return value from the TTL can initially be used to determine the operating system of the ping host, and the reason for the "preliminary judgment" is that the value can be modified. Here ttl=32 indicates that the operating system may be win98.
(Small knowledge: if ttl=128, the target host may be Win2000; if ttl=250, the target host may be Unix)
As for the use of ping command can quickly find LAN fault, you can quickly search the fastest QQ server, you can ping people to attack ... That's all we've got to play.
Six, FTP command
Should we be familiar with this command? There are a lot of open FTP hosts on the network, a large part of which is anonymous, which means anyone can log on. Now if you sweep into a host of open FTP services (typically a 21-port machine), what if you're not using the FTP command? The basic FTP command usage is given below.
First type FTP enter at the command line, and the FTP prompt appears, and you can type "help" to view the assistance (any DOS command can use this method to view its help).
As you may have seen, how do you use so many commands? In fact, not so much to master a few basic is enough.
The first is the landing process, this will be used to open, directly in the FTP prompt input "Open host IP FTP port" Enter can, the general port defaults are 21, you can not write. Then it is to enter a valid username and password to log in, here to anonymous FTP as an example introduced.
Both the username and password are FTP and the password is not displayed. When the hint * * * * * logged in, it means landing success. This is because it is anonymous login, so the user is displayed as anonymous.
The next step is to describe how to use specific commands.
Dir, like the DOS command, is used to view the files on the server, and you can see the files on this FTP server by simply tapping the dir return.
CD into a folder.
Get download files to local machine.
Put upload file to remote server. This depends on whether the remote FTP server has given you the right to write, if you can, oh, how to use it is not more said, we will be free to play.
Delete deletes files on a remote FTP server. This must also ensure that you have permission to write.
Bye exits the current connection.
Quit ditto.
Vii. tracert command
Trace routing information, which can be used to identify all the ways in which data is transmitted from the local machine to the target host, which is helpful in understanding the layout and structure of the network.
This indicates that the data is transferred from the local machine to the 192.168.0.1 machine, without any relay in the middle, indicating that the two machines are in the same section of the LAN. Usage: tracert IP.
Viii. nbtstat Order
This command uses the NetBIOS Display protocol statistics on TCP/IP and the current TCP/IP connection, which allows you to obtain NetBIOS information for remote hosts, such as user name, workgroup to which they belong, MAC address of the NIC, and so on. Here we need to know a few basic parameters.
-A Use this parameter, as long as you know the remote host machine name, you can get its NetBIOS information (hereinafter).
-A This parameter can also get NetBIOS information for a remote host, but requires you to know its IP.
-N lists NetBIOS information for the local machine.
When the other side of the IP or machine name, you can use the nbtstat command to further get the information of the other side, which adds to our invasion of the Pau.