Professional Documents
Culture Documents
CMD Commands, Also Used For Hacking Into Victims System: Quote
CMD Commands, Also Used For Hacking Into Victims System: Quote
Victims System
In case you don't know some of them, then just type the command on CMD and hit enter. A little help will
show up in your screen. Read it and understand what the command does.
Lets start easy...
1) ping : This command will allow you to know if the host you pinging is alive, which means if it is up at the
time of executing the "ping" command.
ping x.x.x.x (x is the IP address)
or
ping http://www.whatever.com/ (www.whatever.com is the website you want to ping, but you don't know
the IP)
OBS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host
down.
2) nslookup : This command has many functionalities.
One is for resolving DNS into IP.
Lets say you know the website URL but you don't know its IP(and you want to find out).
nslookup
Code:
www.whatever.com
(www.whatever.com is the website you want to find out the IP)
Now, another really nice function of nslookup is to find out IP of specific Mail Severs.
nslookup (enter)
set type=mx (enter)
yahoo.com
This command will give you the mail server IP of yahoo.com. You can use whatever server you want and
if it is listed on DNS, then you get the IP. Simple, isn't it?
OK, now why would you want to have an IP of a mail server?
To send spoofed mail to your friends or even for SE.
In case you looking for "How to spoof email", then look for my "How to spoof email tutorial"
Code:
http://www.infowar.com/forums/showthread.php?s=&threadid=2360
3) tracert : This command will give you the hops that a packet will travel to reach its final destination.
OBS: This command is good to know the route a packet takes before it goes to the target box.
tracert x.x.x.x (x is the IP address)
or
tracert http://www.whatever.com/ (www.whatever.com is the website you don't know the IP)
4) arp : This command will show you the arp table. This is good to know if someone is doing arp
poisoning in your LAN.
arp -a
5) route : This command will show you the routing table, gateway, interface and metric.
route print
6) ipconfig : This command will show tons of very helpful things.
Your IP, gateway, dns in use.
ipconfig
or
ipconfig /all
this command will give all that info but for all networks you might have it.
Also, in case you have a dynamic IP and want to change it, then type...
Command Help..!!
C:\>nslookup
*** Default servers are not available
Server: UnKnown
Address: 127.0.0.1
*** UnKnown can't find /?: No response from server
C:\>net view
The syntax of this command is:
NET VIEW
[\\computername [/CACHE] | /DOMAIN[:domainname]]
NET VIEW /NETWORK:NW [\\computername]
C:\>net use
The syntax of this command is:
NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
[/USER:[domainname\]username]
[/USER:[dotted domain name\]username]
[/USER:[username@dotted domain name]
[/SMARTCARD]
[/SAVECRED]
[[/DELETE] | [/PERSISTENT:{YES | NO}]]
NET USE {devicename | *} [password | *] /HOME
NET USE [/PERSISTENT:{YES | NO}]
C:\>net user
The syntax of this command is:
NET USER
[username [password | *] [options]] [/DOMAIN]
username {password | *} /ADD [options] [/DOMAIN]
username [/DELETE] [/DOMAIN]
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name
Options:
-t
-a
-n count
-l size
-f
-i TTL
-v TOS
-r count
-s count
-j host-list
-k host-list
-w timeout
C:\>tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d
Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list
Loose source route along host-list.
-w timeout
Wait timeout milliseconds for each reply.
C:\>arp
Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).
ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]
-a
-g
inet_addr
-N if_addr
-d
-s
eth_addr
if_addr
Example:
> arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry.
> arp -a
.... Displays the arp table.
C:\>route
Manipulates network routing tables.
ROUTE [-f] [-p] [command [destination]
[MASK netmask] [gateway] [METRIC metric] [IF interface]
-f
-p
command
destination
MASK
netmask
gateway
interface
METRIC
When used with the ADD command, makes a route persistent across
boots of the system. By default, routes are not preserved
when the system is restarted. Ignored for all other commands,
which always affect the appropriate persistent routes. This
option is not supported in Windows 95.
One of these:
PRINT
Prints a route
ADD
Adds
a route
DELETE
Deletes a route
CHANGE
Modifies an existing route
Specifies the host.
Specifies that the next parameter is the 'netmask' value.
Specifies a subnet mask value for this route entry.
If not specified, it defaults to 255.255.255.255.
Specifies gateway.
the interface number for the specified route.
specifies the metric, ie. cost for the destination.
All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.
If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argument may be omitted.
If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination
routes are printed. The '*' matches any string, and '?' matches any one char. Examples:
157.*.1, 157.*, 127.*, *224*.
Diagnostic Notes:
Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
The route addition failed: The specified mask parameter is invalid.
(Destination & Mask) != Destination.
Examples:
> route
> route
PRINT
ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
destination^
^mask
^gateway metric^
^
Interface^
If IF is not given, it tries to find the best interface for a given gateway.
> route
PRINT
> route
PRINT 157*
.... Only prints those matching 157*
> route
CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2
CHANGE is used to modify gateway and/or metric only.
> route
PRINT
> route
DELETE 157.0.0.0
> route
PRINT
C:\>nbtstat
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT
-a (adapter status)
-A (Adapter status)
C:\>netstat
Displays protocol statistics and current TCP/IP network connections.
NETSTAT
-a
-b
[-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
Displays all connections and listening ports.
Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient permissions.
-e
-n
-o
-p proto
-r
-s
-v
interval
C:\>ipconfig
USAGE:
ipconfig
where
adapter
Options:
/?
/all
/release
/renew
/flushdns
/registerdns
/displaydns
/showclassid
/setclassid
Connection name
(wildcard characters * and ? allowed, see examples)
Display this help message
Display full configuration information.
Release the IP address for the specified adapter.
Renew the IP address for the specified adapter.
Purges the DNS Resolver cache.
Refreshes all DHCP leases and re-registers DNS names
Display the contents of the DNS Resolver Cache.
Displays all the dhcp class IDs allowed for adapter.
Modifies the dhcp class id.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig
> ipconfig /all
> ipconfig /renew
> ipconfig /renew EL*
> ipconfig /release *Con*