First, the scene summary:
1. In Windows Scheduled task, there is a user logged in time triggered by the event 2, cmd command: Netstat-ano | Find "3389" can see the current remote login IP3, Bat script: Set loginuserid=%username% can get the current login user name 4, Using Eking.cmdreadfileandsendemailoper to read files and send a message 5, using BAT implementation is triggered by Windows scheduled task to perform the original link: http://www.lookdaima.com/ webforms/webpages/blanks/pm/docs/docitemdetail.aspx?id=0821b76a-add3-4303-b41d-34a6faeceb89& emdocdetailshowtypev=2
Ii. Related downloads and links:Program Download: Complete program file and log eking.cmdsendemail| implementation Send mail | Primarily for email reminders after database scheduled backups | V1.0 version eking.cmddes3encryptoper| custom DES3 encryption operation https://svn.lookdaima.com:8443/!/#Cmds/view/head/csharp/common/ Eking.cmdreadfileandsendemailoper (user/123)
https://svn.lookdaima.com:8443/!/#Cmds/view/head/csharp/common/eking.cmdreadfileandsendemailoperhttps:// Github.com/fuzhx/cmds/tree/master/csharp/common/eking.cmdreadfileandsendemailoper
Https://github.com/fuzhx/cmds/tree/master/CSharp/Common/eKing.CmdReadFileAndSendEmailOper application Download source code download Online Source: Eking.cmdreadfileandsendemailoper
third, the program directory:
File directory
1, Bat.log: Scheduled task execution output log 2, EKing.CmdDes3EncryptOper.exe: Auxiliary gadget, to achieve the mailbox password Des3 encryption 3, EKing.CmdReadFileAndSendEmailOper.exe: Reads the contents of the Loginip.log and sends the message 4, Login.bat: Batch script for scheduled Tasks 5, Loginip.log:login.bat execution time output, there is the login IP and the current server IP (avoid excessive server, confusing situation)
content of Bat.log:
Bat.log
C:\windows\system32>echo User.login
User.login
C:\windows\system32>set Loginuserid=administrator
C:\windows\system32>echo Administrator
Administrator
C:\windows\system32>netstat-ano | Find "3389" 1>c:\cmds\cs\common\login\loginip.log
C:\windows\system32>ipconfig-all 1>>c:\cmds\cs\common\login\loginip.log
C:\windows\system32>c:\cmds\cs\common\login\eking.cmdreadfileandsendemailoper.exe EmailName=qq89616537 emailsmtpserver=smtp.163.com [email protected] emailpwd=***** enablessl=false [email protected]; [Email protected]; emailtitle= "{datetime.now}-User Administrator Telnet 119.29.88.48 (see Code Network) server" emailtext= remote access server prompt emailencoding=gb2312 Htmlflag=false pwdtexttype=des3 emailtexttype=file dirfullname=~/filenameexpress=login*.log ReadFileEncoding= gb2312 emailtextfilemaxlength=0 Filenametolower=true
Operation succeeded
content of Login.bat:
Login.bat
: User logon server mail notification
Echo User.login
: Get logged in user
Set loginuserid=%username%
Echo%loginuserid%
: Outputs the remote IP
Netstat-ano | Find "3389" > C:\Cmds\CS\common\login\loginip.log
: Output IP
Ipconfig-all >> C:\Cmds\CS\common\login\loginip.log
C:\Cmds\CS\common\login\eKing.CmdReadFileAndSendEmailOper.exe emailname=qq89616537 emailsmtpserver=smtp.163.com [ Email protected] emailpwd=**** enablessl=false [email protected]; [Email protected]; emailtitle= "{datetime.now}-user%loginuserid% telnet 119.29.88.48 (see Code Network) server" emailtext= remote access server prompt emailencoding=gb2312 Htmlflag=false pwdtexttype=des3 emailtexttype=file dirfullname=~/filenameexpress=login*.log ReadFileEncoding= gb2312 emailtextfilemaxlength=0 Filenametolower=true
Loginip.log's content
Loginip.log
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3756
TCP 10.135.87.157:3389 61.186.27.212:42758 established 3756
TCP [::]:3389 [::]:0 LISTENING 3756
UDP 0.0.0.0:3389 *:* 3756
UDP [::]:3389 *:* 3756
Windows IP Configuration
Host name ............. : 10_135_87_157
Primary DNS suffix ........... :
Node type ............: mixed
IP routing is enabled ..........: no
WINS Proxy is enabled ..... . : No
Ethernet Adapter Ethernet:
Connect a specific DNS suffix .....:
Describe............... : Tencent VirtIO Ethernet Adapter
Physical Address ............. : 52-54-00-2b-60-fe
DHCP is enabled ........... : No
Automatic configuration enabled ..........: Yes
Local Link IPV6 address ... : fe80::3150:c7ba:927e:8325%13 (preferred)
IPV4 Address ............:10.135.87.157(preferred)
Subnet Mask ............:255.255.192.0
Default gateway ............. : 10.135.64.1
DHCPV6 IAID ........... : 340939776
DHCPV6 Client DUID .......:00-01-00-01-21-8a-d1-df-52-54-00-2b-60-fe
DNS Server ........... : 10.225.30.181
10.225.30.223
NetBIOS on the TCPIP ...: Enabled
Tunnel adapter ISATAP. {cbe3395e-cad3-4f82-8c9c-5ff8a258e753}:
Media status ............: Media is disconnected
Connect a specific DNS suffix .....:
Describe............... : Microsoft ISATAP Adapter
Physical Address ............. : 00-00-00-00-00-00-00-e0
DHCP is enabled ........... : No
Automatic configuration enabled ..........: Yes
Iv. configuration of the Scheduled tasks:Happen 1, open Control Panel 2, click on Scheduled Task 3, click Create Task 4, set general 5, new Trigger 6, set trigger 7, new action 8, set action 9, enter operating system password confirmation
Open Control Panel
Click Schedule Task
Click Create Task
Set general
New Trigger
Setting up triggers
New action
Set operation
Enter the operating system password confirmation
among them:Set input entry for operation reference:c:\cmds\cs\common\login\login.bat> C:\Cmds\CS\common\login\bat.log Also attached: DES3 encryption operation to implement the password Des3 key: Ekinglbs2018tool
Use of Des3
e . Send Email Effect:
Send Message effects
six, parameter setting:EmailName: Sender's email account | such as: QQ89616537EMAILSMTPSERVER:SMTP service | such as: smtp.163.comemailsend: Sender's email account | such as: [email protected] EMAILPWD: email password | such as: plaintext or DES3 encryption Enablessl: Using SSL Mode | Boolean type | such as: FASLE EMAILRECV: Recipient email account | such as: [email protected]; [Email protected]; Emailtitle: Message header | {datetime.now}-user%loginuserid% telnet 119.29.88.48 (see Code Network) server emailtext: message content | such as: Remote access server prompt emailencoding: message encoding | For example: gb2312/or Utf8htmlflag: content is HTML mode | Boolean type | For example: falsepwdtexttype: Password content type |text: plaintext; Des3: DES3 Encryption | such as Des3emailtexttype: message content Type |text: plain text; file: Files | such as: textdirfullname: full dir name | D:\one (no suffix) | or: ~/the directory where the executable program filenameexpress: file name expression | such as: *_bak.logreadfileencoding: Read file encoding | if: Gb2312emailtextfilemaxlength: Read file allows maximum value | Long Integer | The filelength of the same file | byte to do unit | | is not limited to Filenametolower: file is lowercase comparison | Boolean type | such as: TRUE
Use Windows Scheduled Tasks and Eking.cmdreadfileandsendemailoper (console applet) to implement email alert alerts for telnet servers