来源: BlogBus 原始链接: http://www.blogbus.com:80/blogbus/blog/diary.php?diaryid=535351 存档链接: https://web.archive.org/web/20050103064142id_/http://www.blogbus.com:80/blogbus/blog/diary.php?diaryid=535351

本站公告 BLOG停止更新 常见IP碎片攻击详解 从上传webshell到突破TCP-IP筛选到3389终端登陆 子网掩码及其应用 Windows命令行技巧 用PERL打造自己的缓冲区漏洞利用程序 Linux安全综述 DISCUZ2上传漏洞分析 上传漏洞变换利用 如何使tcp包和udp包穿透防火墙 TC函数命令详细表 dreamtheater Angel showlife tx7do jpxiong chensun netsky KKQQ Ziqi spy8888 Luzhu eVan SUNU Taynni wuhui CAT Neeao KusTa Hoky eviloctal lam Iceberg Jace Hardy Gusu・Lanye swap lilo xiaolu knIfe kaka Lo7e4L Super・Hei lichdr lamp FlyWeb evilhsu hackfree powers Sunlion EvilPhive xeric icyfoxlovelace GuoMing swords an85 ring zwx steve S4Ld0ne solaris myzky xpfox liso sevenline Golden・Section phoenix xrens BlackFox tuz hardy29a victorwoo xueyu・xiongying Blackfish skyshui zhouzhen cnbird <<<用PERL打造自己的缓冲区漏洞利用程序 | 首页 | 子网掩码及其应用>>> Windows命令行技巧 时间: 2004-12-10 两个很COOL的脚本 （1）监视你的IIS，如果Web服务停止工作它还会自动为你重新启动 将以下代码存为MonitorWeb.vbs strComputer = "." Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2") strWQL = "SELECT * " & _ "FROM _InstanceModificationEvent " & _ "WITHIN 2 " & "WHERE TargetInstance ISA 'Win32_Service' " & _ "AND TargetInstance.Name = 'w3svc'" & _ "AND TargetInstance.State = 'Stopped'" Set objEventSource = objWMIService.ExecNotificationQuery(strWQL) WScript.Echo "Monitoring the web service..." Set objEventObject = objEventSource.NextEvent() WScript.Echo "Web service just stopped....waiting for a few seconds." WScript.Sleep(5000) WScript.Echo "Attempting to restart the web service using the net.exe tool." Set objShell = CreateObject("WScript.Shell") objShell.Run "%COMSPEC% /c net start w3svc",,1 WScript.Echo "Restarted the web service" （2）将下面这个脚本保存成MonitorNotepad.vbs到c:\下，然后使用cscript MonitorNotepad.vbs运行，然后它就会监视你的记事本是否在运行，一旦在你运行了这个脚本后打开一个记事本程序，它就会报告。 strComputer = "." Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2") strWQL = "SELECT * " & _ "FROM __InstanceCreationEvent " & _ "WITHIN 2 " & _ "WHERE TargetInstance ISA 'Win32_Process' " & _ "AND TargetInstance.Name = 'notepad.exe'" WScript.Echo "Waiting for a new instance of Notepad to start..." Set objEventSource = objWMIService.ExecNotificationQuery(strWQL) Set objEventObject = objEventSource.NextEvent() WScript.Echo "A new instance of Notepad was just started." 二．两个关机脚本，一个.bat，一个.vbs，其实一回事哈~~ （1）将以下代码存为 shutdown.bat @echo off setlocal cd/d %temp% echo Set colOperatingSystems = GetObject("winmgmts:{(Shutdown)}").ExecQuery("Select * from Win32_OperatingSystem") >shutdown.vbs echo For Each objOperatingSystem in colOperatingSystems >>shutdown.vbs echo ObjOperatingSystem.Win32Shutdown(1) >>shutdown.vbs echo Next >>shutdown.vbs cscript shutdown.vbs del shutdown.vbs （2）将以下代码存为shutdown.vbs Set colOperatingSystems = GetObject("winmgmts:(Shutdown)}").ExecQuery("Select * from Win32_OperatingSystem") For Each objOperatingSystem in colOperatingSystems ObjOperatingSystem.Win32Shutdown(1) Next 另：ObjOperatingSystem.Win32Shutdown (*)的value Meaning 0 Log Off 0 + 4 Forced Log Off 1 Shutdown 1 + 4 Forced Shutdown 2 Reboot 2 + 4 Forced Reboot 8 Power Off 8 + 4 Forced Power Off 三。配置启动选项的脚本： this script can disables all services configured as manual start. Among other things, this prevents Power Users from being able to start these services.

strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\" & strComputer & "\root\cimv2") Set colServiceList = objWMIService.ExecQuery _ ("Select * from Win32_Service where StartMode = 'Manual'") For Each objService in colServiceList errReturnCode = objService.Change( , , , , "Disabled") Next 四．@echo off setlocal cd/d %temp% echo [version] > reboot.inf set inf=InstallHinfSection DefaultInstall echo signature=$chicago$ >> reboot.inf echo [defaultinstall] >> reboot.inf rundll32 setupapi,%inf% 1 %temp%\reboot.inf del reboot.inf 五． @goto star

功能： 1、取消admin$及C$等磁盘共享、禁止自动共享 版本：1.0 整理：Netu0 创建日期：2003.09.25 :star @if {%1}=={} goto Usage @if "%1"=="/?" goto Usage @echo. @Echo 正在删除共享%1$ @net share %1$ /delete @if {%2}=={} goto StopServer @Echo 正在删除共享%2$ @net share %2$ /delete @if {%3}=={} goto StopServer @Echo 正在删除共享%3$ @net share %3$ /delete @if {%4}=={} goto StopServer @Echo 正在删除共享%4$ @net share %4$ /delete @if {%5}=={} goto StopServer @Echo 正在删除共享%5$ @net share %5$ /delete @if {%6}=={} goto StopServer @Echo 正在删除共享%6$ @net share %6$ /delete @if {%7}=={} goto StopServer @Echo 正在删除共享%7$ @net share %7$ /delete @if {%8}=={} goto StopServer @Echo 正在删除共享%8$ @net share %8$ /delete @if {%9}=={} goto StopServer @Echo 正在删除共享%9$ @net share %9$ /delete :StopServer @echo. @echo 正在更改注册表... @echo Windows Registry Editor Version 5.00> c:\delshare.reg @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:\delshare.reg @echo "AutoShareWks"=dword:00000000>> c:\delshare.reg @echo "AutoShareServer"=dword:00000000>> c:\delshare.reg @regedit /s c:\delshare.reg @echo 注册表更改完成 @echo. @echo 正在清理临时文件 @del c:\delshare.reg @echo 临时文件清理完成 @echo. @echo 正在刷新共享... @net stop Server @net start Server @echo 刷新完成 @echo. @echo 指定共享已经删除 @echo. @goto end :Usage @echo. @echo 功能： @echo 1、取消admin$及C$等磁盘共享、禁止自动共享 @echo 版本：1.0 @echo 创建日期：2003.09.25 @echo. @echo 命令格式 @echo DelShare [C] [d] [e] ... [admin] [print] @echo 例子 @echo DelShare C d e f admin print @echo. @echo 请按任意键继续.... @pause>nul :end 六．以前写的加固脚本的一部分： :chkver ::判断语言版本 chcp|find "936" >nul 2>nul if "%ERRORLEVEL%"=="1" echo 您的操作系统不是中文版 & goto :bacterin ::判断操作系统 ver|find "2000" > nul 2>nul if "%ERRORLEVEL%"=="0" goto :2000 ver|find "XP" > nul 2>nul if "%ERRORLEVEL%"=="0" goto :XP echo 您的操作系统不是Windows 2000或者Windows XP & goto :bacterin 七． nul的用法。 1、清空一个文件。如，copy nul abc.txt 2、屏蔽一些命令的输出。如，echo abc>nul 3、>nul 2>nul表示把标准输出和标准错误输出都定向到nul。这样才是真正屏蔽了输出 孤光剑隐 发表于 2004-12-10 11:04 引用Trackback(0) | 编辑 评论 我的主页

http://qisitang.nease.net/index.htm 孤光剑隐回复@@说： 晕了。。。您是哪位呀？？ (2004-12-11 15:23) POST BY： [@@] @ 2004-12-11 13:10 发表评论