Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @echo off
- Title Best Windows Script
- color 0a
- net session >nul 2>&1
- if %errorLevel% == 0 (
- echo Yay! You ran as Admin and did something right for once!
- goto Get list of users on the computer
- ) else (
- echo You have not ran this script as an admin, please right click then run as admin.
- goto QuitAdmin
- )
- set functions=checkFiles firewall lsp audit usrRights services winFeatures registry checkUsr misc netShare flushDNS defAccounts passwords rdp installMalwarebytes installAVG installMBAnti installMBSA installRevo installSUPER lockdown tools verifySys
- reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine" /v "PowerShellVersion" /z >nul
- If %ERRORLEVEL% == 1 (
- echo POWERSHELL NOT INSTALLED, please install before continuing
- pause>nul
- exit
- )
- :Get list of users on the computer
- echo Users and Administrators output to %path%output\users.txt
- start C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "%path%resources\usrList.ps1"
- start test user script.bat
- goto auto
- :auto
- for %%a in (%functions%) do call:%%a
- goto Audit
- :Audit
- cls
- echo ======================================
- echo = Part 1 - Auditing =
- echo ======================================
- echo Part one of this script will be auditing! Lets start with Password policies!
- pause
- echo Starting AutoMatic Password Auditing. Please wait...
- net accounts /maxpwage:30
- net accounts /minpwage:10
- net accounts /minpwlen:10
- net accounts /uniquepw:24
- net accounts /lockoutthreshold:5
- net accounts /lockoutduration:30
- net accounts /lockoutwindow:30
- echo Automatic Password Policy Set! Starting Manual Password Policy, Please Wait!
- cls
- echo ======================================
- echo = Part 1 - Auditing =
- echo ======================================
- echo Make sure Password policy must meet complexity to enable
- echo make sure Store passwords using reversible encryption to disable.
- start secpol.msc /wait
- pause
- echo automatic password policies complete!
- cls
- echo ======================================
- echo = Part 2 - Auditing =
- echo ======================================
- echo Managing Guest and Admin Account
- net user guest /active:no
- net Administrater guest /active:no
- echo Renaming Administrator to "Dude" and Guest to "LameDude"
- start C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "%path%resources\RenameDefAccounts.ps1"
- echo Renamed Administrator to "Dude" and Guest to "LameDude"
- pause
- cls
- echo ======================================
- echo = Part 3 - Auditing =
- echo ======================================
- echo Setting auditing success and failure for all categories
- auditpol /set /category:* /success:enable
- auditpol /set /category:* /failure:enable
- echo Set auditing success and failure
- pause
- cls
- echo ======================================
- echo = Finished - Auditing =
- echo ======================================
- echo Auditing Successful! Next up is Firewall!
- pause
- cls
- echo ======================================
- echo = Part 1 - Firewall =
- echo ======================================
- echo Enabling firewall, please wait!
- netsh advfirewall set allprofiles state on
- echo Firewall enabled
- pause
- cls
- echo ======================================
- echo = Part 2 - Firewall =
- echo ======================================
- echo Setting Basic Firewall rules
- netsh advfirewall firewall set rule name="Remote Assistance (DCOM-In)" new enable=no
- netsh advfirewall firewall set rule name="Remote Assistance (PNRP-In)" new enable=no
- netsh advfirewall firewall set rule name="Remote Assistance (RA Server TCP-In)" new enable=no
- netsh advfirewall firewall set rule name="Remote Assistance (SSDP TCP-In)" new enable=no
- netsh advfirewall firewall set rule name="Remote Assistance (SSDP UDP-In)" new enable=no
- netsh advfirewall firewall set rule name="Remote Assistance (TCP-In)" new enable=no
- netsh advfirewall firewall set rule name="Telnet Server" new enable=no
- netsh advfirewall firewall set rule name="netcat" new enable=no
- echo Set basic firewall rules
- pause
- cls
- echo ======================================
- echo = User rights Management =
- echo ======================================
- echo Installing ntrights.exe to C:\Windows\System32
- copy %path%resources\ntrights.exe C:\Windows\System32
- if exist C:\Windows\System32\ntrights.exe (
- echo Installation succeeded, managing user rights..
- set remove=("Backup Operators" "Everyone" "Power Users" "Users" "NETWORK SERVICE" "LOCAL SERVICE" "Remote Desktop User" "ANONOYMOUS LOGON" "Guest" "Performance Log Users")
- for %%a in (%remove%) do (
- ntrights -U %%a -R SeNetworkLogonRight
- ntrights -U %%a -R SeIncreaseQuotaPrivilege
- ntrights -U %%a -R SeInteractiveLogonRight
- ntrights -U %%a -R SeRemoteInteractiveLogonRight
- ntrights -U %%a -R SeSystemtimePrivilege
- ntrights -U %%a +R SeDenyNetworkLogonRight
- ntrights -U %%a +R SeDenyRemoteInteractiveLogonRight
- ntrights -U %%a -R SeProfileSingleProcessPrivilege
- ntrights -U %%a -R SeBatchLogonRight
- ntrights -U %%a -R SeUndockPrivilege
- ntrights -U %%a -R SeRestorePrivilege
- ntrights -U %%a -R SeShutdownPrivilege
- )
- ntrights -U "Administrators" -R SeImpersonatePrivilege
- ntrights -U "Administrator" -R SeImpersonatePrivilege
- ntrights -U "SERVICE" -R SeImpersonatePrivilege
- ntrights -U "LOCAL SERVICE" +R SeImpersonatePrivilege
- ntrights -U "NETWORK SERVICE" +R SeImpersonatePrivilege
- ntrights -U "Administrators" +R SeMachineAccountPrivilege
- ntrights -U "Administrator" +R SeMachineAccountPrivilege
- ntrights -U "Administrators" -R SeIncreaseQuotaPrivilege
- ntrights -U "Administrator" -R SeIncreaseQuotaPrivilege
- ntrights -U "Administrators" -R SeDebugPrivilege
- ntrights -U "Administrator" -R SeDebugPrivilege
- ntrights -U "Administrators" +R SeLockMemoryPrivilege
- ntrights -U "Administrator" +R SeLockMemoryPrivilege
- ntrights -U "Administrators" -R SeBatchLogonRight
- ntrights -U "Administrator" -R SeBatchLogonRight
- echo Managed User Rights
- )
- goto services
- :services
- echo ======================================
- echo = Services =
- echo ======================================
- set servicesD=RemoteAccess Telephony TapiSrv Tlntsvr tlntsvr p2pimsvc simptcp fax msftpsvc iprip ftpsvc RemoteRegistry RasMan RasAuto seclogon MSFTPSVC W3SVC SMTPSVC Dfs TrkWks MSDTC DNS ERSVC NtFrs MSFtpsvc helpsvc HTTPFilter IISADMIN IsmServ WmdmPmSN Spooler RDSessMgr RPCLocator RsoPProv ShellHWDetection ScardSvr Sacsvr TermService Uploadmgr VDS VSS WINS WinHttpAutoProxySvc SZCSVC CscService hidserv IPBusEnum PolicyAgent SCPolicySvc SharedAccess SSDPSRV Themes upnphost nfssvc nfsclnt MSSQLServerADHelper
- set servicesM=dmserver SrvcSurg
- set servicesG=Dhcp Dnscache NtLmSsp
- echo Disabling bad services...
- for %%a in (%servicesD%) do (
- echo Service: %%a
- sc stop "%%a"
- sc config "%%a" start= disabled
- )
- echo Disabled bad services
- pause
- echo Setting services to manual...
- for %%b in (%servicesM%) do (
- echo Service: %%b
- sc config "%%b" start= demand
- )
- echo Set services to manual
- pause
- echo Seting services to auto...
- for %%c in (%servicesG%) do (
- echo Service: %%c
- sc config "%%c" start= auto
- )
- echo Started auto services
- pause
- cls
- goto winFeatures
- :winFeatures
- echo ======================================
- echo = Windows Features =
- echo ======================================
- echo Installing Dism.exe
- copy %path%resources\Dism.exe C:\Windows\System32
- xcopy %path%resources\Dism C:\Windows\System32
- echo Disabling Windows features...
- set features=IIS-WebServerRole IIS-WebServer IIS-CommonHttpFeatures IIS-HttpErrors IIS-HttpRedirect IIS-ApplicationDevelopment IIS-NetFxExtensibility IIS-NetFxExtensibility45 IIS-HealthAndDiagnostics IIS-HttpLogging IIS-LoggingLibraries IIS-RequestMonitor IIS-HttpTracing IIS-Security IIS-URLAuthorization IIS-RequestFiltering IIS-IPSecurity IIS-Performance IIS-HttpCompressionDynamic IIS-WebServerManagementTools IIS-ManagementScriptingTools IIS-IIS6ManagementCompatibility IIS-Metabase IIS-HostableWebCore IIS-StaticContent IIS-DefaultDocument IIS-DirectoryBrowsing IIS-WebDAV IIS-WebSockets IIS-ApplicationInit IIS-ASPNET IIS-ASPNET45 IIS-ASP IIS-CGI IIS-ISAPIExtensions IIS-ISAPIFilter IIS-ServerSideIncludes IIS-CustomLogging IIS-BasicAuthentication IIS-HttpCompressionStatic IIS-ManagementConsole IIS-ManagementService IIS-WMICompatibility IIS-LegacyScripts IIS-LegacySnapIn IIS-FTPServer IIS-FTPSvc IIS-FTPExtensibility TFTP TelnetClient TelnetServer
- for %%a in (%features%) do dism /online /disable-feature /featurename:%%a
- echo Disabled Windows features
- pause
- cls
- goto RegKeys
- :RegKeys
- echo ======================================
- echo = Registry Keys =
- echo ======================================
- echo Managing registry keys...
- ::Windows auomatic updates
- reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AutoInstallMinorUpdates /t REG_DWORD /d 1 /f
- reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 0 /f
- reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 4 /f
- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 4 /f
- reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v DisableWindowsUpdateAccess /t REG_DWORD /d 0 /f
- reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v ElevateNonAdmins /t REG_DWORD /d 0 /f
- reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoWindowsUpdate /t REG_DWORD /d 0 /f
- reg add "HKLM\SYSTEM\Internet Communication Management\Internet Communication" /v DisableWindowsUpdateAccess /t REG_DWORD /d 0 /f
- reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate /v DisableWindowsUpdateAccess /t REG_DWORD /d 0 /f
- ::Restrict CD ROM drive
- reg ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AllocateCDRoms /t REG_DWORD /d 1 /f
- ::Disallow remote access to floppy disks
- reg ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AllocateFloppies /t REG_DWORD /d 1 /f
- ::Disable auto Admin logon
- reg ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_DWORD /d 0 /f
- ::Clear page file (Will take longer to shutdown)
- reg ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v ClearPageFileAtShutdown /t REG_DWORD /d 1 /f
- ::Prevent users from installing printer drivers
- reg ADD "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers" /v AddPrinterDrivers /t REG_DWORD /d 1 /f
- ::Add auditing to Lsass.exe
- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe" /v AuditLevel /t REG_DWORD /d 00000008 /f
- ::Enable LSA protection
- reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 00000001 /f
- ::Limit use of blank passwords
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v LimitBlankPasswordUse /t REG_DWORD /d 1 /f
- ::Auditing access of Global System Objects
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v auditbaseobjects /t REG_DWORD /d 1 /f
- ::Auditing Backup and Restore
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v fullprivilegeauditing /t REG_DWORD /d 1 /f
- ::Restrict Anonymous Enumeration #1
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t REG_DWORD /d 1 /f
- ::Restrict Anonymous Enumeration #2
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymoussam /t REG_DWORD /d 1 /f
- ::Disable storage of domain passwords
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v disabledomaincreds /t REG_DWORD /d 1 /f
- ::Take away Anonymous user Everyone permissions
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v everyoneincludesanonymous /t REG_DWORD /d 0 /f
- ::Allow Machine ID for NTLM
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v UseMachineId /t REG_DWORD /d 0 /f
- ::Do not display last user on logon
- reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v dontdisplaylastusername /t REG_DWORD /d 1 /f
- ::Enable UAC
- reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
- ::UAC setting (Prompt on Secure Desktop)
- reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t REG_DWORD /d 1 /f
- ::Enable Installer Detection
- reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableInstallerDetection /t REG_DWORD /d 1 /f
- ::Disable undocking without logon
- reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v undockwithoutlogon /t REG_DWORD /d 0 /f
- ::Enable CTRL+ALT+DEL
- reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCAD /t REG_DWORD /d 0 /f
- ::Max password age
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v MaximumPasswordAge /t REG_DWORD /d 15 /f
- ::Disable machine account password changes
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v DisablePasswordChange /t REG_DWORD /d 1 /f
- ::Require strong session key
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v RequireStrongKey /t REG_DWORD /d 1 /f
- ::Require Sign/Seal
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v RequireSignOrSeal /t REG_DWORD /d 1 /f
- ::Sign Channel
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v SignSecureChannel /t REG_DWORD /d 1 /f
- ::Seal Channel
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v SealSecureChannel /t REG_DWORD /d 1 /f
- ::Set idle time to 45 minutes
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v autodisconnect /t REG_DWORD /d 45 /f
- ::Require Security Signature - Disabled pursuant to checklist:::
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v enablesecuritysignature /t REG_DWORD /d 0 /f
- ::Enable Security Signature - Disabled pursuant to checklist:::
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v requiresecuritysignature /t REG_DWORD /d 0 /f
- ::Clear null session pipes
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v NullSessionPipes /t REG_MULTI_SZ /d "" /f
- ::Restict Anonymous user access to named pipes and shares
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v NullSessionShares /t REG_MULTI_SZ /d "" /f
- ::Encrypt SMB Passwords
- reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters /v EnablePlainTextPassword /t REG_DWORD /d 0 /f
- ::Clear remote registry paths
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedExactPaths /v Machine /t REG_MULTI_SZ /d "" /f
- ::Clear remote registry paths and sub-paths
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths /v Machine /t REG_MULTI_SZ /d "" /f
- ::Enable smart screen for IE8
- reg ADD "HKCU\Software\Microsoft\Internet Explorer\PhishingFilter" /v EnabledV8 /t REG_DWORD /d 1 /f
- ::Enable smart screen for IE9 and up
- reg ADD "HKCU\Software\Microsoft\Internet Explorer\PhishingFilter" /v EnabledV9 /t REG_DWORD /d 1 /f
- ::Disable IE password caching
- reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v DisablePasswordCaching /t REG_DWORD /d 1 /f
- ::Warn users if website has a bad certificate
- reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v WarnonBadCertRecving /t REG_DWORD /d 1 /f
- ::Warn users if website redirects
- reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v WarnOnPostRedirect /t REG_DWORD /d 1 /f
- ::Enable Do Not Track
- reg ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v DoNotTrack /t REG_DWORD /d 1 /f
- reg ADD "HKCU\Software\Microsoft\Internet Explorer\Download" /v RunInvalidSignatures /t REG_DWORD /d 1 /f
- reg ADD "HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings" /v LOCALMACHINE_CD_UNLOCK /t REG_DWORD /d 1 /f
- reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v WarnonZoneCrossing /t REG_DWORD /d 1 /f
- ::Show hidden files
- reg ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 1 /f
- ::Disable sticky keys
- reg ADD "HKU\.DEFAULT\Control Panel\Accessibility\StickyKeys" /v Flags /t REG_SZ /d 506 /f
- ::Show super hidden files
- reg ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
- ::Disable dump file creation
- reg ADD HKLM\SYSTEM\CurrentControlSet\Control\CrashControl /v CrashDumpEnabled /t REG_DWORD /d 0 /f
- ::Disable autoruns
- reg ADD HKCU\SYSTEM\CurrentControlSet\Services\CDROM /v AutoRun /t REG_DWORD /d 1 /f
- echo Managed registry keys
- pause
- cls
- goto ManUsers
- :ManUsers
- echo ======================================
- echo = Manage Users =
- echo ======================================
- net user > C:\Users\%username%\Desktop\Users.txt
- echo Please look through the list of users and remove any unauthorized users.
- start C:\Users\%username%\Desktop\Users.txt
- start lusrmgr.msc
- pause
- cls
- goto misc
- :misc
- echo ======================================
- echo = Misc Settings =
- echo ======================================
- echo Setting power settings...
- powercfg -SETDCVALUEINDEX SCHEME_BALANCED SUB_NONE CONSOLELOCK 1
- powercfg -SETDCVALUEINDEX SCHEME_MIN SUB_NONE CONSOLELOCK 1
- powercfg -SETDCVALUEINDEX SCHEME_MAX SUB_NONE CONSOLELOCK 1
- echo Set power settings
- goto NetSh
- :NetSh
- echo ======================================
- echo = Network Shares =
- echo ======================================
- Sending Network shares to C:\Users\%username%\Desktop\Netshare.txt
- net share > C:\Users\%username%\Desktop\Netshare.txt
- start C:\Users\%username%\Desktop\Netshare.txt
- pause
- cls
- goto flushingDNS
- :flushingDNS
- echo ======================================
- echo = Flush the DNS =
- echo ======================================
- echo Flushing DNS
- ipconfig /flushdns >nul
- echo Flushed DNS
- echo Clearing contents of: C:\Windows\System32\drivers\etc\hosts
- attrib -r -s C:\WINDOWS\system32\drivers\etc\hosts
- echo > C:\Windows\System32\drivers\etc\hosts
- attrib +r +s C:\WINDOWS\system32\drivers\etc\hosts
- echo Cleared hosts file
- pause
- cls
- goto FlashingUsersAndPrograms
- :FlashingUsersAndPrograms
- echo ===============================
- echo = Flashing users and Programs =
- echo ===============================
- echo Flashing Disk to .flashed Files to reference....
- dir /b /s "C:\Program Files\" > programfiles.flashed
- dir /b /s "C:\Program Files (x86)\" >> programfiles.flashed
- echo Program Files flashed
- dir /b /s "C:\Users\" > users.flashed
- dir /b /s "C:\Documents and Settings" >> users.flashed
- echo User profiles flashed
- dir /b /s "C:\" > c.flashed
- echo C:\ Flashed
- pause
- echo Finding media files in C:\Users and/or C:\Documents and Settings...
- findstr .mp3 users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.mp3 > media_audio
- findstr .ac3 users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.ac3 >> media_audio
- findstr .aac users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.aac >> media_audio
- findstr .aiff users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.aiff >> media_audio
- findstr .flac users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.flac >> media_audio
- findstr .m4a users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.m4a >> media_audio
- findstr .m4p users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.m4p >> media_audio
- findstr .midi users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.midi >> media_audio
- findstr .mp2 users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.mp2 >> media_audio
- findstr .m3u users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.m3u >> media_audio
- findstr .ogg users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.ogg >> media_audio
- findstr .vqf users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.vqf >> media_audio
- findstr .wav users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.wav >> media_audio
- findstr .wma users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.wma >> media_video
- findstr .mp4 users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.mp4 >> media_video
- findstr .avi users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.avi >> media_video
- findstr .mpeg4 users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ .mpeg4 >> media_video
- REM BREAKLINE
- findstr .gif users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.gif >> media_pics
- findstr .png users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.png >> media_pics
- findstr .bmp users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ *.bmp >> media_pics
- findstr .jpg users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ .jpg >> media_pics
- findstr .jpeg users.flashed >NUL
- if %errorlevel%==0 where /r c:\Users\ .jpeg >> media_pics
- C:\WINDOWS\system32\notepad.exe media_video
- C:\WINDOWS\system32\notepad.exe media_audio
- C:\WINDOWS\system32\notepad.exe media_pics
- echo Finding Hacktools now...
- findstr "Cain" programfiles.flashed
- if %errorlevel%==0 (
- echo Cain detected. Please take note, then press any key.
- pause >NUL
- )
- cls
- findstr "nmap" programfiles.flashed
- if %errorlevel%==0 (
- echo Nmap detected. Please take note, then press any key.
- pause >NUL
- )
- cls
- findstr "keylogger" programfiles.flashed
- if %errorlevel%==0 (
- echo Potential keylogger detected. Please take note, then press any key.
- pause >NUL
- )
- cls
- findstr "Armitage" programfiles.flashed
- if %errorlevel%==0 (
- echo Potential Armitage detected. Please take note, then press any key.
- pause >NUL
- )
- cls
- findstr "Metasploit" programfiles.flashed
- if %errorlevel%==0 (
- echo Potential Metasploit framework detected. Please take note, then press any key.
- pause >NUL
- )
- cls
- findstr "Shellter" programfiles.flashed
- if %errorlevel%==0 (
- echo Potential Shellter detected. Please take note, then press any key.
- pause >NUL
- )
- goto rdp
- :rdp
- echo ======================================
- echo = Remote Desktop =
- echo ======================================
- set /p rdpChk="Enable remote desktop (y/n)"
- if %rdpChk%==y (
- echo Enabling remote desktop...
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowTSConnections /t REG_DWORD /d 1 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 1 /f
- REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
- netsh advfirewall firewall set rule group="remote desktop" new enable=yes
- echo Please select "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)"
- start SystemPropertiesRemote.exe /wait
- pause
- echo Enabled remote desktop
- goto:QuitNormal
- )
- if %rdpChk%==n (
- echo Disabling remote desktop...
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowTSConnections /t REG_DWORD /d 0 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 0 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
- netsh advfirewall firewall set rule group="remote desktop" new enable=no
- echo Disabled remote desktop
- goto:QuitNormal
- )
- if %rdpChk%==Y (
- echo Enabling remote desktop...
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowTSConnections /t REG_DWORD /d 1 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 1 /f
- REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
- netsh advfirewall firewall set rule group="remote desktop" new enable=yes
- echo Please select "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)"
- start SystemPropertiesRemote.exe /wait
- pause
- echo Enabled remote desktop
- goto:QuitNormal
- )
- if %rdpChk%==N (
- echo Disabling remote desktop...
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowTSConnections /t REG_DWORD /d 0 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 0 /f
- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
- netsh advfirewall firewall set rule group="remote desktop" new enable=no
- echo Disabled remote desktop
- goto:QuitNormal
- )
- echo Invalid input %rdpChk%
- goto rdp
- :QuitAdmin
- echo Please Run as Admin before continuing!
- pause
- exit
- :QuitNormal
- cls
- echo ======================================
- echo = All done! =
- echo ======================================
- echo You are all done! Just look over your checklist and go through it!
- pause
- exit
Add Comment
Please, Sign In to add comment