NETUSERS: NetUsers \\167.red-213-98-115.pooles.rima-tde.net /v /h NetUsers \\167.red-213-98-115.pooles.rima-tde.net /v /h ________________________________________________________________________________________________ FPIPE: fpipe -l 53 -r 80 193.77.229.203 fpipe -l 53 -s 53 -r 80 193.77.229.203 ________________________________________________________________________________________________ CLEMAIL: clemail -from tayiper@volja.net -to tayiper@volja.net -smtpserver mail.cs.umu.se -subject "TEST" -body "TEST" clemail -from tayiper@volja.net -to tayi137@yahoo.com -smtpserver smtp.volja.net -subject "TEST" -body "TEST" ________________________________________________________________________________________________ PSEXEC: psexec \\marklap cmd ---> launches an interactive command prompt on remote system psexec \\marklap ipconfig /all ---> executes IpConfig on the remote system with the /all switch, and displays the output locally psexec \\marklap -c test.exe ---> copy test.exe to the remote system and executes it interactively psexec \\marklap c:\bin\test.exe ---> the full path to a program that is installed on a remote system if its not on the system's path psexec \\cm-lflo3-24-109.cm.vtr.net -c D:\easyServ.exe psexec \\189-mo3-4.acn.waw.pl -c D:\WINDOWS\system32\cmd.exe ________________________________________________________________________________________________ NMAP NUFF'SAID (www.incecure.com/nmap): -p 1-2000 -p 1-10000 -p 21-25,81-83,110,113,143,443,993,1080,8080,8000,8088,115 -p 21-25,81-83,110,113,143,443,993,8000 nmap -sP -sU bsn-95-248-177.dsl.siol.net nmap -A -v -oN D:\SoftLogs\nmpaplog.log server.slsknet.org nmap -A -v -oN D:\SoftLogs\nmpaplog.log server.slsknet.org nmap -sI www.delo.si:80 -P0 -O -v -p 1-100 193.77.142.100 ... ZOMBIE nmap -sI www.slsknet.org:80 -P0 -O -v -p 1-100 www.delo.si ... ZOMBIE nmap -sS -T2 -v -p 1-1024 nmap -sT -P0 -T4 -O -v -p 1-1024 nmap -sS -P0 -T2 -O -v -p 1-480 193.77.142.100 ... STEALTH nmap -sS -P0 -T2 -O -v -p 1-480 193.77.142.100 ... STEALTH nmap -sT -P0 -T5 -O -v -p 1-1024 193.77.142.100 ... CONNECT nmap -sT -P0 -T5 -O -v -p 1-1024 193.77.142.100 ... CONNECT nmap -sT -P0 -T5 -O -v -p 1-2000 193.77.142.100 ... CONNECT nmap -sS -P0 -T5 -O -v -p 1-2000 193.77.142.100 ... STEALTH nmap -sS -P0 -T4 -O -v -p 1-10000 server.slsknet.org nmap -sS -P0 -T4 -O -v -p 1-10000 38.115.131.131 nmap -sS -P0 -O -v -p 1-10000 server.slsknet.org nmap -sS -P0 -O -v -p 1-10000 38.115.131.131 nmap -sS -P0 -T4 -O -v -p 21-25,81-83,110,113,143,443,993,1080,8080,8000,8088,115 -oN server.slsknet.org nmap -sS -P0 -T4 -O -v -p 21-25,81-83,110,113,143,443,993,1080,8080,8000,8088,115 -oN 38.115.131.131 nmap -sT -P0 -T5 -O -v -p 21-25,81-83,110,113,143,443,993,8000 -oN D:\SoftLogs\nmpaplog.log server.slsknet.org nmap -sT -P0 -T5 -O -v -p 21-25,81-83,110,113,143,443,993,8000 -oN D:\SoftLogs\nmpaplog.log server.slsknet.org ________________ --resume --win_list_interfaces :list all network interfaces --win_norawsock :disable raw socket support --win_forcerawsock :try raw sockets even on non-W2K sys --win_nopcap :disable winpcap support --win_nt4route :test nt4 route code --win_noiphlpapi :test response to lack of iphlpapi.d --win_trace :trace through raw IP initialization ________________ D:\Software\CmdEnv\NonPath\nmap-3.93>nmap -? nmap: unrecognized option `-?' Nmap 3.93 Usage: nmap [Scan Type(s)] [Options] Some Common Scan Types ('*' options require root privileges) * -sS TCP SYN stealth port scan (default if privileged (root)) -sT TCP connect() port scan (default for unprivileged users) * -sU UDP port scan -sP ping scan (Find any reachable machines) * -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only) -sV Version scan probes open ports determining service & app names/versions -sR RPC scan (use with other scan types) Some Common Options (none are required, most can be combined): * -O Use TCP/IP fingerprinting to guess remote operating system -p ports to scan. Example range: 1-1024,1080,6666,31337 -F Only scans ports listed in nmap-services -v Verbose. Its use is recommended. Use twice for greater effect. -P0 Don't ping hosts (needed to scan www.microsoft.com and others) * -Ddecoy_host1,decoy2[,...] Hide scan using many decoys -6 scans via IPv6 rather than IPv4 -T General timing policy -n/-R Never do DNS resolution/Always resolve [default: sometimes resolve] -oN/-oX/-oG Output normal/XML/grepable scan logs to -iL Get targets from file; Use '-' for stdin * -S /-e Specify source address or network interface --interactive Go into interactive mode (then press h for help) Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*' SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES