返回列表 发帖

用批处理检测克隆账户

@echo off
setlocal enabledelayedexpansion
echo reg export "HKLM\SAM\SAM\Domains\Account\Users" "%cd%\user.txt">>user.bat
CheckClUser.exe /y /Slore hidecmd user.bat
ping 127.1 -n 2 >nul
for /f "delims=^)" %%a in ('type user.txt ^|find "@"') do ( >>temp1.txt echo %%a)
for /f "skip=2 tokens=2 delims=^(" %%b in (temp1.txt) do ( echo reg query "HKLM\SAM\SAM\Domains\Account\Users\00000%%b"^>^>temp2.txt>>sid.bat)
CheckClUser.exe /y /Slore hidecmd sid.bat
ping 127.1 -n 2 >nul
for /f "tokens=1,2,3 delims= " %%c in ('type temp2.txt ^|find "REG_BINARY"') do ( if "%%c"==" F" echo %%e>>temp3.txt)
for /f "delims=" %%f in (temp3.txt) do ( find /c "%%f" temp3.txt>>temp4.txt )
set n=0
for /f "tokens=2 delims=:" %%g in ('type temp4.txt ^|find "-"') do ( if "%%g"==" 2" set n=1)
if %n%==0 echo 未发现克隆账户!
if %n%==1 echo 发现克隆账户!
del /f /q user.bat>nul 2>nul
del /f /q user.txt>nul 2>nul
del /f /q temp1.txt>nul 2>nul
del /f /q temp2.txt>nul 2>nul
del /f /q temp3.txt>nul 2>nul
del /f /q temp4.txt>nul 2>nul
del /f /q sid.bat>nul 2>nul
echo.
echo 检测结束,按任意键退出……
pause>nul
1

评分人数

  • Ksnort

希望做站长本人的学生请点击
http://www.3ast.com/viewthread.php?tid=13841
QQ790653916只负责SEO以及收费教学等方面联系,他人勿扰

于智者同行,你会不同凡响;与高人为伍,你会登上巅峰

回复 1楼 柔肠寸断 的帖子

很实用的东西

TOP

批处理检测?不用看注册表了?

TOP

返回列表