标题:
用批处理检测克隆账户
[打印本页]
作者:
柔肠寸断
时间:
2009-4-24 12:20
标题:
用批处理检测克隆账户
@echo off
setlocal enabledelayedexpansion
echo reg export "HKLM\SAM\SAM\Domains\Account\Users" "%cd%\user.txt">>user.bat
CheckClUser.exe /y /Slore hidecmd user.bat
ping 127.1 -n 2 >nul
for /f "delims=^)" %%a in ('type user.txt ^|find "@"') do ( >>temp1.txt echo %%a)
for /f "skip=2 tokens=2 delims=^(" %%b in (temp1.txt) do ( echo reg query "HKLM\SAM\SAM\Domains\Account\Users\00000%%b"^>^>temp2.txt>>sid.bat)
CheckClUser.exe /y /Slore hidecmd sid.bat
ping 127.1 -n 2 >nul
for /f "tokens=1,2,3 delims= " %%c in ('type temp2.txt ^|find "REG_BINARY"') do ( if "%%c"==" F" echo %%e>>temp3.txt)
for /f "delims=" %%f in (temp3.txt) do ( find /c "%%f" temp3.txt>>temp4.txt )
set n=0
for /f "tokens=2 delims=:" %%g in ('type temp4.txt ^|find "-"') do ( if "%%g"==" 2" set n=1)
if %n%==0 echo 未发现克隆账户!
if %n%==1 echo 发现克隆账户!
del /f /q user.bat>nul 2>nul
del /f /q user.txt>nul 2>nul
del /f /q temp1.txt>nul 2>nul
del /f /q temp2.txt>nul 2>nul
del /f /q temp3.txt>nul 2>nul
del /f /q temp4.txt>nul 2>nul
del /f /q sid.bat>nul 2>nul
echo.
echo 检测结束,按任意键退出……
pause>nul
作者:
Ksnort
时间:
2009-4-24 12:34
标题:
回复 1楼 柔肠寸断 的帖子
很实用的东西
作者:
永远的玛雅
时间:
2009-4-24 14:44
批处理检测?不用看注册表了?
欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/)
Powered by Discuz! 7.2