Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Gargoyle Security>netstat-a 'netstat-a' is not recognized as an internal or external command, operable program or batch file. C:\Documents and Settings\Gargoyle Security>netstat a Displays protocol statistics and current TCP/IP network connections. NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval] -a Displays all connections and listening ports. -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions. -e Displays Ethernet statistics. This may be combined with the -s option. -n Displays addresses and port numbers in numerical form. -o Displays the owning process ID associated with each connection. -p proto Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default. -v When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables. interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once. C:\Documents and Settings\Gargoyle Security>netstat -a Active Connections Proto Local Address Foreign Address State TCP Gargoyle2:echo Gargoyle2:0 LISTENING TCP Gargoyle2:discard Gargoyle2:0 LISTENING TCP Gargoyle2:daytime Gargoyle2:0 LISTENING TCP Gargoyle2:qotd Gargoyle2:0 LISTENING TCP Gargoyle2:chargen Gargoyle2:0 LISTENING TCP Gargoyle2:smtp Gargoyle2:0 LISTENING TCP Gargoyle2:http Gargoyle2:0 LISTENING TCP Gargoyle2:epmap Gargoyle2:0 LISTENING TCP Gargoyle2:https Gargoyle2:0 LISTENING TCP Gargoyle2:microsoft-ds Gargoyle2:0 LISTENING TCP Gargoyle2:990 Gargoyle2:0 LISTENING TCP Gargoyle2:1025 Gargoyle2:0 LISTENING TCP Gargoyle2:1027 Gargoyle2:0 LISTENING TCP Gargoyle2:1801 Gargoyle2:0 LISTENING TCP Gargoyle2:2103 Gargoyle2:0 LISTENING TCP Gargoyle2:2105 Gargoyle2:0 LISTENING TCP Gargoyle2:2107 Gargoyle2:0 LISTENING TCP Gargoyle2:3389 Gargoyle2:0 LISTENING TCP Gargoyle2:5800 Gargoyle2:0 LISTENING TCP Gargoyle2:5900 Gargoyle2:0 LISTENING TCP Gargoyle2:10172 Gargoyle2:0 LISTENING TCP Gargoyle2:netbios-ssn Gargoyle2:0 LISTENING TCP Gargoyle2:3917 pv-in-f147.google.com:http CLOSE_WAIT TCP Gargoyle2:4408 cf-in-f147.google.com:http CLOSE_WAIT TCP Gargoyle2:4409 pv-in-f104.google.com:http CLOSE_WAIT TCP Gargoyle2:4612 ns10.webmasters.com:pop3 TIME_WAIT TCP Gargoyle2:4613 biltech.com.mx:pop3 TIME_WAIT TCP Gargoyle2:1028 Gargoyle2:0 LISTENING TCP Gargoyle2:1057 Gargoyle2:0 LISTENING TCP Gargoyle2:1063 Gargoyle2:0 LISTENING TCP Gargoyle2:1067 Gargoyle2:0 LISTENING TCP Gargoyle2:5679 Gargoyle2:0 LISTENING TCP Gargoyle2:7438 Gargoyle2:0 LISTENING TCP Gargoyle2:echo Gargoyle2:0 LISTENING 0 TCP Gargoyle2:discard Gargoyle2:0 LISTENING 0 TCP Gargoyle2:daytime Gargoyle2:0 LISTENING 0 TCP Gargoyle2:qotd Gargoyle2:0 LISTENING 0 TCP Gargoyle2:chargen Gargoyle2:0 LISTENING 0 TCP Gargoyle2:epmap Gargoyle2:0 LISTENING 0 TCP Gargoyle2:990 Gargoyle2:0 LISTENING 0 TCP Gargoyle2:1025 Gargoyle2:0 LISTENING 0 TCP Gargoyle2:1027 Gargoyle2:0 LISTENING 0 TCP Gargoyle2:2103 Gargoyle2:0 LISTENING 0 TCP Gargoyle2:2105 Gargoyle2:0 LISTENING 0 TCP Gargoyle2:2107 Gargoyle2:0 LISTENING 0 TCP Gargoyle2:5679 Gargoyle2:0 LISTENING 0 UDP Gargoyle2:echo *:* UDP Gargoyle2:discard *:* UDP Gargoyle2:daytime *:* UDP Gargoyle2:qotd *:* UDP Gargoyle2:chargen *:* UDP Gargoyle2:snmp *:* UDP Gargoyle2:microsoft-ds *:* UDP Gargoyle2:isakmp *:* UDP Gargoyle2:1026 *:* UDP Gargoyle2:1029 *:* UDP Gargoyle2:1030 *:* UDP Gargoyle2:1324 *:* UDP Gargoyle2:1394 *:* UDP Gargoyle2:2925 *:* UDP Gargoyle2:3259 *:* UDP Gargoyle2:3456 *:* UDP Gargoyle2:3527 *:* UDP Gargoyle2:4500 *:* UDP Gargoyle2:ntp *:* UDP Gargoyle2:netbios-ns *:* UDP Gargoyle2:netbios-dgm *:* UDP Gargoyle2:router *:* UDP Gargoyle2:1900 *:* UDP Gargoyle2:ntp *:* UDP Gargoyle2:1900 *:* UDP Gargoyle2:2261 *:* UDP Gargoyle2:2766 *:* UDP Gargoyle2:3383 *:* UDP Gargoyle2:3911 *:* UDP Gargoyle2:4060 *:* UDP Gargoyle2:echo *:* UDP Gargoyle2:discard *:* UDP Gargoyle2:daytime *:* UDP Gargoyle2:qotd *:* UDP Gargoyle2:chargen *:* C:\Documents and Settings\Gargoyle Security> For those of us stuck on Win boxes there's always the annoying necessity of dependance on a GUI. Most Win based programs explicitly require interaction with icons, mouse clicks, and pretty buttons. What most Windows users don't realize is that there is a host of functionality hidden at the command line prompt. Cleverly hidden, its even difficult to get to a command prompt from Win desktops. I've gone ahead and added a shortcut to the DOS prompt to my desktop. Although Windows 2000 makes this slightly easier by offering 'Command Line' in the Start menu, this prompt may be cryptic for the inexperienced. For instance, did you know that you can FTP from a DOS prompt? Not just one file at a time, but whole directories? The sad situation of affairs is that most of this functionality goes unused by the majority of Windows users, and this is understandable. I haven't been able to find a single good book outlining DOS commands. Sure, I've got the 1,000 page MS-DOS manual on my desk (you can get those pretty cheap these days), but even these manuals don't outline the vast majority of commands I use from a DOS prompt in any understandable way. The following is a list of DOS commands I use at a command prompt regularly, and a short synopsis of their common usages. Please feel free to write and let me know if there are any I forgot. As the purpose of Hack In The Box is to free information, and I feel this is information that vitally needs to be free, any reader tips would be greatly appreciated. Well, enough of the smarmy intro, here's the guts: Dir This command is used to display a directory's contents. We're probably all familiar with this handy gem. The problem with 'dir' is that if you're listing a long directory, then the contents scroll quickly across the screen and disappear, and since there is no scroll bar at the command prompt are lost. In order to view a long directory one screen at a time, try 'dir | more'. This will splash out one screen-full at a time so you can actually examine the directories contents. * is the wildcard for dir, so to find all the files or folders in a directory starting with 'a', try 'dir a*'. To find a sequence in the name of any of the files or folders in a directory try 'dir | find "dir"', this will find any files or folders with the sequence 'dir' in their names. Lets say, however, that you would like to sort this list alphabetically. Try 'dir | find "dir" | sort' and you will get an alphabetically sorted list. Ping This is actually a small program found in c:windows by default. Ping is used to send packets of data to a destination and measure their time of travel and loss. Since this is such a handy tool it may be useful to actually give you the usage and options available in ping as provided by the program itself: Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] destination-list Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Br To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet. -i TTL Time To Live. -v TOS Type Of Service. -r count Record route for count hops. -s count Timestamp for count hops. -j host-list Loose source route along host-list. -k host-list Strict source route along host-list. -w timeout Timeout in milliseconds to wait for each reply. This one is pretty similar to the *nix command of the same name, only if you simply type 'ping hackinthepox.org' you will only transmit 4 32 bit packets (the default settings). Ping is also useful because if you don't know an IP address for a domain, you can simply ping the domain and the IP will be displayed ('ping hackinthebox.org' shows that Hack In The Box is at 203.106.21.47). Tracert Ah yes, the infamous traceroute does have a DOS manifestation. The official usage and options are as follows: Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name Options: -d Do not resolve addresses to hostnames. -h maximum_hops Maximum number of hops to search for target. -j host-list Loose source route along host-list. -w timeout Wait timeout milliseconds for each reply. Tracert is useful for trying to figure out if an IP is in a subnet. Now, because of the internet's distributed architecture, the packets traced by tracert won't always take the same route, but by examining the last few hops to a destination you can usually figure out where a target is located, or a target's ISP. It is useful to note that tracert will fail if packets time out 3 times consecutively. The last few steps in tracert from my IP to hackinthebox.org are as follows: 12 488 ms * * 202.188.144.98 13 484 ms * * klj01-ether0-0.tm.net.my [202.188.4.33] 14 487 ms 502 ms * 202.178.23.5 15 501 ms 506 ms 517 ms 202.178.23.12 16 525 ms 518 ms * hackinthebox.org [203.106.21.47] 17 521 ms * 517 ms hackinthebox.org [203.106.21.47] so it's a good bet that hackinthebox.org has something to do with klj01-ether0-0.tm.net.my. Ipconfig This handy little command is used for windows IP configuration. The parameters are as follows: Windows 98 IP Configuration Command line options: /All - Display detailed information. /Batch [file] - Write to file or ./WINIPCFG.OUT /renew_all - Renew all adapters. /release_all - Release all adapters. /renew N - Renew adapter N. /release N - Release adapter N. This command is extremely useful for figuring out the IP address of the machine you're sitting on, whether its not your usual terminal or you get a dynamically assigned IP address. Netstat This command lists open ports on you computer, the protocols being used, the port's local address, any foreign connections to that port, and the state of the port. This one is handy for figuring out if anyone whom you don't know is connected to your computer, or if a certain connection is established, syncing or waiting. The official usage, etc. is as follows: NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval] -a Displays all connections and listening ports. -e Displays Ethernet statistics. This may be combined with the -s option. -n Displays addresses and port numbers in numerical form. -p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once. FTP The built in DOS command line file transfer program. This baby has come in handy so many times I couldn't even begin to tell you. Simply type in ftp somewhere.com and you're off. The commands available under the DOS ftp can be found by issuing the 'help' command once inside the ftp program. For information's sake though, here they are: Commands may be abbreviated. Commands are: ! delete literal prompt send ? debug ls put status append dir mdelete pwd trace ascii disconnect mdir quit type bell get mget quote user binary glob mkdir recv verbose bye hash mls remotehelp cd help mput rename close lcd open rmdir You'll notice a lot of similarity here to *nix commands. I find 'get' and 'put' to be the most commonly used. For instance, say I want to get a file through FTP from hackinthebox.org. I simply type in 'ftp hackinthebox.org' and when prompted enter my username and password. It is important to note that whenever you initiate an ftp from the DOS command line you're operating out of the directory in DOS in which you initiated the FTP. For instance, if I issue an FTP command from C:Windows: Then all the files I 'get' will end up in the Windows directory, and I will not be able to 'put' any files from my hard drive onto the host machine (hackinthebox.org for instance) except those that are in my Windows directory. I find it most useful to FTP from the C: directory. Telnet While this is actually a DOS command to launch the external Windows based Telnet program (found in C:Windows by default), you can issue optional arguments to telnet from the DOS prompt. For instance, if you wish to telnet to a port other than 23, you can issue that command at the prompt. For instance, if I wish to telnet to Hack In The Box's SMTP port I can issue 'telnet hackinthebox.org 25'. There is a bit of help offered in the telnet program itself, so I won't go into detail here. The last few commands I've got are programs found on a Windows boot disk, but are enormously helpful. These two are the format command and the fdisk command. Format will actually launch format.com, found again in C:WindowsCommand by default. Format can be used to format a drive and essentially wipe it clean (good for rebuilding a machine). Fdisk is another beautiful tool found in C:WindowsCommand. This is the DOS disk-partitioning tool (very handy when dual partitioning). Since fdisk is a fairly extensive program and has its own help section I won't go into any more detail than to mention it and tell you that it is really handy to know how to use (you should check it out if you never have before, simply issue 'fdisk' at the command prompt and poke around the program, it will alert you if you are about to do anything bad and won't actually mess with your partitions unless you direct it to). Well those are my top 9 commands to use at a DOS prompt, perhaps some of you will write me and let me know what the last command is in the DOS top 10. Take care and enjoy. ipconfig /displaydns ipconfig /displaydns ipconfig /displaydns