CMD Commands , Also Used For Hacking Into

Victims System

Useful Things to do on CMD!

First, open your Network Connection and right click and select Properties. Then Select TCP/IP and click
on Properties again. Now Click on Advanced and WINS tab. Select Default for NeBIOS.
Now back to the main Local Area Connection window, select File and Print Sharing for Microsoft Networks
and hit enter.
This is just to make sure you have NetBIOS enabled. We will have some fun with NetBIOS on CMD.
First thing you need to know is some very helpfull commands to use on CMD(Command Prompt).
In case you don't know how to get CMD open in your box, then click on Start, then Run, then type "cmd"
(no quotes, off course... you know the drill).
Back to commands:
Quote:
nslookup
net view
net use
net user
ping
tracert
arp
route
nbtstat
netstat
ipconfig

In case you don't know some of them, then just type the command on CMD and hit enter. A little help will
show up in your screen. Read it and understand what the command does.
Lets start easy...
1) ping : This command will allow you to know if the host you pinging is alive, which means if it is up at the
time of executing the "ping" command.
ping x.x.x.x (x is the IP address)
or
ping http://www.whatever.com/ (www.whatever.com is the website you want to ping, but you don't know
the IP)
OBS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host

down.
2) nslookup : This command has many functionalities.
One is for resolving DNS into IP.
Lets say you know the website URL but you don't know its IP(and you want to find out).
nslookup
Code:
www.whatever.com
(www.whatever.com is the website you want to find out the IP)
Now, another really nice function of nslookup is to find out IP of specific Mail Severs.
nslookup (enter)
set type=mx (enter)
yahoo.com
This command will give you the mail server IP of yahoo.com. You can use whatever server you want and
if it is listed on DNS, then you get the IP. Simple, isn't it?
OK, now why would you want to have an IP of a mail server?
To send spoofed mail to your friends or even for SE.
In case you looking for "How to spoof email", then look for my "How to spoof email tutorial"
Code:
http://www.infowar.com/forums/showthread.php?s=&threadid=2360
3) tracert : This command will give you the hops that a packet will travel to reach its final destination.
OBS: This command is good to know the route a packet takes before it goes to the target box.
tracert x.x.x.x (x is the IP address)
or
tracert http://www.whatever.com/ (www.whatever.com is the website you don't know the IP)
4) arp : This command will show you the arp table. This is good to know if someone is doing arp
poisoning in your LAN.
arp -a
5) route : This command will show you the routing table, gateway, interface and metric.
route print
6) ipconfig : This command will show tons of very helpful things.
Your IP, gateway, dns in use.
ipconfig
or
ipconfig /all
this command will give all that info but for all networks you might have it.
Also, in case you have a dynamic IP and want to change it, then type...

ipconfig /release (this will release your IP)

ipconfig /renew (this will renew your iP)
OBS: Keep in mind that those commands will change your IP, but the new IP will still be tighed up to you.
So don't do anything stupid.
7) netstat : This command will show you connection to your box.
netstat
or
netstat -a (this will show you all the listening ports and connection with DNS names)
netstat -n (this will show you all the open connection with IP addresses)
netstat -an (this will combined both of the above)
8)nbtstat : This command will show you the netbios name of the target box.
nbtstat -A x.x.x.x (x is the IP address)
nbtstat -a computername
net view x.x.x.x or computername (will list the available sharing folders on the target box)
Now some hints:
net use \ipaddressipc$ "" /user:administrator
(this command will allow you to connect to the target box as administrator)
Now if you want to connect to the target box and browse the entire C drive, then use this command:
net use K: \computernameC$ (this will create a virtual drive on your "my computer" folder)
OBS: Keep in mind that this will only works if the target box doesn't have an administrator password set.
More info on NetBIOS hack look on my tutorial here:
Code:
http://www.infowar.com/forums/showthread.php?s=&threadid=2318

And least but not last, the "help" command.

whatevercommand /help
or
whatevercommand /?

Author by :- Manish Nishad

E-Mail:- money.nishad@gmail.com
Web Site:- www.themanish.tk

Command Help..!!

C:\>nslookup
*** Default servers are not available
Server: UnKnown
Address: 127.0.0.1
*** UnKnown can't find /?: No response from server

C:\>net view
The syntax of this command is:
NET VIEW
[\\computername [/CACHE] | /DOMAIN[:domainname]]
NET VIEW /NETWORK:NW [\\computername]

C:\>net use
The syntax of this command is:
NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
[/USER:[domainname\]username]
[/USER:[dotted domain name\]username]
[/USER:[username@dotted domain name]
[/SMARTCARD]
[/SAVECRED]
[[/DELETE] | [/PERSISTENT:{YES | NO}]]
NET USE {devicename | *} [password | *] /HOME
NET USE [/PERSISTENT:{YES | NO}]

 C:\>net user
The syntax of this command is:
NET USER
[username [password | *] [options]] [/DOMAIN]
username {password | *} /ADD [options] [/DOMAIN]
username [/DELETE] [/DOMAIN]

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name
Options:
-t
-a
-n count
-l size
-f
-i TTL
-v TOS
-r count
-s count
-j host-list
-k host-list
-w timeout

Ping the specified host until stopped.

To see statistics and continue - type Control-Break;
To stop - type Control-C.
Resolve addresses to hostnames.
Number of echo requests to send.
Send buffer size.
Set Don't Fragment flag in packet.
Time To Live.
Type Of Service.
Record route for count hops.
Timestamp for count hops.
Loose source route along host-list.
Strict source route along host-list.
Timeout in milliseconds to wait for each reply.

C:\>tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d
Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list
Loose source route along host-list.
-w timeout
Wait timeout milliseconds for each reply.

 C:\>arp
Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).
ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]
-a

Displays current ARP entries by interrogating the current

protocol data. If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed. If
more than one network interface uses ARP, entries for each ARP
table are displayed.
Same as -a.
Specifies an internet address.
Displays the ARP entries for the network interface specified
by if_addr.
Deletes the host specified by inet_addr. inet_addr may be
wildcarded with * to delete all hosts.
Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr. The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
Specifies a physical address.
If present, this specifies the Internet address of the
interface whose address translation table should be modified.
If not present, the first applicable interface will be used.

-g
inet_addr
-N if_addr
-d
-s

eth_addr
if_addr

Example:
> arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry.
> arp -a
.... Displays the arp table.

C:\>route
Manipulates network routing tables.
ROUTE [-f] [-p] [command [destination]
[MASK netmask] [gateway] [METRIC metric] [IF interface]
-f

Clears the routing tables of all gateway entries. If this is

used in conjunction with one of the commands, the tables are
cleared prior to running the command.

-p

command

destination
MASK
netmask
gateway
interface
METRIC

When used with the ADD command, makes a route persistent across
boots of the system. By default, routes are not preserved
when the system is restarted. Ignored for all other commands,
which always affect the appropriate persistent routes. This
option is not supported in Windows 95.
One of these:
PRINT
Prints a route
ADD
Adds
a route
DELETE
Deletes a route
CHANGE
Modifies an existing route
Specifies the host.
Specifies that the next parameter is the 'netmask' value.
Specifies a subnet mask value for this route entry.
If not specified, it defaults to 255.255.255.255.
Specifies gateway.
the interface number for the specified route.
specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.
If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argument may be omitted.
If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination
routes are printed. The '*' matches any string, and '?' matches any one char. Examples:
157.*.1, 157.*, 127.*, *224*.
Diagnostic Notes:
Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
The route addition failed: The specified mask parameter is invalid.
(Destination & Mask) != Destination.
Examples:
> route
> route

PRINT
ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
destination^
^mask
^gateway metric^
^
Interface^
If IF is not given, it tries to find the best interface for a given gateway.
> route
PRINT
> route
PRINT 157*
.... Only prints those matching 157*
> route
CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2
CHANGE is used to modify gateway and/or metric only.
> route
PRINT
> route
DELETE 157.0.0.0
> route
PRINT

C:\>nbtstat
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT

[ [-a RemoteName] [-A IP address] [-c] [-n]

[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a (adapter status)
-A (Adapter status)

Lists the remote machine's name table given its name

Lists the remote machine's name table given its
IP address.
-c (cache)
Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names)
Lists local NetBIOS names.
-r (resolved)
Lists names resolved by broadcast and via WINS
-R (Reload)
Purges and reloads the remote cache name table
-S (Sessions)
Lists sessions table with the destination IP addresses
-s (sessions)
Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh
RemoteName
IP address
interval

Remote host machine name.

Dotted decimal representation of the IP address.
Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.

C:\>netstat
Displays protocol statistics and current TCP/IP network connections.
NETSTAT
-a
-b

[-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
Displays all connections and listening ports.
Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option

can be time-consuming and will fail unless you have sufficient permissions.

-e
-n
-o
-p proto

-r
-s
-v
interval

Displays Ethernet statistics. This may be combined with the s option.

Displays addresses and port numbers in numerical form.
Displays the owning process ID associated with each connection.
Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
Displays the routing table.
Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

C:\>ipconfig
USAGE:
ipconfig

[/? | /all | /renew [adapter] | /release [adapter] |

/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] ]

where
adapter
Options:
/?
/all
/release
/renew
/flushdns
/registerdns
/displaydns
/showclassid
/setclassid

Connection name
(wildcard characters * and ? allowed, see examples)
Display this help message
Display full configuration information.
Release the IP address for the specified adapter.
Renew the IP address for the specified adapter.
Purges the DNS Resolver cache.
Refreshes all DHCP leases and re-registers DNS names
Display the contents of the DNS Resolver Cache.
Displays all the dhcp class IDs allowed for adapter.
Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and

default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig
> ipconfig /all
> ipconfig /renew
> ipconfig /renew EL*
> ipconfig /release *Con*

... Show information.

... Show detailed information
... renew all adapters
... renew any connection that has its
name starting with EL
... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"