Windows must master eight DOS commands

Source: Internet
Author: User
Tags .net accounts address check data get hacker help


One, Ping



It is used to check whether the network is smooth or network connection Speed command. As an administrator or hacker living on the web, the ping command is the first DOS command that must be mastered, which uses the principle that the machine on the network has a unique IP address, we send a packet to the destination IP address, and the other side returns a packet of the same size, According to the returned packets we can determine the target host's existence, can initially judge the target host's operating system and so on. Let's take a look at some of its common operations. First look at the Help bar, in the DOS window type: ping/? Enter,. The Help screen shown. Here, we can only master some basic and useful parameters (hereinafter).



-T indicates that packets will be sent to the destination IP until we force it to stop. Just imagine, if you use 100M broadband access, and the target IP is 56K kitten, then it will not be long, the target IP because can not bear so much data and drop the line, oh, an attack on such a simple realization.



-L defines the size of the packet to be sent, which defaults to 32 bytes, which we can use to define to a maximum of 65500 bytes. Combined with the-t parameter described above, there will be better results.



-N defines the number of packets sent to the destination IP, which defaults to 3 times. If the network speed is slow, 3 times for us also wasted a lot of time, because now our goal is only to determine whether the target IP exists, then define it as once.



Note that if the-t parameter and the-n parameter are used together, the ping command is based on the following parameters, such as "Ping Ip-t-N 3", although the-t parameter is used, but Ping is not always ping, but only 3 times. In addition, the ping command does not have to ping IP, you can ping the host domain name directly, so you can get the host IP.



Let's give an example to illustrate the specific usage.



Here time=2 means that the time taken from the packet to the returned packet is 2 seconds, from which the speed of the network connection can be judged. The return value from the TTL can initially be used to determine the operating system of the ping host, and the reason for the "preliminary judgment" is that the value can be modified. Here ttl=32 indicates that the operating system may be win98.



(Small knowledge: if ttl=128, the target host may be Win2000; if ttl=250, the target host may be Unix)



As for the use of ping command can quickly find LAN fault, you can quickly search the fastest QQ server, you can ping people to attack ... This depends on everyone to play.



Second, nbtstat



This command uses the NetBIOS Display protocol statistics on TCP/IP and the current TCP/IP connection, which allows you to obtain NetBIOS information for remote hosts, such as user name, workgroup to which they belong, MAC address of the network card, and so on. Here we need to know a few basic parameters.



-A Use this parameter, as long as you know the remote host machine name, you can get its NetBIOS information (hereinafter).



-A This parameter can also get NetBIOS information for a remote host, but requires you to know its IP.



-N lists NetBIOS information for the local machine.



When the other side of the IP or machine name, you can use the nbtstat command to further information of the other side, which adds to our invasion of the no-fault.



Three, Netstat



This is a command to view the status of the network, easy to operate powerful.



-A View all open ports of the local machine, you can effectively detect and prevent trojans, you can know the service of the machine and other information, such as Figure 4.



Here you can see that the local machine is open to FTP services, Telnet services, mail services, Web services, and so on. Usage: netstat-a IP.



-R lists current routing information and tells us about the local machine's gateway, subnet mask, and so on. Usage: netstat-r IP.



Four, tracert



Trace routing information, which can be used to identify all the ways in which data is transmitted from the local machine to the target host, which is helpful in understanding the layout and structure of the network. As shown in Figure 5.



This indicates that the data is transferred from the local machine to the 192.168.0.1 machine, with no relay in the middle, indicating that the two machines are in the same section of the LAN. Usage: tracert IP.



Five, net



This command is one of the most important of the network commands and must have a thorough grasp of the usage of each of its commands, because it is so powerful that it is simply the best intrusion tool Microsoft has given us. First let's take a look at all the subcommand commands, type net/? carriage return as shown in Figure 6.



Here we focus on a few of the commonly used subcommand commands.



NET view



Use this command to view shared resources for a remote host. The command format is net view IP.



NET use



A remote host of a shared resource to the site, the graphical interface for easy use, hehe. The command format is net use X:ipsharename. The above indicates that a directory with a 192.168.0.5IP share name of magic is mapped to a local z disk. The following represents the establishment of a IPC connection with 192.168.0.7 (net use ipipc$ "password" supplied: "name"),



Established a IPC connection, oh, you can upload files: copy nc.exe 192.168.0.7admin$, said the local directory Nc.exe to the remote host, combined with the following to introduce the other DOS commands can be implemented invasion.



net start



Use it to start a service on a remote host. When you connect to a remote host, what if you find out what service it does not start and you want to take advantage of the service? Use this command to start it. Usage: net start servername, as shown in Figure 9, successfully started the Telnet service.



net stop



What happens when a service in a remote host is found in the intrusion? Use this command to stop the OK, usage and net start.



NET user



View account-related situations, including creating new accounts, deleting accounts, viewing specific accounts, activating accounts, account disabling, and so on. This is good for our intrusion, and most importantly, it provides a prerequisite for our cloning account. Type net user with no parameters to view all users, including those that have been disabled. The following are explained separately.



1,net user ABCD 1234/add, create a new account with a username of ABCD, password 1234, default to user group member.



2,net user Abcd/del To remove users with the ABCD user name.



3,net user Abcd/active:no disables users with the user name ABCD.



4,net user Abcd/active:yes to activate users named ABCD.



5,net user ABCD, see the user named ABCD



net localgroup



View all information related to the user group and perform related actions. Type net localgroup with no parameters to list all current user groups. During the intrusion process, we typically use it to elevate an account to an administrator account so that we can use this account to control the entire remote host. Usage: net localgroup groupname username/add.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.