Share a few DOS commands that are not outdated. Please save them if you need them.

Although DOS commands are getting further and further away from us, even in the Windows era, the following DOS commands are still very practical.

[[282781]]

1. Ping

It is a command used to check whether the network is smooth or the speed of the network connection. As an administrator or hacker living on the network, the ping command is the first DOS command that must be mastered. The principle it uses is as follows: the machines on the network have unique IP addresses. We send a data packet to the target IP address, and the other party will return a data packet of the same size. Based on the returned data packet, we can determine the existence of the target host and preliminarily determine the operating system of the target host. Let's take a look at some of its common operations. Let's take a look at the help first. Type in the DOS window: ping /? Enter. The help screen shown is shown. Here, we only need to master some basic and very useful parameters (the same below).

• -t means that data packets will be continuously sent to the target IP until we force it to stop. Imagine that if you use a 100M broadband access and the target IP is a 56K kitten, it won't take long for the target IP to be disconnected because it can't bear so much data. Haha, an attack is so easy to achieve.
• -l defines the size of the data packet to be sent. The default is 32 bytes. We can use it to define the maximum size to 65500 bytes. It will have a better effect if used in conjunction with the -t parameter introduced above.
• -n defines the number of times to send data packets to the target IP, the default is 3 times. If the network speed is slow, 3 times will waste a lot of time for us, because our purpose now is just to determine whether the target IP exists, so let's define it as once.

To explain, if the -t parameter is used together with the -n parameter, the ping command will use the parameter placed at the end as the standard, for example, "ping IP -t -n 3", although the -t parameter is used, it does not ping all the time, but only pings 3 times. In addition, the ping command does not necessarily have to ping the IP, you can also directly ping the host domain name, so that you can get the host's IP.

Let's take an example to illustrate the specific usage.

Here time=2 means that the time from sending a data packet to receiving a returned data packet is 2 seconds, from which we can judge the speed of the network connection. From the return value of TTL, we can preliminarily judge the operating system of the pinged host. The reason why we say "preliminary judgment" is because this value can be modified. Here TTL=32 means that the operating system may be Win98.

(Tips: If TTL=128, the target host may be Win2000; if TTL=250, the target host may be Unix)

As for using the ping command to quickly find LAN faults, quickly search for the fastest QQ server, and launch ping attacks on others...it all depends on your own efforts.

2. nBTstat

This command uses NetBIOS over TCP/IP to display protocol statistics and current TCP/IP connections. Using this command you can get the NETBIOS information of the remote host, such as user name, workgroup, MAC address of the network card, etc. Here we need to understand several basic parameters.

• -a Using this parameter, as long as you know the machine name of the remote host, you can get its NETBIOS information (the same below).
• -A This parameter can also get the NETBIOS information of the remote host, but you need to know its IP.
• -n List the NETBIOS information of the local machine.

Once we get the other party's IP or machine name, we can use the nBTstat command to further obtain the other party's information, which increases our insurance factor for intrusion.

3.netstat

This is a command used to view the network status. It is easy to operate and powerful.

• -a View all open ports of the local machine, which can effectively detect and prevent Trojans, and know the services opened by the machine and other information.

Here we can see that the local machine has open FTP service, Telnet service, mail service, WEB service, etc. Usage: netstat -a IP.

• -r lists the current routing information, telling us the local machine's gateway, subnet mask, etc. Usage: netstat -r IP.

4. tracert

Tracking routing information: This command can be used to find out all the paths that data takes from the local machine to the target host, which is very helpful for us to understand the network layout and structure. See Figure 5.

This means that the data is transmitted from the local machine to the machine at 192.168.0.1 without any transfer in between, which means that the two machines are in the same LAN. Usage: tracert IP.

5.net

This command is the most important one among network commands. You must thoroughly master the usage of each of its subcommands because its functions are so powerful. It is simply the best intrusion tool provided by Microsoft for us. First, let's take a look at its subcommands. Type net /? and press Enter.

Here, we focus on several sub-commands commonly used in intrusion.

1. net view

Use this command to view all shared resources of the remote host. The command format is net view \IP.

2. net use

Map a shared resource of the remote host to a local drive letter. The graphical interface is easy to use. The command format is net use x: \IP\sharename. The above one means mapping the shared directory named magic of 192.168.0.5IP to the local Z drive. The following one means establishing an IPC$ connection with 192.168.0.7 (net use \IP\IPC$ "password" /user:"name"),

After establishing the IPC$ connection, you can upload files: copy nc.exe \192.168.0.7\admin$, which means transferring nc.exe in the local directory to the remote host. Combined with other DOS commands to be introduced later, you can implement the intrusion.

3. net start

Use it to start the service on the remote host. After you establish a connection with the remote host, if you find that its service is not started, and you want to use this service, what should you do? Use this command to start it. Usage: net start servername, as shown in Figure 9, the telnet service is successfully started.

4. net stop

What should you do if you find that a service on the remote host is getting in the way after intrusion? Just use this command to stop it. The usage is the same as net start.

5. net user

View the situations related to the account, including creating a new account, deleting an account, viewing a specific account, activating an account, disabling an account, etc. This is very beneficial for our intrusion, and most importantly, it provides the premise for us to clone the account. Type net user without parameters to view all users, including those that have been disabled. The following explains them separately.

• net user abcd 1234 /add, creates a new account with the user name abcd and the password 1234, and is a member of the user group by default.
• net user abcd /del, delete the user named abcd.
• net user abcd /active:no disables the user named abcd.
• net user abcd /active:yes, activates the user named abcd.
• net user abcd, view the user named abcd

6. net localgroup

View all information related to user groups and perform related operations. Type net localgroup without parameters to list all current user groups. In the process of intrusion, we usually use it to upgrade a certain account to an administrator group account, so that we can control the entire remote host with this account. Usage: net localgroup groupname username /add.

Now we add the newly created user abcd to the administrator group. At this time, the abcd user is already a super administrator. Haha, you can use net user abcd to check his status. You can see it by comparing it with Figure 10. But this is too obvious. The network administrator can leak the flaws as soon as he sees the user's status. Therefore, this method can only be used against rookie network administrators, but we still need to know. The current means are to use other tools and means to clone a super administrator that the network administrator cannot see. This is a later story. Interested friends can refer to the article "Analysis of Long Account from Shallow to Deep" in the 30th issue of "Hacker Defense Line".

7. Net time

This command can check the current time of the remote host. If your goal is just to enter the remote host, then you may not need this command. But if the simple intrusion is successful, is it just to see? We need to penetrate further. We even need to know the current time of the remote host, because using time and other means (which will be discussed later) can achieve the scheduled start of a certain command and program, laying a good foundation for our further intrusion. Usage: net time \IP.

Six, at

This command is used to schedule a specific command or program to be executed at a specific date or time (do you know the importance of net time?). When we know the current time of the remote host, we can use this command to let it execute a program or command at a later time (for example, 2 minutes later). Usage: at time command \computer.

It means that at 6:55, the computer named a-01 will start the telnet service (here net start telnet is the command to start the telnet service).

7. FTP

You should be familiar with this command, right? There are many open FTP hosts on the Internet, and a large part of them are anonymous, which means anyone can log in. Now if you scan a host with open FTP service (usually a machine with port 21 open), what should you do if you don't know how to use the FTP command? The following is a basic method of using the FTP command.

First, type ftp in the command line and press Enter. The ftp prompt will appear. At this time, you can type "help" to view the help (this method can be used to view the help for any DOS command).

You may have noticed that you are wondering how to use so many commands. In fact, you don’t need so many commands. It is enough to master a few basic ones.

The first step is the login process, which requires the use of open. Simply enter "open host IP ftp port" under the ftp prompt and press Enter. The default port is usually 21, so you don't have to write it. Next, enter a valid username and password to log in. Here we take anonymous ftp as an example.

The username and password are both ftp, and the password is not displayed. When the prompt **** logged in appears, it means that the login is successful. Because it is an anonymous login, the user is displayed as Anonymous.

Next, we will introduce how to use specific commands.

• Dir is the same as the DOS command, which is used to view the files on the server. Just type dir and press Enter to view the files on this Ftp server.
• cd into a folder.
• get Downloads a file to your local machine.
• put uploads files to the remote server. This depends on whether the remote FTP server has given you write permissions. If it does, I won't say much about how to use it. Just use it as you like.
• delete Delete files on the remote FTP server. You must also ensure that you have write permissions.
• bye Exit the current connection.
• quit Same as above.

8. Telnet

Powerful remote login command, almost all intruders like to use it, and it works every time. Why? It is easy to operate, just like using your own machine. As long as you are familiar with DOS commands, after successfully connecting to the remote machine as an administrator, you can use it to do everything you want. Here is how to use it. First, type telnet and press Enter, then type help to view its help information.

Then type open IP at the prompt and press Enter. A login window will appear, asking you to enter a valid username and password. Any password entered here will not be displayed.

When the username and password are correct, the telnet connection is successfully established. At this time, you have the same permissions as this user on the remote host, and you can use DOS commands to do what you want. Here I use the super administrator privileges to log in.

So far, the introduction of network DOS commands has come to an end. The purpose of this introduction is just to give a novice network administrator an impression and let him know the importance of being familiar with and mastering network DOS commands. In fact, there are far more DOS commands related to the network. This is just a starting point, hoping to be helpful to the majority of novice network administrators. Learning DOS well is very helpful for being a good network administrator, especially mastering some network DOS commands.

In addition, everyone should know that anyone who wants to enter the system must have a valid username and password (input method loopholes are almost extinct). Even if you only have a small permission to the account, you can use it to achieve the ultimate goal. Therefore, resolutely eliminating empty passwords and adding a strong password to your account is the best way to defend against weak password intrusions.

Finally, I sincerely say that cultivating a good safety awareness is the most important thing.