Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of "what are the system commands commonly used by hackers under the Windows system". The editor shows you the operation process through an actual case, and the operation method is simple, fast and practical. I hope that this article "what are the system commands commonly used by hackers under the Windows system" can help you solve the problem.

Basic commands:

Arp-View and process the ARP cache, ARP means name resolution, and is responsible for parsing an IP into a physical MAC address. Arp-a will display all the information

Start-Program name or command / max or / min opens a new window and maximizes (minimizes) running a program or command

Mem-View cpu usage

Attrib-File name (directory name) to view the properties of a file (directory)

Dir-View Fil

Set-specifies the name of the environment variable

Pause-pauses the batch program and displays: press any key to continue.

If-perform conditional processing in a batch program

Call- path batch filename calls another batch program from the batch program

For- executes a specific command on each file in a set of files

Echo- information displays information on the screen

Find a file by find- filename

Title- title name change CMD window title name

Color- color values set cmd console foreground and background colors

Prompt-name the command prompt that changes the display of cmd.exe

Ver-displays version information under the DOS window

Winver- pops up a window showing version information

Format-drive letter / FS: type format disk, type: FAT, FAT32, NTFS

Md-Directory name create directory

Directory replacement file for the replace- source file to replace the file

Ren- original file name new file name rename file name

Tree- displays the directory in a tree structure, and the file names in the folder are listed with the parameter-f

Winver- checks the Windows version

Wmimgmt.msc---- opens windows management architecture

Wupdmgr-windows updater

Winver- checks the Windows version

Wmimgmt.msc---- opens windows management architecture

Wupdmgr-windows updater

Wwww-windows script hosting Settings

Write- WordPad winmsd- system Information

Wiaacmgr- Scanner and camera Wizard

Winchat-XP has its own local area network chat

Mem.exe- displays memory usage

Msconfig.exe--- system configuration Utility

Mplayer2- simple widnows media player

Mspaint- drawing board

Mstsc- remote Desktop connection

Mplayer2- Media player

Magnify- magnifying glass utility

Mmc- opens the console

Mobsync- synchronization command

Dxdiag- checks directx information

Drwtsn32- Systems Doctor

Devmgmt.msc--- device Manager

Dfrg.msc- disk Defragmenter

Diskmgmt.msc--- disk Management Utility

Dcomcnfg- opens the system component service

Ddeshare- opens DDE sharing settings

Dvdplay-DVD player

Notepad-, open your notepad.

Tools Wizard for nslookup- Network Management

Ntbackup- system backup and restore

Narrator- screen "narrator"

Ntmsmgr.msc---- Mobile Storage Manager

Ntmsoprq.msc--- mobile storage administrator operation request

The netstat-an---- (TC) command checks the interface

Syncapp- creates a briefcase

Sysedit- system configuration Editor

Sigverif- file signature verifier

Sndrec32- tape recorder

Shrpubw- creates a shared folder

Secpol.msc- Local Security Policy

Syskey- system encryption, once encrypted can not be unlocked, protect the double password of windows xp system

Services.msc--- Local Service Settings

Sndvol32- volume control program

Sfc.exe- system File Checker

Sfc / scannow---windows file protection

Tsshutdn-60 second countdown shutdown command

Introduction to tourstart-xp

Taskmgr- Task Manager

Eventvwr- event Viewer

Eudcedit- word-making program

Explorer- opens Explorer

Packager- object wrapper

Perfmon.msc---- computer performance Monitoring Program

Progman- Program Manager

Regedit.exe---- registry

Rsop.msc- Group Policy result set

Regedt32- Registry Editor

Rononce-p-15 seconds shutdown

Regsvr32 / u * .dll---- stops running the dll file

Regsvr32 / u zipfldr.dll- cancels ZIP support

Cmd.exe-CMD command prompt

Chkdsk.exe-Chkdsk disk check

Certmgr.msc---- Certificate Management Utility

Calc- starts the calculator

Charmap- startup character mapping table

Cliconfg-SQL SERVER client Network Utility

Clipbrd- Clipboard Viewer

Conf- starts netmeeting

Compmgmt.msc--- computer management

Cleanmgr-** finishing

Ciadv.msc- Index Service Program

Osk-, open the on-screen keyboard.

Odbcad32-ODBC data Source Manager

Oobe/msoobe / aMelli-check if XP is active

Lusrmgr.msc---- native users and groups

Iexpress- Trojan bundling tool, system comes with

Nslookup-IP address detector

Fsmgmt.msc- shared folder Manager

Utilman- accessibility Manager

Gpedit.msc- Group Policy

Logoff- logout command

1.2 Common commands

1.2.1 ping command

It is a command used to check whether the network is open or the speed of the network connection. As a hacker, the ping command is the first DOS command that must be mastered. The principle it uses is as follows: every machine on the network has a unique definite IP address. If we send a data packet to the target IP address, the other party will return a data packet of the same size. According to the returned data packet, we can determine the existence of the target host and preliminarily judge the operating system of the target host.

Common actions:

-t means that packets will be sent to the destination IP uninterrupted until we force it to stop.

-l defines the size of the packet sent, which defaults to 32 bytes, which we can use to define a maximum of 65500 bytes.

-n defines the number of times packets are sent to the destination IP, which defaults to 3.

You've all heard of the "ping" of death, which is the simplest IP-based attack, mainly due to the fact that the length of a single packet exceeds the packet length specified in the IP protocol specification. It's easy to generate such a package. In fact, many operating systems provide a networking tool called ping. This can be achieved by opening a DOS window for the Windows operating system and typing ping-l 65500 target ip-t (65500 represents the upper limit of the data length and-t represents the ping destination address continuously).

1.2.2 netstat

This is a command used to view the status of the network, easy to operate and powerful.

-a check all the open ports of the local machine, you can effectively find and prevent Trojans, you can know the service of the machine and other information.

Here we can see that there are FTP services, Telnet services, mail services, WEB services and so on. Usage: netstat-an IP.

-r lists the current routing information and tells us the gateway and subnet mask of the local machine. Usage: netstat-r IP.

1.2.3 nbtstat

This command uses NetBIOS on TCP/IP to display protocol statistics and current TCP/IP connections. With this command, you can get the NETBIOS information of the remote host, such as user name, workgroup, MAC address of the network card, etc. Here we need to understand a few basic parameters.

-a use this parameter, as long as you know the machine name of the remote host, you can get its NETBIOS information.

The parameter-A can also get the NETBIOS information of the remote host, but you need to know its IP.

-n lists the NETBIOS information of the local machine.

When you get the IP or machine name of the other party, you can use the nbtstat command to get further information about the other party, which increases the insurance factor of our intrusion.

1.2.4 tracert

Track routing information, and use this command to find out all the ways in which data is transferred from the local machine to the target host, which is helpful for us to understand the layout and structure of the network. This shows that the data is transferred from the local machine to the 192.168.1.1 machine without any transit, indicating that the two machines are in the same local area network. Usage: tracert IP.

1.2.5 net

This command is the most important one of the network commands, and we must thoroughly grasp the usage of each of its sub-commands, because its function is so powerful that it is simply the best intrusion tool that Microsoft provides for us.

Here, I'll focus on its commonly used subcommands.

Net use ipipc$ "" / user: "" establish an empty IPC link

Net use ipipc$ "password" / user: "user name" to establish an IPC non-empty link

Net use h: ipc$ "password" / user: "user name" is mapped to the other party after logging in directly. C: to the local is H:

Net use h: after ipc$ login, map the other party C: to the local H:

Net use ipipc$ / del remove IPC link

Net use h: / del removes the mapping from the other party to the local H:

Net user username password / add establish user

Net user guest / active:yes activate guest user

Net user to see which users there are.

Net user account name View the properties of the account

Net locaLGroup administrators user name / add adds "user" to the administrator to give it administrator privileges. Note: add s to the plural after administrator.

Net start to see which services are enabled

The net start service name enables the service (e.g. net start telnet, net start schedule)

Net stop service name stop a service

Net time target ip to check each other's time

Net time target ip / set sets the local computer time to synchronize with the time of the "target IP" host, plus the parameter / yes to cancel the confirmation message

Net view to see which shares are enabled on the local LAN

Net view ip to check which shares are enabled in each other's local area network.

Net config display system network settings

Net logoff disconnected sharing

Net pause service name pauses a service

Net send ip "text message" sends messages to each other.

Types and information of network connections in use within the net ver LAN

Net share to view locally opened shares

Net share ipc$ enables ipc$ sharing

Net share ipc$ / del delete ipc$ share

Net share c$ / del delete C: share

Net user guest 12345 changes the password to 12345 after logging in with guest.

Net password password change system login password

Netstat-a to check which ports are open, usually netstat-an

Netstat-n to view the network connection of the port, commonly used netstat-an

Netstat-v to view the work in progress

Netstat-p protocol name example: netstat-p tcq/ip to view a protocol usage (view tcp/ip protocol usage)

1.2.6 at

The purpose of this command is to schedule the execution of a specific command and program on a specific date or time. The common subcommands are as follows:

At id opens a scheduled task that has been registered

At / delete stops all scheduled tasks. With parameter / yes, it stops without confirmation.

At id / delete to stop a registered scheduled task

At views all scheduled tasks

At ip time program name (or a command) / r run a program at a certain time and restart the computer

1.2.7 telnet

The powerful remote login command is easy to operate, just like using your own machine. As long as you are familiar with the DOS command, after successfully connecting to the remote machine as administrator, you can use it to do whatever you want. Here's how to use it, first type telnet enter, and then type help to view its help information.

Then type open IP enter at the prompt, and a login window appears, asking you to enter a valid user name and password. Any password entered here is not displayed.

When you have successfully established a telnet connection after entering the correct user name and password, you will have the same permissions as this user on the remote host, and you can use the DOS command to do what you want. Here I logged in with Super Admin privileges.

1.2.8 ftp

File transfer protocol, we should be familiar with this command, there are many ftp hosts open on the network, a large part of them are anonymous, that is to say, anyone can log on.

How to use the ftp command:

First of all, the landing process, which is about to use open, directly in the ftp prompt to enter the "open host IP ftp port" enter, the general port default is 21, can not be written. The next step is to enter a valid user name and password to log in. Here is an example of anonymous ftp.

Both the user name and password are ftp, and the password is not displayed. When prompted with * logged in, the login is successful. Here, because the login is anonymous, the user appears as Anonymous.

The next step is to introduce how to use specific commands.

Dir is the same as the DOS command, which is used to view the files on the server. Press enter dir directly and you can see the files on this ftp server.

Cd enters a folder.

Get downloads the file to the local machine.

Put uploads files to a remote server.

Delete deletes files on the remote ftp server. This must also ensure that you have writeable access.

Bye exits the current connection.

Quit ditto.

1.2.9 IIS Service Command

Iisreset / reboot restart the win2k computer (but there is a prompt that the system restart message will appear)

Iisreset / start or stop start (stop) all Internet services

Iisreset / restart stop and restart all Internet services

Iisreset / status displays the status of all Internet services

Iisreset / enable or disable enable (disable) restart of the Internet service on the local system

Iisreset / rebootonerror when starting, stopping or restarting the Internet service, it will restart if an error occurs

Iisreset / noforce if the Internet service cannot be stopped, the Internet service will not be forcibly terminated

Iisreset / timeout Val still does not stop the Internet service when the time elapsed (seconds), if / rebootonerror is specified

1.1.10 MYSQL command

Mysql-h host address-u username-p password connection MYSQL; if MYSQL has just been installed, the superuser root does not have a password.

(example: mysql-h210.110.110.110-Uroot-P123456 Note: U and root do not need to add spaces, and others are the same)

Exit exits MYSQL

Mysqladmin-u username-p old password password new password change password

Grant select on database. * to user name @ login host identified by "password"; add new users. (note: unlike the above, the following is a command in the MYSQL environment, so it is followed by a semicolon as the command Terminator)

Show databases; displays a list of databases. At the beginning, there were only two databases: mysql and test. The mysql library is very important. it contains the system information of MYSQL. We actually use this library to change passwords and add users.

Use mysql

Show tables; displays the data table in the library

Describe table name; displays the structure of the data table

Create database library name; build library.

Use library name

Create table table name (list of field settings); create table

Drop database library name

Drop table table name; delete library and delete table

Delete from table name; empty the records in the table

Select * from table name; displays records in the table

Mysqldump-- opt school > school.bbb backup database: (the command is executed under the mysqlin directory of DOS)

2. System commands commonly used by hackers in Linux system

2.1 basic commands (remember to be case-sensitive)

Mkdir- directory name set up a directory

Cp-copy Fil

Mv-move Fil

Rm-filename deletes files, rm-a directory name deletes directories and subdirectories

Uname-displays version information (same as win2K's ver)

Dir-shows the current directory files, ls-al display includes hidden files (same as win2K's dir)

Pwd-query the location of the current directory

Cd- cd.. Go back to the previous directory and notice that cd and.. There is a space between them. Cd / return to the root directory.

Cat-File name view the contents of the file

Cat- > abc.txt writes to the abc.txt file.

The more- file name displays a text file on a page-by-page basis.

Rmdir-subdirectories are deleted and there are no documents in the directory.

Chmod-sets access to a file or directory

Grep-look for strings in the archive

Diff-archival file comparison

Find- file search

Date-current date, time

Who-query the people who are currently using the same machine as you and the time and place of Login

W-query the details of the current passengers.

Whoami-View your account name

Groups-check someone's Group

Passwd- change password

History- checks the commands he has given

Ps-displays the process status

Kill-stop a process

Gcc- hackers usually use it to compile files written in C language.

Su-permissions are converted to the specified user

Telnet-telnet connects to the other host (same as win2K). When a bash$ appears, the connection is successful.

Ftp- ftp connects to a server (same as win2K)

2.2 Common commands (remember to be case-sensitive)

Users:

# w # View active users

# id # View specified user information

# last # View user login log

# finger root # View management information

# cut-d:-F1 / etc/passwd # View all users of the system

# cut-d:-F1 / etc/group # View all groups of the system

# crontab-l # View the current user's scheduled tasks

System:

# uname-a # View kernel / operating system / CPU information

# head-n 1 / etc/issue # View operating system version

# cat / proc/cpuinfo # View CPU information

# hostname # View computer name

# env # View environment variables

# dmidecode # View hardware details

Resources:

# free-m # View memory usage and swap area usage

# df-h # View the usage of each partition

# du-sh # View the size of the specified directory

# uptime # View system running time, number of users, and load

Network:

# ifconfig # View the properties of all network interfaces

# iptables-L # View firewall settings

# route-n # View the routing table

# netstat-lntp # View all listening ports

# netstat-antp # View all established connections

# netstat-s # View network statistics

# lsof # View network information

Services:

# chkconfig-- list # list all system services

# chkconfig-- list | grep on # lists all started system services

program

# rpm-qa # View all installed packages

Process:

# ps-ef # View all processes

# top # Real-time display of process status

This is the end of the content about "what are the system commands commonly used by hackers under the Windows system". Thank you for your reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.