THỰC HÀNH AN TOÀN HỆ THỐNG THÔNG TIN
41
Bài Thực Hành 1 1.1.1 Net view C:\>net view Server Name Remark ----------------------------------- \\MAY01 \\MAY51 \\MAY54 \\MAY60 \\MAY61 \\MAY63 \\MAY64 \\MAY65 \\MAY66 The command completed successfully. C:\>net view \\192.168.1.51 Shared resources at \\192.168.1.51 Share name Type Used as Comment ----------------------------------- Ghost Disk The command completed successfully. 1.1.2
description
THỰC HÀNH BÀI 1
Transcript of THỰC HÀNH AN TOÀN HỆ THỐNG THÔNG TIN
Bi Thc Hnh 11.1.1 Net view C:\>net viewServer Name Remark-----------------------------------\\MAY01\\MAY51\\MAY54\\MAY60\\MAY61\\MAY63\\MAY64\\MAY65\\MAY66The command completed successfully.
C:\>net view \\192.168.1.51Shared resources at \\192.168.1.51Share name Type Used as Comment-----------------------------------Ghost DiskThe command completed successfully.1.1.2 C:\>md C:\ThucHanhC:\>net share thuchanh=C:\ThucHanhthuchanh was shared successfully.
C:\>net share thuchanh /DELETEthuchanh was deleted successfully.
1.1.3 C:\>net use * \\192.168.1.51\thuchanh 123456 /USER:may51Drive Z: is now connected to \\192.168.1.51\thuchanh.The command completed successfully.
C:\>net useNew connections will be remembered.Status Local Remote Network-------------------------------------------------------------------------------OK Z: \\192.168.1.51\thuchanh Microsoft Windows NetworkThe command completed successfully.C:\>net use Z: /DELETEZ: was deleted successfully.1.1.4C:\>net sessionComputer User name Client Type Opens Idle time-------------------------------------------------------------------------------\\192.168.1.51 MAY51 Windows 2002 Serv 0 00:00:12The command completed successfully.1.1.5C:\>net statisticsStatistics are available for the following running services: Server WorkstationThe command completed successfully.1.1.6C:\>net startThese Windows services are started: Apache2.2 Application Layer Gateway Service Client32 COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher DFServ DHCP Client Distributed Link Tracking Client DNS Client Event Log FTP Publishing Help and Support HTTP SSL IIS Admin Intel(R) Management & Security Application User Notification Service Intel(R) Management and Security Application Local Management Service IPSEC Services Java Quick Starter Logical Disk Manager MSSQLSERVER MySQL Network Connections Network Location Awareness (NLA) Plug and Play Print Spooler Protected Storage Remote Access Connection Manager Remote Procedure Call (RPC) Remote Registry Secondary Logon Security Accounts Manager Server Shell Hardware Detection Simple Mail Transfer Protocol (SMTP) SQL Server (SQLEXPRESS) SQL Server Browser SQL Server VSS Writer SSDP Discovery Service System Event Notification System Restore Service Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services Themes VMware Authorization Service VMware DHCP Service VMware NAT Service WebClient Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Image Acquisition (WIA) Windows Management Instrumentation Windows Time Wireless Zero Configuration Workstation World Wide Web PublishingThe command completed successfully.C:\>net stop "Remote Registry"The Remote Registry service was stopped successfully.C:\>net start "Remote Registry"The Remote Registry service was started successfully.1.1.7 C:\>net user user01 123456 /ADDThe command completed successfully.C:\>net user user01 123The command completed successfully.C:\>net user user01 /DELETEThe command completed successfully.1.2C:\>set varip=192.168.1.2C:\>set varsm=255.255.255.0C:\>set vargw=192.168.1.1C:\>set vardns1=8.8.8.8C:\>set vardns2=8.8.4.4C:\>netsh int set address name = "Local Area Connection 2" source = static addr =%varip% mask = %varsm% gateway =%vargw% gwmetric = 1The following command was not found: int set address name = "Local Area Connection" source = static addr = 192.168.1.2 mask = 255.255.255.0 gateway =192.168.1.1 gwmetric = 1.C:\>netsh interface ip set address "Local Area Connection" static 192.168.1.143255.255.255.0 192.168.1.1 1Ok.
1.3C:\>netstat -nActive Connections Proto Local Address Foreign Address State TCP 127.0.0.1:1025 127.0.0.1:1026 ESTABLISHED TCP 127.0.0.1:1026 127.0.0.1:1025 ESTABLISHEDC:\>netstat aActive ConnectionsProto Local Address Foreign Address State TCP may51:ftp may51:0 LISTENING TCP may51:smtp may51:0 LISTENING TCP may51:http may51:0 LISTENING TCP may51:epmap may51:0 LISTENING TCP may51:https may51:0 LISTENING TCP may51:microsoft-ds may51:0 LISTENING TCP may51:912 may51:0 LISTENING TCP may51:1027 may51:0 LISTENING TCP may51:ms-sql-s may51:0 LISTENING TCP may51:2147 may51:0 LISTENING TCP may51:2869 may51:0 LISTENING TCP may51:3306 may51:0 LISTENING TCP may51:5405 may51:0 LISTENING TCP may51:1025 may51:1026 ESTABLISHED TCP may51:1026 may51:1025 ESTABLISHED TCP may51:1028 may51:0 LISTENING TCP may51:1037 may51:0 LISTENING TCP may51:5152 may51:0 LISTENING TCP may51:netbios-ssn may51:0 LISTENING TCP may51:netbios-ssn may51:0 LISTENING TCP may51:microsoft-ds 192.168.1.17:1915 ESTABLISHED TCP may51:3931 192.168.1.55:netbios-ssn TIME_WAIT TCP may51:3932 192.168.1.55:netbios-ssn TIME_WAIT TCP may51:netbios-ssn may51:0 LISTENING UDP may51:microsoft-ds *:* UDP may51:isakmp *:* UDP may51:1029 *:* UDP may51:1036 *:* UDP may51:ms-sql-m *:* UDP may51:3456 *:* UDP may51:4500 *:* UDP may51:4523 *:* UDP may51:4524 *:* UDP may51:4525 *:* UDP may51:4526 *:* UDP may51:4527 *:* UDP may51:4528 *:* UDP may51:4529 *:* UDP may51:4530 *:* UDP may51:5405 *:* UDP may51:ntp *:* UDP may51:1032 *:* UDP may51:1900 *:* UDP may51:ntp *:* UDP may51:netbios-ns *:* UDP may51:netbios-dgm *:* UDP may51:1900 *:* UDP may51:ntp *:* UDP may51:netbios-ns *:* UDP may51:netbios-dgm *:* UDP may51:1900 *:* UDP may51:ntp *:* UDP may51:netbios-ns *:* UDP may51:netbios-dgm *:* UDP may51:1900 *:*C:\>netstat -oActive Connections Proto Local Address Foreign Address State PID TCP may51:1025 may51:1026 ESTABLISHED 1692 TCP may51:1026 may51:1025 ESTABLISHED 1692 TCP may51:2869 192.168.1.1:1744 CLOSE_WAIT 4C:\>netstat -naoActive ConnectionsProto Local Address Foreign Address State PID TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1508 TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1508 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1456 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1244 TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 1456 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:912 0.0.0.0:0 LISTENING 3180 TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING 1508 TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 596 TCP 0.0.0.0:2147 0.0.0.0:0 LISTENING 1668 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 1996 TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1552 TCP 0.0.0.0:5405 0.0.0.0:0 LISTENING 1476 TCP 127.0.0.1:1025 127.0.0.1:1026 ESTABLISHED 1692 TCP 127.0.0.1:1026 127.0.0.1:1025 ESTABLISHED 1692 TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 1800 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 1528 TCP 192.168.0.1:139 0.0.0.0:0 LISTENING 4 TCP 192.168.1.51:139 0.0.0.0:0 LISTENING 4 TCP 192.168.1.51:2869 192.168.1.1:1744 CLOSE_WAIT 4 TCP 192.168.80.1:139 0.0.0.0:0 LISTENING 4 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 972 UDP 0.0.0.0:1029 *:* 1856 UDP 0.0.0.0:1036 *:* 1856 UDP 0.0.0.0:1434 *:* 1612 UDP 0.0.0.0:3456 *:* 1508 UDP 0.0.0.0:4500 *:* 972 UDP 0.0.0.0:4523 *:* 1856 UDP 0.0.0.0:4524 *:* 1856 UDP 0.0.0.0:4525 *:* 1856 UDP 0.0.0.0:4526 *:* 1856 UDP 0.0.0.0:4527 *:* 1856 UDP 0.0.0.0:4528 *:* 1856 UDP 0.0.0.0:4529 *:* 1856 UDP 0.0.0.0:4530 *:* 1856 UDP 0.0.0.0:5405 *:* 1476 UDP 127.0.0.1:123 *:* 1668 UDP 127.0.0.1:1032 *:* 1668 UDP 127.0.0.1:1900 *:* 1996 UDP 192.168.0.1:123 *:* 1668 UDP 192.168.0.1:137 *:* 4 UDP 192.168.0.1:138 *:* 4 UDP 192.168.0.1:1900 *:* 1996 UDP 192.168.1.51:123 *:* 1668 UDP 192.168.1.51:137 *:* 4 UDP 192.168.1.51:138 *:* 4 UDP 192.168.1.51:1900 *:* 1996 UDP 192.168.80.1:123 *:* 1668 UDP 192.168.80.1:137 *:* 4 UDP 192.168.80.1:138 *:* 4 UDP 192.168.80.1:1900 *:* 1996
C:\>netstat -rn
Route Table===========================================================================Interface List0x1 ........................... MS TCP Loopback interface0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet80x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet10x4 ...70 71 bc 9a 82 6d ...... Intel(R) 82578DC Gigabit Network Connection - Packet Scheduler Miniport======================================================================================================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.51 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 20 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 20 192.168.1.0 255.255.255.0 192.168.1.51 192.168.1.51 20 192.168.1.51 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.51 192.168.1.51 20 192.168.80.0 255.255.255.0 192.168.80.1 192.168.80.1 20 192.168.80.1 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.80.255 255.255.255.255 192.168.80.1 192.168.80.1 20 224.0.0.0 240.0.0.0 192.168.0.1 192.168.0.1 20 224.0.0.0 240.0.0.0 192.168.1.51 192.168.1.51 20 224.0.0.0 240.0.0.0 192.168.80.1 192.168.80.1 20 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1 255.255.255.255 255.255.255.255 192.168.1.51 192.168.1.51 1 255.255.255.255 255.255.255.255 192.168.80.1 192.168.80.1 1Default Gateway: 192.168.1.1===========================================================================Persistent Routes: None
C:\>netstat -na
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:21 0.0.0.0:0 LISTENING TCP 0.0.0.0:25 0.0.0.0:0 LISTENING TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:912 0.0.0.0:0 LISTENING TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING TCP 0.0.0.0:2147 0.0.0.0:0 LISTENING TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING TCP 0.0.0.0:5405 0.0.0.0:0 LISTENING TCP 127.0.0.1:1025 127.0.0.1:1026 ESTABLISHED TCP 127.0.0.1:1026 127.0.0.1:1025 ESTABLISHED TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING TCP 192.168.0.1:139 0.0.0.0:0 LISTENING TCP 192.168.1.51:139 0.0.0.0:0 LISTENING TCP 192.168.1.51:2869 192.168.1.1:1744 CLOSE_WAIT TCP 192.168.80.1:139 0.0.0.0:0 LISTENING UDP 0.0.0.0:445 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:1029 *:* UDP 0.0.0.0:1036 *:* UDP 0.0.0.0:1434 *:* UDP 0.0.0.0:3456 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:4523 *:* UDP 0.0.0.0:4524 *:* UDP 0.0.0.0:4525 *:* UDP 0.0.0.0:4526 *:* UDP 0.0.0.0:4527 *:* UDP 0.0.0.0:4528 *:* UDP 0.0.0.0:4529 *:* UDP 0.0.0.0:4530 *:* UDP 0.0.0.0:5405 *:* UDP 127.0.0.1:123 *:* UDP 127.0.0.1:1032 *:* UDP 127.0.0.1:1900 *:* UDP 192.168.0.1:123 *:* UDP 192.168.0.1:137 *:* UDP 192.168.0.1:138 *:* UDP 192.168.0.1:1900 *:* UDP 192.168.1.51:123 *:* UDP 192.168.1.51:137 *:* UDP 192.168.1.51:138 *:* UDP 192.168.1.51:1900 *:* UDP 192.168.80.1:123 *:* UDP 192.168.80.1:137 *:* UDP 192.168.80.1:138 *:* UDP 192.168.80.1:1900 *:*C:\>netstat -na 2
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:21 0.0.0.0:0 LISTENING TCP 0.0.0.0:25 0.0.0.0:0 LISTENING TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:912 0.0.0.0:0 LISTENING TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING TCP 0.0.0.0:2147 0.0.0.0:0 LISTENING TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING TCP 0.0.0.0:5405 0.0.0.0:0 LISTENING TCP 127.0.0.1:1025 127.0.0.1:1026 ESTABLISHED TCP 127.0.0.1:1026 127.0.0.1:1025 ESTABLISHED TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING TCP 192.168.0.1:139 0.0.0.0:0 LISTENING TCP 192.168.1.51:139 0.0.0.0:0 LISTENING TCP 192.168.1.51:2869 192.168.1.1:1744 CLOSE_WAIT TCP 192.168.1.51:2869 192.168.1.1:1761 CLOSE_WAIT TCP 192.168.80.1:139 0.0.0.0:0 LISTENING UDP 0.0.0.0:445 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:1029 *:* UDP 0.0.0.0:1036 *:* UDP 0.0.0.0:1434 *:* UDP 0.0.0.0:3456 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:4523 *:* UDP 0.0.0.0:4524 *:* UDP 0.0.0.0:4525 *:* UDP 0.0.0.0:4526 *:* UDP 0.0.0.0:4527 *:* UDP 0.0.0.0:4528 *:* UDP 0.0.0.0:4529 *:* UDP 0.0.0.0:4530 *:* UDP 0.0.0.0:5405 *:* UDP 127.0.0.1:123 *:* UDP 127.0.0.1:1032 *:* UDP 127.0.0.1:1900 *:* UDP 192.168.0.1:123 *:* UDP 192.168.0.1:137 *:* UDP 192.168.0.1:138 *:* UDP 192.168.0.1:1900 *:* UDP 192.168.1.51:123 *:* UDP 192.168.1.51:137 *:* UDP 192.168.1.51:138 *:* UDP 192.168.1.51:1900 *:* UDP 192.168.80.1:123 *:* UDP 192.168.80.1:137 *:* UDP 192.168.80.1:138 *:* UDP 192.168.80.1:1900 *:*
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:21 0.0.0.0:0 LISTENING TCP 0.0.0.0:25 0.0.0.0:0 LISTENING TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:912 0.0.0.0:0 LISTENING TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING TCP 0.0.0.0:2147 0.0.0.0:0 LISTENING TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING TCP 0.0.0.0:5405 0.0.0.0:0 LISTENING TCP 127.0.0.1:1025 127.0.0.1:1026 ESTABLISHED TCP 127.0.0.1:1026 127.0.0.1:1025 ESTABLISHED TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING TCP 192.168.0.1:139 0.0.0.0:0 LISTENING TCP 192.168.1.51:139 0.0.0.0:0 LISTENING TCP 192.168.1.51:2869 192.168.1.1:1744 CLOSE_WAIT TCP 192.168.1.51:2869 192.168.1.1:1761 CLOSE_WAIT TCP 192.168.80.1:139 0.0.0.0:0 LISTENING UDP 0.0.0.0:445 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:1029 *:* UDP 0.0.0.0:1036 *:* UDP 0.0.0.0:1434 *:* UDP 0.0.0.0:3456 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:4523 *:* UDP 0.0.0.0:4524 *:* UDP 0.0.0.0:4525 *:* UDP 0.0.0.0:4526 *:* UDP 0.0.0.0:4527 *:* UDP 0.0.0.0:4528 *:* UDP 0.0.0.0:4529 *:* UDP 0.0.0.0:4530 *:* UDP 0.0.0.0:5405 *:* UDP 127.0.0.1:123 *:* UDP 127.0.0.1:1032 *:* UDP 127.0.0.1:1900 *:* UDP 192.168.0.1:123 *:* UDP 192.168.0.1:137 *:* UDP 192.168.0.1:138 *:* UDP 192.168.0.1:1900 *:* UDP 192.168.1.51:123 *:* UDP 192.168.1.51:137 *:* UDP 192.168.1.51:138 *:* UDP 192.168.1.51:1900 *:* UDP 192.168.80.1:123 *:* UDP 192.168.80.1:137 *:* UDP 192.168.80.1:138 *:* UDP 192.168.80.1:1900 *:*
C:\>netstat -nab
Active Connections
Proto Local Address Foreign Address State PID TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1508 [inetinfo.exe]
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1508 [inetinfo.exe]
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1456 [httpd.exe]
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1244 Can not obtain ownership information TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 1456 [httpd.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 [System]
TCP 0.0.0.0:912 0.0.0.0:0 LISTENING 3180 [vmware-authd.exe]
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING 1508 [inetinfo.exe]
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 596 [sqlservr.exe]
TCP 0.0.0.0:2147 0.0.0.0:0 LISTENING 1668 [svchost.exe]
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 1996 Can not obtain ownership information TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1552 [mysqld.exe]
TCP 0.0.0.0:5405 0.0.0.0:0 LISTENING 1476 [client32.exe]
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 1800 [UNS.exe]
TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 Can not obtain ownership information TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 1528 [jqs.exe]
TCP 192.168.0.1:139 0.0.0.0:0 LISTENING 4 [System]
TCP 192.168.1.51:139 0.0.0.0:0 LISTENING 4 [System]
TCP 192.168.80.1:139 0.0.0.0:0 LISTENING 4 [System]
TCP 127.0.0.1:1025 127.0.0.1:1026 ESTABLISHED 1692 [LMS.exe]
TCP 127.0.0.1:1026 127.0.0.1:1025 ESTABLISHED 1692 [LMS.exe]
TCP 192.168.1.51:2869 192.168.1.1:1744 CLOSE_WAIT 4 [System]
UDP 0.0.0.0:1434 *:* 1612 Can not obtain ownership information UDP 0.0.0.0:4524 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:4500 *:* 972 [lsass.exe]
UDP 0.0.0.0:4528 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:500 *:* 972 [lsass.exe]
UDP 0.0.0.0:4527 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:4523 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:5405 *:* 1476 [client32.exe]
UDP 0.0.0.0:4525 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:1036 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:4529 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:4530 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:4526 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:3456 *:* 1508 [inetinfo.exe]
UDP 0.0.0.0:1029 *:* 1856 Can not obtain ownership information UDP 0.0.0.0:445 *:* 4 [System]
UDP 127.0.0.1:123 *:* 1668 c:\windows\system32\WS2_32.dll c:\windows\system32\w32time.dll ntdll.dll C:\WINDOWS\system32\kernel32.dll [svchost.exe]
UDP 127.0.0.1:1900 *:* 1996 Can not obtain ownership information UDP 127.0.0.1:1032 *:* 1668 c:\windows\system32\WS2_32.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\System32\winrnr.dll c:\windows\system32\WS2_32.dll c:\windows\system32\w32time.dll [svchost.exe]
UDP 192.168.1.51:138 *:* 4 [System]
UDP 192.168.80.1:137 *:* 4 [System]
UDP 192.168.1.51:123 *:* 1668 c:\windows\system32\WS2_32.dll c:\windows\system32\w32time.dll ntdll.dll C:\WINDOWS\system32\kernel32.dll [svchost.exe]
UDP 192.168.1.51:137 *:* 4 [System]
UDP 192.168.0.1:1900 *:* 1996 Can not obtain ownership information UDP 192.168.80.1:1900 *:* 1996 Can not obtain ownership information UDP 192.168.1.51:1900 *:* 1996 Can not obtain ownership information UDP 192.168.80.1:123 *:* 1668 c:\windows\system32\WS2_32.dll c:\windows\system32\w32time.dll ntdll.dll C:\WINDOWS\system32\kernel32.dll [svchost.exe]
UDP 192.168.0.1:123 *:* 1668 c:\windows\system32\WS2_32.dll c:\windows\system32\w32time.dll ntdll.dll C:\WINDOWS\system32\kernel32.dll [svchost.exe]
UDP 192.168.0.1:138 *:* 4 [System]
UDP 192.168.0.1:137 *:* 4 [System]
UDP 192.168.80.1:138 *:* 4 [System]
C:\>netstat -s -p icmp
ICMPv4 Statistics
Received Sent Messages 239 178 Errors 0 0 Destination Unreachable 76 13 Time Exceeded 0 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echos 82 83 Echo Replies 81 82 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0C:\>netstat -nao 1 | find "1037" TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2900 TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 29001.4C:\>wmic process list briefHandleCount Name Priority ProcessId ThreadCount WorkingSetSize0 System Idle Process 0 0 4 28672
1555 System 8 4 85 258048
19 smss.exe 11 828 3 397312
783 csrss.exe 13 892 12 2060288
573 winlogon.exe 13 916 18 5234688
418 services.exe 9 960 16 5701632
489 lsass.exe 9 972 22 7532544
78 DFServ.exe 8 1140 7 5767168
221 svchost.exe 8 1196 17 5124096
344 svchost.exe 8 1244 11 4550656
1617 svchost.exe 8 1668 88 29265920
131 svchost.exe 8 1856 4 4431872
809 svchost.exe 8 1996 16 9199616
165 spoolsv.exe 8 212 11 6463488
902 explorer.exe 8 660 24 25792512
133 runplugin.exe 8 744 6 7962624
50 USBGuard.exe 8 460 3 1986560
122 ctfmon.exe 8 832 2 3981312
34 UniKeyNT.exe 8 840 2 2867200
231 USBGuard.exe 8 860 6 15482880
39 FrzState2k.exe 8 1340 2 6348800
91 httpd.exe 8 1456 4 44949504
103 client32.exe 13 1476 8 5939200
475 inetinfo.exe 8 1508 26 10264576
168 jqs.exe 4 1528 5 1429504
155 LMS.exe 8 1692 4 5218304
343 sqlservr.exe 8 1748 29 2408448
269 sqlservr.exe 8 596 29 11431936
33446 mysqld.exe 8 1552 13 13041664
76 sqlbrowser.exe 8 1612 7 2256896
89 sqlwriter.exe 8 1636 3 3567616
206 UNS.exe 8 1800 12 8216576
61 vmnat.exe 8 2788 3 2191360
33 vmnetdhcp.exe 8 3016 2 1966080
243 httpd.exe 8 3152 154 47128576
208 vmware-authd.exe 8 3180 7 7901184
113 alg.exe 8 2900 6 3592192
135 svchost.exe 8 1272 5 4378624
130 mspaint.exe 8 2480 4 16621568
99 svchost.exe 8 2432 8 3604480
468 WINWORD.EXE 8 2428 6 30625792
33 cmd.exe 8 2116 1 2674688
140 wmic.exe 8 2744 4 5963776
145 wmiprvse.exe 8 2108 6 5779456
C:\>finger -l user01
[may51]> Finger: connect::Connection refused
C:\>tracert 192.168.1.67
Tracing route to 192.168.1.67 over a maximum of 30 hops
1 1 ms arp -a
Interface: 192.168.1.51 --- 0x4 Internet Address Physical Address Type 192.168.1.1 64-68-0c-f9-3e-af dynamic 192.168.1.10 00-1b-b9-67-9f-d8 dynamic 192.168.1.17 00-1b-b9-65-2e-07 dynamic 192.168.1.36 00-1b-b9-63-f1-cc dynamic 192.168.1.52 70-71-bc-9a-2e-63 static 192.168.1.53 70-71-bc-9a-2d-5f dynamic 192.168.1.56 70-71-bc-9a-2c-66 dynamic 192.168.1.64 70-71-bc-9a-6f-47 dynamic 192.168.1.67 70-71-bc-9a-84-12 dynamic 192.168.1.111 70-71-bc-9a-2a-c3 dynamic 192.168.1.125 70-71-bc-9a-2e-ef dynamic
