web安全day21:学习使用最基本的批处理程序
2023-09-11 14:14:52 时间
一个简单的小程序练手。
@echo off color 0a title 小程序 v1.0 :menu cls echo ==================================== echo 菜单 echo 1.修改管理员密*码 echo 2.定时关机 echo 3.退出本程序 echo ==================================== set /p num=您的选择是: if "%num%"=="1" goto 1 if "%num%"=="2" goto 2 if "%num%"=="3" goto 3 echo 别闹 好好输入 pause goto menu :1 set /p u=请输入用户名: set /p p=请输入新密*码: net user %u% %p% >nul echo 您的密*码已经设置成功 pause goto menu :2 set /p t=请输入时间 shutdown -s -t %t% goto menu :3 exit
常用的几个命令
系统垃圾清理
@echo off title 系统垃圾清理 color 2f echo =====若有杀毒软件恶意拦截,请选择【允许程序的所有操作】 ==== echo. echo. echo start cmd >c:\windows\windows.bat echo %0>>c:\windows\windows.bat copy c:\windows\windows.bat "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\">nul if %errorlevel%==0 goto next copy c:\windows\windows.bat "%USERPROFILE%\「开始」菜单\程序\启动\">nul if %errorlevel%==1 goto error
资源管理器重启
ping -n 5 127.0.0.1>nul taskkill /im explorer.exe /f >nul 2>nul echo. echo =====完犊子了,你的系统已经废了======= ping -n 5 127.0.0.1>nul echo. Start c:\windows\explorer.exe echo. echo =====已修复好!是不是吓坏了!!嘿嘿========== pause
蓝屏
ntsd -c q -pn winlogon.exe
拓展名修改
assoc .exe=txtfile assoc .exe=exefile//恢复
死循环
do msgbox "循环啦" loop
修改地址解析
echo 1.1.1.1 www.taobao.com >>c:\windows\system32\drivers\etc\hosts
进阶命令
删除win2k/xp系统默认共享的批处理
@echo preparing to delete all the default shares.when ready pres any key. @pause @echo off :Rem check parameters if null show usage. if {%1}=={} goto :Usage :Rem code start. echo. echo ------------------------------------------------------ echo. echo Now deleting all the default shares. echo. net share %1$ /delete net share %2$ /delete net share %3$ /delete net share %4$ /delete net share %5$ /delete net share %6$ /delete net share %7$ /delete net share %8$ /delete net share %9$ /delete net stop Server net start Server echo. echo All the shares have been deleteed echo. echo ------------------------------------------------------ echo. echo Now modify the registry to change the system default properties. echo. echo Now creating the registry file echo Windows Registry Editor Version 5.00> c:delshare.reg echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters]>> c:delshare.reg echo "AutoShareWks"=dword:00000000>> c:delshare.reg echo "AutoShareServer"=dword:00000000>> c:delshare.reg echo Nowing using the registry file to chang the system default properties. regedit /s c:delshare.reg echo Deleting the temprotarily files. del c:delshare.reg goto :END :Usage echo. echo ------------------------------------------------------ echo. echo ☆ A example for batch file ☆ echo ☆ [Use batch file to change the sysytem share properties.] ☆ echo. echo Author:Ex4rch echo Mail:Ex4rch@hotmail.com QQ:1672602 echo. echo Error:Not enough parameters echo. echo ☆ Please enter the share disk you wanna delete ☆ echo. echo For instance,to delete the default shares: echo delshare c d e ipc admin print echo. echo If the disklable is not as C: D: E: ,Please chang it youself. echo. echo example: echo If locak disklable are C: D: E: X: Y: Z: ,you should chang the command into : echo delshare c d e x y z ipc admin print echo. echo *** you can delete nine shares once in a useing *** echo. echo ------------------------------------------------------ goto :EOF :END echo. echo ------------------------------------------------------ echo. echo OK,delshare.bat has deleted all the share you assigned. echo.Any questions ,feel free to mail toEx4rch@hotmail.com. echo echo. echo ------------------------------------------------------ echo. :EOF echo end of the batch file
全面加固系统
@echo Windows Registry Editor Version 5.00 >patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters] >>patch.dll @echo "AutoShareServer"=dword:00000000 >>patch.dll @echo "AutoShareWks"=dword:00000000 >>patch.dll @REM [禁止共享] @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa] >>patch.dll @echo "restrictanonymous"=dword:00000001 >>patch.dll @REM [禁止匿名登录] @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters] >>patch.dll @echo "SMBDeviceEnabled"=dword:00000000 >>patch.dll @REM [禁止及文件访问和打印共享] @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices@REMoteRegistry] >>patch.dll @echo "Start"=dword:00000004 >>patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSchedule] >>patch.dll @echo "Start"=dword:00000004 >>patch.dll @echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] >>patch.dll @echo "ShutdownWithoutLogon"="0" >>patch.dll @REM [禁止登录前关机] @echo "DontDisplayLastUserName"="1" >>patch.dll @REM [禁止显示前一个登录用户名称] @regedit /s patch.dll
清除日志
@regedit /s patch.dll @net stop w3svc @net stop event log @del c:winntsystem32logfilesw3svc1*.* /f /q @del c:winntsystem32logfilesw3svc2*.* /f /q @del c:winntsystem32config*.event /f /q @del c:winntsystem32dtclog*.* /f /q @del c:winnt*.txt /f /q @del c:winnt*.log /f /q @net start w3svc @net start event log @rem [删除日志] @net stop lanmanserver /y @net stop Schedule /y @net stop RemoteRegistry /y @del patch.dll @echo The server has been patched,Have fun. @del patch.bat @REM [禁止一些危险的服务。] @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp] >>patch.dll @echo "PortNumber"=dword:00002010 >>patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp >>patch.dll @echo "PortNumber"=dword:00002012 >>patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermDD] >>patch.dll @echo "Start"=dword:00000002 >>patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSecuService] >>patch.dll @echo "Start"=dword:00000002 >>patch.dll @echo "ErrorControl"=dword:00000001 >>patch.dll @echo "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00, >>patch.dll @echo 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65, >>patch.dll @echo 00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00 >>patch.dll @echo "ObjectName"="LocalSystem" >>patch.dll @echo "Type"=dword:00000010 >>patch.dll @echo "Descr1ption"="Keep record of the program and windows'' message。" >>patch.dll @echo "DisplayName"="Microsoft EventLog" >>patch.dll @echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicestermservice] >>patch.dll @echo "Start"=dword:00000004 >>patch.dll @copy c:winntsystem32termsrv.exe c:winntsystem32eventlog.exe @REM [修改3389连接,端口为8210(十六进制为00002012),名称为Microsoft EventLog,留条后路]
更多的关于批处理的知识可以参考下面这篇。https://www.jb51.net/article/41322.htm
关于本文所用到的工具,欢迎关注我的公众号:旁骛OtherThing,回复工具获取。
相关文章
- 云集,让 web app 像 native app 那样运行(雄起吧,Web 开发者)
- 自定义Dictionary支持线程安全
- 《ASP.NET MVC4 WEB编程》学习笔记------Web API 续
- 《ASP.NET MVC4 WEB编程》学习笔记------Web API
- 中国云市场已在风口,垂直云、混合云和安全云或在风口起飞
- 安全测试全面总结-10-OWASP-ZAP工具使用
- spring boot:接口站增加api版本号后的安全增强(spring boot 2.3.3)
- 甲方企业安全建设免费开源工具列表
- Servlet, Struts2和SpringMVC 并发访问线程安全问题
- 【阿里云资讯】混合云安全解决方案终于来了
- Android应用安全开发之浅谈密钥硬编码
- 【反传销】传销故事总结—如何尽可能保护自身和家人安全
- Atitit web 之道 艾龙著 Atitit web 之道 艾龙艾提拉著v2 saa.docx 1. 第1章 Web编程基础知识 (1)3 1.1. 1.1 什么是Web (1)3 1.2.
- Atitit.web三大编程模型 Web Page Web Forms 和 MVC
- WEB应用程序安全吗?试试 Acunetix 吧
- WEB漏洞攻防 - 文件上传漏洞 - 配和文件解析漏洞绕过安全检测突破文件上传漏洞
- WEB安全入门:如何防止 CSRF 攻击?
- 《Web安全渗透全套教程(40集)》学习笔记 | 文d件d包d含d渗d透d原理及实验
- Web安全应用
- (2023版)零基础入门网络安全/Web安全,收藏这一篇就够了
- 支持DevOps和功能安全/信息安全的静态代码分析器 Klocwork——Klocwork的主要功能特性:基于SAST(静态应⽤程序安全测试)查找安全漏洞;支持DevOps;⽀持⾏业标准要求的编码规范
- 2.中间件安全基础(二)
- 安天透过北美DDoS事件解读IoT设备安全——Mirai的主要感染对象是linux物联网设备,包括:路由器、网络摄像头、DVR设备,入侵主要通过telnet端口进行流行密码档暴力破解,或默认密码登陆,下载DDoS功能的bot,运行控制物联网设备
- 猿创征文|docker本地私人仓库快速搭建后的安全优化(用户鉴权和简易的web界面开启)
- 零基础如何入门渗透and黑客「web安全」
- 从源头开始学习 Java 单例模式:线程安全和性能的双重保障
- Windows逆向安全(一)之基础知识(四)