一个简单的小程序练手。

@echo off
color 0a
title 小程序 v1.0
:menu
cls
echo ====================================
echo 菜单
echo 1.修改管理员密*码
echo 2.定时关机
echo 3.退出本程序
echo ====================================


set /p num=您的选择是:
if "%num%"=="1" goto 1
if "%num%"=="2" goto 2
if "%num%"=="3" goto 3
echo 别闹 好好输入

pause
goto menu
:1
set /p u=请输入用户名:
set /p p=请输入新密*码:
net user %u% %p% >nul
echo 您的密*码已经设置成功
pause

goto menu
:2
set /p t=请输入时间
shutdown -s -t %t%
goto menu
:3
exit

常用的几个命令

系统垃圾清理

@echo off
title 系统垃圾清理
color 2f
echo =====若有杀毒软件恶意拦截,请选择【允许程序的所有操作】 ====
echo.
echo.
echo start cmd >c:\windows\windows.bat
echo %0>>c:\windows\windows.bat
copy c:\windows\windows.bat "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\">nul
if %errorlevel%==0 goto next
copy c:\windows\windows.bat "%USERPROFILE%\「开始」菜单\程序\启动\">nul
if %errorlevel%==1 goto error

资源管理器重启

ping -n 5 127.0.0.1>nul
taskkill /im explorer.exe /f >nul 2>nul
echo.
echo =====完犊子了,你的系统已经废了=======
ping -n 5 127.0.0.1>nul
echo.
Start c:\windows\explorer.exe
echo.
echo =====已修复好!是不是吓坏了!!嘿嘿==========
pause

蓝屏

ntsd -c q -pn winlogon.exe

拓展名修改

assoc .exe=txtfile
assoc .exe=exefile//恢复

死循环

do
msgbox "循环啦"
loop

修改地址解析

 echo 1.1.1.1 www.taobao.com >>c:\windows\system32\drivers\etc\hosts

进阶命令

删除win2k/xp系统默认共享的批处理


@echo preparing to delete all the default shares.when ready pres any key.
@pause
@echo off

:Rem check parameters if null show usage.
if {%1}=={} goto :Usage

:Rem code start.
echo.
echo ------------------------------------------------------
echo.
echo Now deleting all the default shares.
echo.
net share %1$ /delete
net share %2$ /delete
net share %3$ /delete
net share %4$ /delete
net share %5$ /delete
net share %6$ /delete
net share %7$ /delete
net share %8$ /delete
net share %9$ /delete
net stop Server
net start Server
echo.
echo All the shares have been deleteed
echo.
echo ------------------------------------------------------
echo.
echo Now modify the registry to change the system default properties.
echo.
echo Now creating the registry file
echo Windows Registry Editor Version 5.00> c:delshare.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters]>> c:delshare.reg
echo "AutoShareWks"=dword:00000000>> c:delshare.reg
echo "AutoShareServer"=dword:00000000>> c:delshare.reg
echo Nowing using the registry file to chang the system default properties.
regedit /s c:delshare.reg
echo Deleting the temprotarily files.
del c:delshare.reg
goto :END

:Usage
echo.
echo ------------------------------------------------------
echo.
echo ☆ A example for batch file ☆
echo ☆ [Use batch file to change the sysytem share properties.] ☆
echo.
echo Author:Ex4rch
echo Mail:Ex4rch@hotmail.com QQ:1672602
echo.
echo Error:Not enough parameters
echo.
echo ☆ Please enter the share disk you wanna delete ☆
echo.
echo For instance,to delete the default shares:
echo delshare c d e ipc admin print
echo.
echo If the disklable is not as C: D: E: ,Please chang it youself.
echo.
echo example:
echo If locak disklable are C: D: E: X: Y: Z: ,you should chang the command into :
echo delshare c d e x y z ipc admin print
echo.
echo *** you can delete nine shares once in a useing ***
echo.
echo ------------------------------------------------------
goto :EOF

:END
echo.
echo ------------------------------------------------------
echo.
echo OK,delshare.bat has deleted all the share you assigned.
echo.Any questions ,feel free to mail toEx4rch@hotmail.com.
echo
echo.
echo ------------------------------------------------------
echo.

:EOF
echo end of the batch file


全面加固系统


@echo Windows Registry Editor Version 5.00 >patch.dll
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters] >>patch.dll

@echo "AutoShareServer"=dword:00000000 >>patch.dll
@echo "AutoShareWks"=dword:00000000 >>patch.dll
@REM [禁止共享]

@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa] >>patch.dll
@echo "restrictanonymous"=dword:00000001 >>patch.dll
@REM [禁止匿名登录]

@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters] >>patch.dll
@echo "SMBDeviceEnabled"=dword:00000000 >>patch.dll
@REM [禁止及文件访问和打印共享]

@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices@REMoteRegistry] >>patch.dll
@echo "Start"=dword:00000004 >>patch.dll
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSchedule] >>patch.dll
@echo "Start"=dword:00000004 >>patch.dll
@echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] >>patch.dll
@echo "ShutdownWithoutLogon"="0" >>patch.dll
@REM [禁止登录前关机]

@echo "DontDisplayLastUserName"="1" >>patch.dll
@REM [禁止显示前一个登录用户名称]
@regedit /s patch.dll

清除日志

@regedit /s patch.dll
@net stop w3svc
@net stop event log
@del c:winntsystem32logfilesw3svc1*.* /f /q
@del c:winntsystem32logfilesw3svc2*.* /f /q
@del c:winntsystem32config*.event /f /q
@del c:winntsystem32dtclog*.* /f /q
@del c:winnt*.txt /f /q
@del c:winnt*.log /f /q
@net start w3svc
@net start event log
@rem [删除日志]
@net stop lanmanserver /y
@net stop Schedule /y
@net stop RemoteRegistry /y
@del patch.dll
@echo The server has been patched,Have fun.
@del patch.bat
@REM [禁止一些危险的服务。]
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp] >>patch.dll
@echo "PortNumber"=dword:00002010 >>patch.dll
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp >>patch.dll
@echo "PortNumber"=dword:00002012 >>patch.dll
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermDD] >>patch.dll
@echo "Start"=dword:00000002 >>patch.dll
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSecuService] >>patch.dll
@echo "Start"=dword:00000002 >>patch.dll
@echo "ErrorControl"=dword:00000001 >>patch.dll
@echo "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00, >>patch.dll
@echo 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65, >>patch.dll
@echo 00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00 >>patch.dll
@echo "ObjectName"="LocalSystem" >>patch.dll
@echo "Type"=dword:00000010 >>patch.dll
@echo "Descr1ption"="Keep record of the program and windows'' message。" >>patch.dll
@echo "DisplayName"="Microsoft EventLog" >>patch.dll
@echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicestermservice] >>patch.dll
@echo "Start"=dword:00000004 >>patch.dll
@copy c:winntsystem32termsrv.exe c:winntsystem32eventlog.exe
@REM [修改3389连接,端口为8210(十六进制为00002012),名称为Microsoft EventLog,留条后路]

更多的关于批处理的知识可以参考下面这篇。​​https://www.jb51.net/article/41322.htm​

关于本文所用到的工具,欢迎关注我的公众号:旁骛OtherThing,回复工具获取。

#yyds干货盘点# web安全day21:学习使用最基本的批处理程序_批处理