Windows Scripting Utilities Net Commands
Windows Scripting Utilities net CommandsTable of Contentsnet Commands . 2net Syntax . 3net Commands -1 . 4net Commands -2 . 6net Commands -3 . 7net config . 8net config workstation . 10net share . 11net view -1 . 13net view -2 . 14IPC . 15net use -1 . 17net use -2 . 18net use -3 . 21net use Examples . 22netsh . 23netsh – Command Mode -1 . 24netsh – Command Mode -2 . 26netsh – Command Mode -3 . 27netsh – Command Mode -4 . 28netsh – Batch Mode . 30Notices . 32Page 1 of 32
net Commandsnet CommandsUsed to update, fix and view basic computer and network settingsRun from the command prompt or in Batch filesMost useful for enumerating user accounts, groups and networkshares22**022 Okay. The net commands.These are native to Windows.They're essentially pretty much likeadmin, administrator tools, used toupdate, fix and view your basiccomputer and your network settingsand scan. These all run from thecommand-line interface and thereforeyou can put them into your Batch file,so that's great. And this says mostuseful for enumerating the accountsand groups and such, but actually,there's a ton of things this can do, asyou'll see here shortly.Page 2 of 32
net Syntaxnet SyntaxTo see the list of available options – “net /?”Help for each net command – “net help command”23**023 So just starting out, if youwant to look up what it's NET andsomething else, NET accounts, NETcomputer. If you want to see thatlist, you can do the /?. Yeah, similarto xcopy. But you can also just doNET actually, if you just type NET.It'll do the exact same thing. It'llgive you that listing right there. Andthen if you do the NET HELP, andthen you put the actual subtopic orcategory that you'd like to get moreinformation on, like VIEW in thiscase, it'll just, it'll give you the usageand it'll also give you a little bit moredetail on what the options of theflags might be. And there, as youcan see, there are quite a few ofPage 3 of 32
them, and they're very helpful.They're meant to be for theadministrator to be able to seethings, to be able to adjust things,change things. So very powerful intaking the red/pentester side of me,we can use these for many not so onthe up side things to do also, so.net Commands -1net Commands -1Many of these require Elevated Permissions to view or modify!net accounts – update user account database, modify passwordsand login requirementsnet computer – adds or deletes computers from the domainnet file – display a list of open shared filesnet group – add, delete, view groups (only works on DomainControllers)24**024 Okay. One thing about manyof these commands is that you willneed elevated privileges to do itbecause they expect that anadministrator's the one who's goingto want to stop a process or see a listof maybe group users or somethinglike that. Obviously someone thatPage 4 of 32
has those kind of privileges, so it kindof defaults to that. So if you don'thave those, a lot of times if you goback to your work computer back atyour office and you try some of thesecommands, they'll say access deniedand you won't be able to get atthem, because your privileges aren'thigh enough. So if you're going touse these, especially in yourscripting, make sure that the useraccount that you are running it fromhas high enough privileges. Okay?So accounts. Update user accountdatabase, modify passwords andlogin stuff. Net computer. This hasto be with computers on a domain.So if you have a small non-domain,there's no domain controller runningit, then this won't help you. It letsyou add and delete computers to andfrom the domain. Net file displaysopen file shares, which is pretty nice.And net group lets you view groupsand lets you add or subtract fromthat group. But once again, this is,this one only works on domaincontrollers itself, so you have to do iton a DC.Page 5 of 32
net Commands -2net Commands -2net localgroup – add, delete, view local and network groupsnet session – display, delete sessions connected to the computernet statistics – display network statisticsnet time – display time and date of another network computer25**025 So the net localgroup, unlikenet group, will work on the localmachine. It'll also work on networkgroups as well, if it is connected to adomain. So you can add and delete.Net session allows you to see all thesessions connected to a particularmachine. And also lets you shut itdown if you have the privileges to doso.If you want to look at your networkstatistics, that's available and there'sactual time server. Net time will letyou look at what it is. If you're justsitting on a stand-alone, it'll just gono time server, so can't get anythingfrom that.Page 6 of 32
net Commands -3net Commands -3net user – display, create, delete users on the computer ordomainnet start – lists running services or start Windows servicesnet pause – suspend a Windows servicenet continue – resume a paused Windows servicenet stop – stop a Windows service26**026 So if you're looking toenumerate the users on a machine,like you might if you're pentesting,you can use the net user, and youcan also create, if you have enoughprivileges, and delete.So net start and net stop. This is forchecking services that are running.If you just run net start it'll just showother running services. And if youput a particular service in there andyou have the privileges, it will startthat service from the command lineand the same is true for stopping.Must have the privileges and it'll shutit down for you right from thecommand line. You can pause it, thePage 7 of 32
Windows service as well, and ofcourse, continue is just resuming thatsame service, so.net confignet configAn extremely valuable net command for displaying configurationinformation of the local computerHas two options: Workstation or Server Workstation is the most useful since that service is almostguaranteed to be running on the system.– Great for findingooooOS VersionComputer NameDomainUser name27**027 So net config gives you quitea bit of information, actually. And itsays extremely valuable, and thatmay be extremely valuable to ahacker. In addition to being anadministrator. If you're looking forgood information on a particularmachine, you can use the net configcommand and you'll see a lot of theconfigurations. It does have twooptions. You can put in net configworkstation, and it'll give you theinformation. Actually give youPage 8 of 32
information about both workstationand server, whether you have aserver or not. On the server side it'llsay number of connections, and it'llbe 0, because obviously no one--orshould be 0. Obviously if you're nota server, for the most part, peoplearen't connecting to you. So thatsort of server information will still beavailable, it'll just show up as 0 orwhatever the case is.So. And like it says, the workstationfor this particular command is mostlikely to be running, so it'll get youthat information, the OS version,computer name, domain, and theuser name that's logged in.Page 9 of 32
net config workstationnet config workstation28**028 Okay. So you can see up topnet config workstation, and it givesyou the information there.And a lot of this, if you're not anadmin and you're not keepingstatistics like this, it may be morethan what you need. But if you arean admin, you may be very, veryinterested in this.Page 10 of 32
net sharenet shareWithout any options list information about all resources beingshared on the computerSharename will display further details29**029 So net share. Without anyoptions it'll show you all theresources that are being shared withthat computer. So you can see fromprevious, the nul session connectionthat we had talked about, the IPC share, that is a hidden share. So yousee there, there's a C , a hidden C:/share, that pretty much mirrors the Cdrive on your machine. The ADMIN ,also a hidden share forcommunication.And then if you're looking for backupshare name of backup, it'll go andgive you the information about it.Number of users maximum. In thiscase, there's no limit. SoPage 11 of 32
permissions. FULL, everyone, whichis interesting, or everyone, FULL,rather. Which is interesting, becausethat means they can do anything tothat backup.And again, taking advantage of theerror code or a findstr you can usethe same. You'll notice most of theseuse when you complete themsuccessful, the command completedsuccessfully on both of these. So youcan use that as input into anotherport, onto the command. Yes, Chris?Instructor 2: I was going to add on this,the, you see the permissions, excuseme, that are listed there for theshares. This is really cool for goingout and auditing file permissionshares. Now, you'd have to go anextra step into this to get the NTFSpermissions as well, but if you're justlooking for share permissions in athree or four line Batch file, you canactually go grab the shares for allyour work stations and do an auditacross those permission levels very,very easily. Just using that. Youdon't need anything else specific orparticular in order to do that. There'sa lot of functionality exposed by theNET commands that's really good foradministrative purposes.Instructor: Okay. Thank you.Page 12 of 32
net view -1net view -1Displays a list of domains and computers that are being shared bythe specified computerWithout any options, it displays a list of computers in your currentdomainMust have Admin PermissionsIf the computer is a member of a domain, the domain controller willbe the last one listed.30**030 Okay. So net view. So thisdisplay is a list of domains andcomputers that are being shared bythe specific computer. If you run itwithout options, it'll show you thatlist of the current domain. Thisexplicitly must have adminpermissions to be able to run this,which makes sense, because to getthis kind of information you shouldhave elevated privileges to be able todo that. And again, if it's a memberof a domain, the domain controllerwill be the last one on the list. Sothat's nice, so you'll be able to figurethat out. That's something thatperhaps a hacker might want to beinterested in.Page 13 of 32
net view -2net view -2net view \\computername /all – will show all the shares and otherresources (printers) that are available on computername Use this to find share on other computers that should or should notbe there!31**031 So here's the syntax. Youuse net view// either computernameor ip and then /all would show you allthe information that you're lookingfor. So just like that last line says,this is a tool if you're looking forunauthorized shares that shouldn't bethere. You'll be able to enumeratethe shares. So that's something toconsider if you're doing that.Page 14 of 32
IPC IPC Interprocess communication shareOften called the null sessions connectionUsed by SMB and NetBios for temporary connections betweenclients and serversThe indicates it is a hidden share.Disabling will break most Windows Server functions that use RPCCan be used to create unauthenticated connections (AnonymousCredentials)Can be used to create authenticated sessions for machinesoutside the domain32**032 So kind of went over this littlebit earlier today, the interprocesscommunication share. It's used bythe service message block, SMB, andthe NetBios for Windows, fortemporary connections betweenclients and servers. So a lot of timesthe nul sessions are discouraged,meaning being able to attach with nouser and no password. Used to bethe default. Now they try to preventthat from happening, but backwardcompatibility is an issue, so you maynot be able to communicate withsome computers, if those are not setthe same for both. I'll just put it thatway.Page 15 of 32
Course, the , as I mentioned,denotes a hidden share. Anddisabling it generally breaks mostserver functions. And thenAnonymous Credentials is what I wassaying. You can connect with justthe user being blank and thepassword being blank for the nullconnection. And you can doauthenticated sessions. And this is akey where it says authenticatedsessions are authorized for machinesoutside of the domain. So apentester might use this becausethey don't have to be a part of thedomain and they can go in and reachout and connect to a machine, if theyhave some credentials, so.Page 16 of 32
net use -1net use -1Connects or disconnects a computer from a shared resource(share or printer) and can display information about theconnectionsWithout any options will display the local computer’s currentlymapped resources33**033 Okay. And the net usecommand that we used earlier.There's another way. If you use itwith no options, it'll just give you allthe current shared resources that areout there which are connected to.Page 17 of 32
net use -2net use -2net use [\\computername\sharename] [password][/user:username] [/persistant:yes no] [/savecred] [/delete][/smartcard][\\computername\share] – the resource to connect to, if usedwithout share will connect to IPC [password] – use * to be prompted for password[/user:username] – if not provided, will use the currently logged inuser, for domains use domainname\username[/persistant:yes no] – yes will restore the connection on next logon,no is the default34**034 And there's quite a fewoptions available when you do the,use the, net use command. It's quiteuseful, especially for admins, beingable to reach out to a box, becauseyou can, once you, if you have theproper credentials, if you're supposedto be there, you can get at a lot ofthings. You can pull down files, etcetera, without having to worry abouthow to connect to it and pullingthings back. So you have to have the//computername or ip address forthat area, the /, the sharename thatyou're trying to connect to, whetherit's the IPC or C or whatever it is.You put the password there. If youput an asterisk in where thePage 18 of 32
password's supposed to be, it'll justprompt you when it runs, and thatway you can just have it do the workthat way. Or you can actually placethe password right in there like wedid for the script that we ran earlier,and then /user: and then theusername. And so you have theoption of making it a persistentconnection, so the next time youreboot and come back up it'll try tomake that connection again. And aslong as the credentials andeverything else match, you'll allautomatically have that share.And then it does, the savecred isused with the /persistent to makesure that you keep it, and that/delete, or you can use /d like I did inthe script that we had. We werecleaning up after ourselves and wewere disconnecting. So you woulduse the /d. And if you happened touse a smartcard that has the chip onit, you can also use the /smartcard tobe able to use the credentials thatare on a smartcard, if that's got aconnection for it. So that makes thatpart easier.So if you don't provide a user atall, it will use your current credentialsthat you're running this commandfrom, so if you are already privilegedenough to use it, you don't evenhave to put username or password.It'll just use your current credentialsand that makes it a little easier ifyou're administering the network withthat.Page 19 of 32
Instructor 2: Want to comment on that.Administrator on your local laptop isdifferent from administrator oneverybody else's laptop, which isdifferent from the domainadministrator account. So eventhough you're using the same name,excuse me, if you're using theintegrated authentication by notspecifying the username, Windowswill know the difference betweenadministrator here, administratorthere and domain administrator aswell. So sometimes it's best to bevery explicit about whichadministrator or which account you'reactually using.Instructor: Great. Very good.Thank you.Page 20 of 32
net use -3net use -3[/savecred] – stores the password and username provided toconnect, used with /persistant[/delete] – remove a current connection, use * to remove allconnections[/smartcard] – use credentials of an available CAC35**035 Okay. And that's just acontinuation of the information thatthat was on the other one, thesavecred, the delete and thesmartcard. And if you've not heardof a CAC, a CAC, it's the commonaccess card that the governmentuses, is the CAC.Page 21 of 32
net use Examplesnet use Examplesnet use z: \\server\data */user:mydomain\joeuser /savecred /p:yes This will map the share data on server with the accountmydomain\joeuser. It will also prompt me for a password the first time I connect and saveit for future use. The connection will be restored the next time I login.net use z: /delete Removes the connection that was established above Will not be restored at reboot36**036 Okay. So when you specifybefore the server and the data adrive and that drive is available, it willmap it to that particular drive for you.So that's kind of nice. You can alsoput an asterisk there and it will grabthe next available drive. But if youwant to make sure you know whatthat share is connected to or whatdrive it's attached to, then you goahead and explicitly put the z orwhatever letter you'd like.The star will prompt you again forthe password, and in this case theuser. If you are on a domain, youwant to make sure you put a domainin front of your username. This onePage 22 of 32
you're saving the credentials to makeit persistent.And once again, this is a cleanup.And even with the--or this willremove the persistent connections aswell, if you explicitly do the delete ora /d. So if you do disconnect yourconnections, if you had it persistentbefore, don't think that it'll comeright back. This will stop that portionof it, it'll remove, if you will, thepersistent piece of it, so.netshnetshNetwork shellCommand-line scripting utility to access many high-level networkfunctions on local or remote computers Network Interfaces Windows Firewall Routing & Remote AccessCan be used from the command-line (Command Mode) or as ashell or with scripts (Batch Mode)37**037 Okay, netsh or netshell.This is a CLI scripting utility thatgives you a lot of high-level networkPage 23 of 32
functionality. It's good across thenetwork, gives you access to networkinterfaces. Like it says, Windowsfirewall routing and remote accesscapability. So there's I guess,essentially two modes. There's thecommand-line mode, and then youcan actually run it with a Batch usinga script.netsh – Command Mode -1netsh – Command Mode -1Functions like a standard command where options are entered onone lineCan be used in batch filesnetsh [context] [sub-context] command [context] options are the part of the network to access– dhcpclient, firewall, interface, show [sub-context] usually the action to perform– add, delete, set command is the details of the action– the ip address, the route, server nameUse netsh help or netsh [context] help or netsh [context] list forpossible options.38**038 So in command mode, theseare all entered right at the commandline. The construct for this iscontext, sub-context and command.It's kind of different, and I'll showyou as we get to the example on howthat works. It's not quite the samePage 24 of 32
way you would use, like, netuse orsome of the other ones. So netshhas a slightly different format thatyou have to follow.So the context piece, you know, likedhclient, firewall, interface, show.Sub-context, usually an action to beperformed, like either adding ordeleting. And the command is thedetail of the action. If you're lookingfor a specific IP address, a route, aserver name. So you can see thesearen't quite like semantically whatyou think they are. Command reallyshouldn't be the detailed part, or youwouldn't think of that as the detailedpart. You would probably think itmight be a subcontext or something,and that's kind of what I meant byit's not quite the format that you'reused to with the other command. Soif you are going to use netshell, it'svery powerful, but you, you reallykind of have to do your homeworkbefore you start using it in yourscripts.And there is netsh help. That'll giveyou some information.Page 25 of 32
netsh – Command Mode -2netsh – Command Mode -2Use netsh help or netsh [context] help or netsh [context] list forpossible options.39**039 So similar to the other. Ifyou do a netsh dhcphelp it gives youexactly what sorts of things you needto put in. It doesn't really explainwhich ones you need to be putting inas a context or a subcontext or thecommand, so that part of this helpisn't quite as helpful as you mightthink. So some of it kind of have todo a little bit of trial and error to useit. They do have a list so you cansee what all the commands availablewithin, like, dhcp here are. Addserver, add securitygroups, et cetera.So it does give you information aboutwhat you can do, but it's a little bit,like I said, more difficult to get thesyntax right to make it work right.Page 26 of 32
netsh – Command Mode -3netsh – Command Mode -3netsh dhcp show server Will list the dhcp server the local server is usingnetsh interface show interface Will list all the network interfacesnetsh interface ip show dnsservers List the DNS servers for all the connectionsnetsh interface ip set dns name “Local AreaConnection” source static addr 192.168.0.2 Set the interface “Local Area Connection” to static DNS40**040 So here's the construct that Iwas kind of talking about. Netshdhcp show server. So most of theseare pretty straightforward, butsometimes you don't know whetheryou want to do interface show ipdnsservers. In this case it'ssupposed to be ip first, interface ip,then show, then dnsservers.Some of them are redundant but dowhat they need to do. The interfaceshow interface, you wouldn't thinkyou needed to explain both of thosebut it's a requirement, so again, you'llhave to, if you decide to use this foryour scripting, you want to do a littlePage 27 of 32
bit more research and make sure youget the way these constructs work.And this one here, you're looking atsetting the interface, the local areaconnection, to a static DNS address.So as you can see, that's a prettypowerful thing to be able to do justfrom the command line. So netshcan be your friend. I just think it'lljust take a little bit of research sinceit's a little bit different than a lot ofthe commands that we've showntoday.netsh – Command Mode -4netsh – Command Mode -4netsh dump interface c:\IntConfig.dat Will backup the current interface config to a fileExports all the interfaces and network settingsnetsh exec c:\Intconfig.datWill restore the current interface config from a file Restores all the interfaces and network settingsUse the –r options to run any of the commands against a remoteserver – need appropriate permissions! netsh –r lab-dc-01 –u lab\Administrator –p *dump interface c:\IntConfig.dat 41**041 So you can do backups ofcurrent interface configurations to aPage 28 of 32
file like the top line there. You'reredirecting that to a .dat file. Sothat's something that's a little bitdifferent from just copying or findinga string or whatever. This is moreadministrative type of work you cando with this tool.Then you can also restore based onthat previous configuration file if youuse the exec command along withthe netsh. And you can take theconfiguration and restore a previouscopy of it. So that's very powerful aswell.And then the -r option. Run any ofthe commands against a remoteserver, but you do need administratorpermissions, and that's why it's kindof looking for the user to beadministrator and it'll ask you for thatpassword for you to be able to dothese. Especially because you'rechanging, if you're putting the, ifyou're grabbing interface informationfrom a DC, a domain controller, it'skind of important. You don't wantjust anybody to be able to do that.Page 29 of 32
netsh – Batch Modenetsh – Batch ModeFunctions like an interactive shell Run netsh with no options, gives a netsh shell promptCan be fed a text file to execute a series of command, use –r torun against a remote machine Run netsh exec filename42**042 Okay. And as I said at thebeginning of this, there is a secondmode. You can do a Batch. Soinstead of doing it individually at thecommand line, same thing asWindows Batch and netshell hasBatch mode as well and you can justcreate a text file. And then put yourcommands that you'd like to have runand then just use the exec and thenthe filename that has the list of allthe commands that you would like tohave covered.Instructor 2: There were two otherfunctions within netsh that I thoughtworthwhile to bring up here. Thisonly just scratched the surface ofPage 30 of 32
what netsh can do. Netsh reallyexposes the entire networksubsystem within Windows to you.So you can script with it, you canchange things with it. If you look atthe netsh trace command it actuallygives you the ability to do trafficsniffing. So similar to what you cando with wireshark or tcpdump orsomething like that, you can actuallycapture network packets and look atthem, capture them, with netsh. Andthen you can export that file andconvert it, pull it into, you know, anypcap-compliant packet program. Soyou actually have a built-in networksniffer in Windows through netsh,which I find really, really cool.The next one is if you are familiarwith Linux and using ssh to do portredirection or remote and local portforwarding, you actually have theexact same capability within Windowsthrough the netsh command to setup port forwarding so that you could,again, if you were using this for evilpurposes, you could actually bouncethrough a Windows box, you know,direct an attack through a Windowsbox somewhere else, and have itrelay that attack for you or relay thattraffic for you. So netsh is truly apowerful and probably, I think,underappreciated program, becausea lot of that functionality is absolutelyburied in there. And so you reallygot to dig into it. But pretty muchanything with the network subsystemin Windows, you've got access tofrom that one program.Page 31 of 32
NoticesNotices 2015 Carnegie Mellon UniversityThis material is distributed by the Software Engineering Institute (SEI) only to course attendees for theirown individual study.Except for the U.S. government purposes described below, this material SHALL NOT be reproduced orused in any other manner without requesting formal permission from the Software Engineering Institute atpermission@sei.cmu.edu.This material was created in the performance of Federal Government Contract Number FA8721-05-C0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federallyfunded research and development center. The U.S. government's rights to use, modify, reproduce,release, perform, display, or disclose this material are restricted by the Rights in Technical DataNoncommercial Items clauses (DFAR 252-227.7013 and DFAR 252-227.7013 Alternate I) contained inthe above identified contract. Any reproduction of this material or portions thereof marked with thislegend must also reproduce the disclaimers contained on this slide.Although the rights granted by contract do not require course attendance to use this material for U.S.government purposes, the SEI recommends attendance to ensure proper understanding.THE MATERIAL IS PROVIDED ON AN “AS IS” BASIS, AND CARNEGIE MELLON DISCLAIMS ANYAND ALL WARRANTIES, IMPLIED OR OTHERWISE (INCLU
– resume a paused Windows service net stop – stop a Windows service **026 So if you're looking to . enumerate the users on a machine, like you might if you're pentesting, you can use the net user, and you . can also create, if you have enough . privileges, and delete. So net start and ne
The Windows The Windows Universe Universe Windows 3.1 Windows for Workgroups Windows 95 Windows 98 Windows 2000 1990 Today Business Consumer Windows Me Windows NT 3.51 Windows NT 4 Windows XP Pro/Home. 8 Windows XP Flavors Windows XP Professional Windows XP Home Windows 2003 Server
AutoCAD 2000 HDI 1.x.x Windows 95, 98, Me Windows NT4 Windows 2000 AutoCAD 2000i HDI 2.x.x Windows 95, 98, Me Windows NT4 Windows 2000 AutoCAD 2002 HDI 3.x.x Windows 98, Me Windows NT4 Windows 2000 Windows XP (with Autodesk update) AutoCAD 2004 HDI 4.x.x Windows NT4 Windows 2000 Windows XP AutoCAD 2005 HDI 5.x.x Windows 2000 Windows XP
Applications of traditional scripting languages are: 1. system administration, 2. experimental programming, 3. controlling applications. Application areas : Four main usage areas for scripting languages: 1. Command scripting languages 2.Application scripting languages 3.Markup language 4. Universal scripting languages 1.
The main features of php is; it is open source scripting language so you can free download this and use. PHP is a server site scripting language. It is open source scripting language. It is widely used all over the world. It is faster than other scripting language. Some important features of php are given below; Features of php
Shell, Unix lesystem, basic tools Combining tools/commands (pipe'ing) Advanced tools Regular expressions Stream manipulation Scripting Shell scripting Python scripting Instructor: Bruno Abrahao CS2043 - Unix Tools & Scripting. What are scripts? Programs written for a special run-time environment that can
Server Side Scripting merupakan sebuah teknologi scripting atau pemrograman web dimana script (program) dikompilasi atau diterjemahkan di server. Dengan server side scripting, memungkinkan untuk menghasilkan halaman web yang dinamis. Beberapa contoh Server Side Scripting (Programming) : 1. ASP (Active Server Page) dan ASP.NET 2.
Provided by the Academic Center for Excellence 1 Spanish: Commands Updated February 20. Spanish: Commands . Formal Commands (Ud. and Uds.) Formal commands are used when talking in the Usted/Ustedes form of a verb. To create formal affirmative and negative commands, use the third person
Schiavo ex rel. Schiavo, _ F.3d _, 2005 WL 648897 (11th Cir. Mar. 23, 2005) (Schiavo I), stay denied, _ S. Ct. _, 2005 WL 672685 (Mar. 24, 2005). After that appeal was taken, the plaintiffs filed an amended complaint on March 22, 2005, adding four more counts, and a second amended complaint on March 24, 2005, adding a fifth count. On the basis of the claims contained in those new .
