CMD Commands , Also Used For Hacking Into

Victims System

Useful Things to do on CMD!

First, open your Network Connection and right click and select Properties. Then Select TCP/IP and click
on Properties again. Now Click on Advanced and WINS tab. Select Default for NeBIOS.

Now back to the main Local Area Connection window, select File and Print Sharing for Microsoft
Networks and hit enter.

This is just to make sure you have NetBIOS enabled. We will have some fun with NetBIOS on CMD.

First thing you need to know is some very helpfull commands to use on CMD(Command Prompt).

In case you don't know how to get CMD open in your box, then click on Start, then Run, then type "cmd"
(no quotes, off course... you know the drill).

Back to commands:

Quote:
nslookup
net view
net use
net user
ping
tracert
arp
route
nbtstat
netstat
ipconfig

In case you don't know some of them, then just type the command on CMD and hit enter. A little help will
show up in your screen. Read it and understand what the command does.

Lets start easy...

1) ping : This command will allow you to know if the host you pinging is alive, which means if it is up at the
time of executing the "ping" command.

ping x.x.x.x (x is the IP address)

or

ping http://www.whatever.com/ (www.whatever.com is the website you want to ping, but you don't know
the IP)

OBS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host
down.
2) nslookup : This command has many functionalities.
One is for resolving DNS into IP.
Lets say you know the website URL but you don't know its IP(and you want to find out).

nslookup
Code:
www.whatever.com
(www.whatever.com is the website you want to find out the IP)

Now, another really nice function of nslookup is to find out IP of specific Mail Severs.

nslookup (enter)
set type=mx (enter)
yahoo.com

This command will give you the mail server IP of yahoo.com. You can use whatever server you want and
if it is listed on DNS, then you get the IP. Simple, isn't it?

OK, now why would you want to have an IP of a mail server?

To send spoofed mail to your friends or even for SE.
In case you looking for "How to spoof email", then look for my "How to spoof email tutorial"
Code:
http://www.infowar.com/forums/showthread.php?s=&threadid=2360

3) tracert : This command will give you the hops that a packet will travel to reach its final destination.

OBS: This command is good to know the route a packet takes before it goes to the target box.

tracert x.x.x.x (x is the IP address)

or

tracert http://www.whatever.com/ (www.whatever.com is the website you don't know the IP)

4) arp : This command will show you the arp table. This is good to know if someone is doing arp
poisoning in your LAN.

arp -a

5) route : This command will show you the routing table, gateway, interface and metric.

route print

6) ipconfig : This command will show tons of very helpful things.

Your IP, gateway, dns in use.

ipconfig

or

ipconfig /all
this command will give all that info but for all networks you might have it.

Also, in case you have a dynamic IP and want to change it, then type...

ipconfig /release (this will release your IP)

ipconfig /renew (this will renew your iP)

OBS: Keep in mind that those commands will change your IP, but the new IP will still be tighed up to you.
So don't do anything stupid.

7) netstat : This command will show you connection to your box.

netstat

or

netstat -a (this will show you all the listening ports and connection with DNS names)
netstat -n (this will show you all the open connection with IP addresses)
netstat -an (this will combined both of the above)

8)nbtstat : This command will show you the netbios name of the target box.

nbtstat -A x.x.x.x (x is the IP address)

nbtstat -a computername

net view x.x.x.x or computername (will list the available sharing folders on the target box)

Now some hints:

net use \ipaddressipc$ "" /user:administrator

(this command will allow you to connect to the target box as administrator)

Now if you want to connect to the target box and browse the entire C drive, then use this command:

net use K: \computernameC$ (this will create a virtual drive on your "my computer" folder)

OBS: Keep in mind that this will only works if the target box doesn't have an administrator password set.
More info on NetBIOS hack look on my tutorial here:
Code:
http://www.infowar.com/forums/showthread.php?s=&threadid=2318

And least but not last, the "help" command.

whatevercommand /help

or

whatevercommand /?

Author by :- Manish Nishad

E-Mail:- money.nishad@gmail.com
Web Site:- www.themanish.tk
 Command Help…..!!

 C:\>nslookup
*** Default servers are not available
Server: UnKnown
Address: 127.0.0.1

*** UnKnown can't find /?: No response from server

 C:\>net view
The syntax of this command is:

NET VIEW
[\\computername [/CACHE] | /DOMAIN[:domainname]]
NET VIEW /NETWORK:NW [\\computername]

 C:\>net use
The syntax of this command is:

NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
[/USER:[domainname\]username]
[/USER:[dotted domain name\]username]
[/USER:[username@dotted domain name]
[/SMARTCARD]
[/SAVECRED]
[[/DELETE] | [/PERSISTENT:{YES | NO}]]

NET USE {devicename | *} [password | *] /HOME

NET USE [/PERSISTENT:{YES | NO}]

  C:\>net user
The syntax of this command is:

NET USER
[username [password | *] [options]] [/DOMAIN]
username {password | *} /ADD [options] [/DOMAIN]
username [/DELETE] [/DOMAIN]

 Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name

Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.

 C:\>tracert

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
  C:\>arp

Displays and modifies the IP-to-Physical address translation tables used by

address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]

ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]

-a Displays current ARP entries by interrogating the current

protocol data. If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed. If
more than one network interface uses ARP, entries for each ARP
table are displayed.
-g Same as -a.
inet_addr Specifies an internet address.
-N if_addr Displays the ARP entries for the network interface specified
by if_addr.
-d Deletes the host specified by inet_addr. inet_addr may be
wildcarded with * to delete all hosts.
-s Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr. The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
eth_addr Specifies a physical address.
if_addr If present, this specifies the Internet address of the
interface whose address translation table should be modified.
If not present, the first applicable interface will be used.
Example:
> arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry.
> arp -a .... Displays the arp table.

 C:\>route

Manipulates network routing tables.

ROUTE [-f] [-p] [command [destination]

[MASK netmask] [gateway] [METRIC metric] [IF interface]

-f Clears the routing tables of all gateway entries. If this is

used in conjunction with one of the commands, the tables are
cleared prior to running the command.
-p When used with the ADD command, makes a route persistent across
boots of the system. By default, routes are not preserved
 when the system is restarted. Ignored for all other commands,
which always affect the appropriate persistent routes. This
option is not supported in Windows 95.
command One of these:
PRINT Prints a route
ADD Adds a route
DELETE Deletes a route
CHANGE Modifies an existing route
destination Specifies the host.
MASK Specifies that the next parameter is the 'netmask' value.
netmask Specifies a subnet mask value for this route entry.
If not specified, it defaults to 255.255.255.255.
gateway Specifies gateway.
interface the interface number for the specified route.
METRIC specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,

(wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination

routes are printed. The '*' matches any string, and '?' matches any one char. Examples:
157.*.1, 157.*, 127.*, *224*.
Diagnostic Notes:
Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
The route addition failed: The specified mask parameter is invalid.
(Destination & Mask) != Destination.

Examples:

> route PRINT

> route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^
Interface^
If IF is not given, it tries to find the best interface for a given gateway.
> route PRINT
> route PRINT 157* .... Only prints those matching 157*
> route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2

CHANGE is used to modify gateway and/or metric only.

> route PRINT
> route DELETE 157.0.0.0
> route PRINT
C:\>nbtstat

Displays protocol statistics and current TCP/IP connections using NBT

(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]

[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh

RemoteName Remote host machine name.

IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.

 C:\>netstat

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

-a Displays all connections and listening ports.

-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient permissions.
 -e Displays Ethernet statistics. This may be combined with the –s option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

 C:\>ipconfig

USAGE:
ipconfig [/? | /all | /renew [adapter] | /release [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] ]

where
adapter Connection name
(wildcard characters * and ? allowed, see examples)

Options:
/? Display this help message
/all Display full configuration information.
/release Release the IP address for the specified adapter.
/renew Renew the IP address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and

default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid, if no ClassId is specified, then the ClassId is removed.

Examples:
> ipconfig ... Show information.
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"

NOTE:-