API tools faq
paste
Guest User

Untitled

a guest
Feb 23rd, 2018
96
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.31 KB | None | 0 0
raw download clone embed print report
  1. @echo off
  2. Title Best Windows Script
  3. color 0a
  4. net session >nul 2>&1
  5. if %errorLevel% == 0 (
  6. echo Yay! You ran as Admin and did something right for once!
  7. goto Get list of users on the computer
  8. ) else (
  9. echo You have not ran this script as an admin, please right click then run as admin.
  10. goto QuitAdmin
  11. )
  12. set functions=checkFiles firewall lsp audit usrRights services winFeatures registry checkUsr misc netShare flushDNS defAccounts passwords rdp installMalwarebytes installAVG installMBAnti installMBSA installRevo installSUPER lockdown tools verifySys
  13.  
  14. reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine" /v "PowerShellVersion" /z >nul
  15. If %ERRORLEVEL% == 1 (
  16. echo POWERSHELL NOT INSTALLED, please install before continuing
  17. pause>nul
  18. exit
  19. )
  20. :Get list of users on the computer
  21. echo Users and Administrators output to %path%output\users.txt
  22. start C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "%path%resources\usrList.ps1"
  23. start test user script.bat
  24. goto auto
  25.  
  26. :auto
  27. for %%a in (%functions%) do call:%%a
  28. goto Audit
  29.  
  30. :Audit
  31. cls
  32. echo ======================================
  33. echo = Part 1 - Auditing =
  34. echo ======================================
  35. echo Part one of this script will be auditing! Lets start with Password policies!
  36. pause
  37. echo Starting AutoMatic Password Auditing. Please wait...
  38. net accounts /maxpwage:30
  39. net accounts /minpwage:10
  40. net accounts /minpwlen:10
  41. net accounts /uniquepw:24
  42. net accounts /lockoutthreshold:5
  43. net accounts /lockoutduration:30
  44. net accounts /lockoutwindow:30
  45. echo Automatic Password Policy Set! Starting Manual Password Policy, Please Wait!
  46. cls
  47. echo ======================================
  48. echo = Part 1 - Auditing =
  49. echo ======================================
  50. echo Make sure Password policy must meet complexity to enable
  51. echo make sure Store passwords using reversible encryption to disable.
  52. start secpol.msc /wait
  53. pause
  54. echo automatic password policies complete!
  55. cls
  56. echo ======================================
  57. echo = Part 2 - Auditing =
  58. echo ======================================
  59. echo Managing Guest and Admin Account
  60. net user guest /active:no
  61. net Administrater guest /active:no
  62. echo Renaming Administrator to "Dude" and Guest to "LameDude"
  63. start C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "%path%resources\RenameDefAccounts.ps1"
  64. echo Renamed Administrator to "Dude" and Guest to "LameDude"
  65. pause
  66. cls
  67. echo ======================================
  68. echo = Part 3 - Auditing =
  69. echo ======================================
  70. echo Setting auditing success and failure for all categories
  71. auditpol /set /category:* /success:enable
  72. auditpol /set /category:* /failure:enable
  73. echo Set auditing success and failure
  74. pause
  75. cls
  76. echo ======================================
  77. echo = Finished - Auditing =
  78. echo ======================================
  79. echo Auditing Successful! Next up is Firewall!
  80. pause
  81. cls
  82. echo ======================================
  83. echo = Part 1 - Firewall =
  84. echo ======================================
  85. echo Enabling firewall, please wait!
  86. netsh advfirewall set allprofiles state on
  87. echo Firewall enabled
  88. pause
  89. cls
  90. echo ======================================
  91. echo = Part 2 - Firewall =
  92. echo ======================================
  93. echo Setting Basic Firewall rules
  94. netsh advfirewall firewall set rule name="Remote Assistance (DCOM-In)" new enable=no
  95. netsh advfirewall firewall set rule name="Remote Assistance (PNRP-In)" new enable=no
  96. netsh advfirewall firewall set rule name="Remote Assistance (RA Server TCP-In)" new enable=no
  97. netsh advfirewall firewall set rule name="Remote Assistance (SSDP TCP-In)" new enable=no
  98. netsh advfirewall firewall set rule name="Remote Assistance (SSDP UDP-In)" new enable=no
  99. netsh advfirewall firewall set rule name="Remote Assistance (TCP-In)" new enable=no
  100. netsh advfirewall firewall set rule name="Telnet Server" new enable=no
  101. netsh advfirewall firewall set rule name="netcat" new enable=no
  102. echo Set basic firewall rules
  103. pause
  104. cls
  105. echo ======================================
  106. echo = User rights Management =
  107. echo ======================================
  108. echo Installing ntrights.exe to C:\Windows\System32
  109. copy %path%resources\ntrights.exe C:\Windows\System32
  110. if exist C:\Windows\System32\ntrights.exe (
  111. echo Installation succeeded, managing user rights..
  112. set remove=("Backup Operators" "Everyone" "Power Users" "Users" "NETWORK SERVICE" "LOCAL SERVICE" "Remote Desktop User" "ANONOYMOUS LOGON" "Guest" "Performance Log Users")
  113. for %%a in (%remove%) do (
  114. ntrights -U %%a -R SeNetworkLogonRight
  115. ntrights -U %%a -R SeIncreaseQuotaPrivilege
  116. ntrights -U %%a -R SeInteractiveLogonRight
  117. ntrights -U %%a -R SeRemoteInteractiveLogonRight
  118. ntrights -U %%a -R SeSystemtimePrivilege
  119. ntrights -U %%a +R SeDenyNetworkLogonRight
  120. ntrights -U %%a +R SeDenyRemoteInteractiveLogonRight
  121. ntrights -U %%a -R SeProfileSingleProcessPrivilege
  122. ntrights -U %%a -R SeBatchLogonRight
  123. ntrights -U %%a -R SeUndockPrivilege
  124. ntrights -U %%a -R SeRestorePrivilege
  125. ntrights -U %%a -R SeShutdownPrivilege
  126. )
  127. ntrights -U "Administrators" -R SeImpersonatePrivilege
  128. ntrights -U "Administrator" -R SeImpersonatePrivilege
  129. ntrights -U "SERVICE" -R SeImpersonatePrivilege
  130. ntrights -U "LOCAL SERVICE" +R SeImpersonatePrivilege
  131. ntrights -U "NETWORK SERVICE" +R SeImpersonatePrivilege
  132. ntrights -U "Administrators" +R SeMachineAccountPrivilege
  133. ntrights -U "Administrator" +R SeMachineAccountPrivilege
  134. ntrights -U "Administrators" -R SeIncreaseQuotaPrivilege
  135. ntrights -U "Administrator" -R SeIncreaseQuotaPrivilege
  136. ntrights -U "Administrators" -R SeDebugPrivilege
  137. ntrights -U "Administrator" -R SeDebugPrivilege
  138. ntrights -U "Administrators" +R SeLockMemoryPrivilege
  139. ntrights -U "Administrator" +R SeLockMemoryPrivilege
  140. ntrights -U "Administrators" -R SeBatchLogonRight
  141. ntrights -U "Administrator" -R SeBatchLogonRight
  142. echo Managed User Rights
  143. )
  144. goto services
  145.  
  146. :services
  147. echo ======================================
  148. echo = Services =
  149. echo ======================================
  150. set servicesD=RemoteAccess Telephony TapiSrv Tlntsvr tlntsvr p2pimsvc simptcp fax msftpsvc iprip ftpsvc RemoteRegistry RasMan RasAuto seclogon MSFTPSVC W3SVC SMTPSVC Dfs TrkWks MSDTC DNS ERSVC NtFrs MSFtpsvc helpsvc HTTPFilter IISADMIN IsmServ WmdmPmSN Spooler RDSessMgr RPCLocator RsoPProv ShellHWDetection ScardSvr Sacsvr TermService Uploadmgr VDS VSS WINS WinHttpAutoProxySvc SZCSVC CscService hidserv IPBusEnum PolicyAgent SCPolicySvc SharedAccess SSDPSRV Themes upnphost nfssvc nfsclnt MSSQLServerADHelper
  151. set servicesM=dmserver SrvcSurg
  152. set servicesG=Dhcp Dnscache NtLmSsp
  153. echo Disabling bad services...
  154. for %%a in (%servicesD%) do (
  155. echo Service: %%a
  156. sc stop "%%a"
  157. sc config "%%a" start= disabled
  158. )
  159. echo Disabled bad services
  160. pause
  161. echo Setting services to manual...
  162. for %%b in (%servicesM%) do (
  163. echo Service: %%b
  164. sc config "%%b" start= demand
  165. )
  166. echo Set services to manual
  167. pause
  168. echo Seting services to auto...
  169. for %%c in (%servicesG%) do (
  170. echo Service: %%c
  171. sc config "%%c" start= auto
  172. )
  173. echo Started auto services
  174. pause
  175. cls
  176. goto winFeatures
  177.  
  178. :winFeatures
  179. echo ======================================
  180. echo = Windows Features =
  181. echo ======================================
  182. echo Installing Dism.exe
  183. copy %path%resources\Dism.exe C:\Windows\System32
  184. xcopy %path%resources\Dism C:\Windows\System32
  185. echo Disabling Windows features...
  186. set features=IIS-WebServerRole IIS-WebServer IIS-CommonHttpFeatures IIS-HttpErrors IIS-HttpRedirect IIS-ApplicationDevelopment IIS-NetFxExtensibility IIS-NetFxExtensibility45 IIS-HealthAndDiagnostics IIS-HttpLogging IIS-LoggingLibraries IIS-RequestMonitor IIS-HttpTracing IIS-Security IIS-URLAuthorization IIS-RequestFiltering IIS-IPSecurity IIS-Performance IIS-HttpCompressionDynamic IIS-WebServerManagementTools IIS-ManagementScriptingTools IIS-IIS6ManagementCompatibility IIS-Metabase IIS-HostableWebCore IIS-StaticContent IIS-DefaultDocument IIS-DirectoryBrowsing IIS-WebDAV IIS-WebSockets IIS-ApplicationInit IIS-ASPNET IIS-ASPNET45 IIS-ASP IIS-CGI IIS-ISAPIExtensions IIS-ISAPIFilter IIS-ServerSideIncludes IIS-CustomLogging IIS-BasicAuthentication IIS-HttpCompressionStatic IIS-ManagementConsole IIS-ManagementService IIS-WMICompatibility IIS-LegacyScripts IIS-LegacySnapIn IIS-FTPServer IIS-FTPSvc IIS-FTPExtensibility TFTP TelnetClient TelnetServer
  187. for %%a in (%features%) do dism /online /disable-feature /featurename:%%a
  188. echo Disabled Windows features
  189. pause
  190. cls
  191. goto RegKeys
  192.  
  193. :RegKeys
  194. echo ======================================
  195. echo = Registry Keys =
  196. echo ======================================
  197. echo Managing registry keys...
  198. ::Windows auomatic updates
  199. reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AutoInstallMinorUpdates /t REG_DWORD /d 1 /f
  200. reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 0 /f
  201. reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 4 /f
  202. reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 4 /f
  203. reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v DisableWindowsUpdateAccess /t REG_DWORD /d 0 /f
  204. reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v ElevateNonAdmins /t REG_DWORD /d 0 /f
  205. reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoWindowsUpdate /t REG_DWORD /d 0 /f
  206. reg add "HKLM\SYSTEM\Internet Communication Management\Internet Communication" /v DisableWindowsUpdateAccess /t REG_DWORD /d 0 /f
  207. reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate /v DisableWindowsUpdateAccess /t REG_DWORD /d 0 /f
  208. ::Restrict CD ROM drive
  209. reg ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AllocateCDRoms /t REG_DWORD /d 1 /f
  210. ::Disallow remote access to floppy disks
  211. reg ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AllocateFloppies /t REG_DWORD /d 1 /f
  212. ::Disable auto Admin logon
  213. reg ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_DWORD /d 0 /f
  214. ::Clear page file (Will take longer to shutdown)
  215. reg ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v ClearPageFileAtShutdown /t REG_DWORD /d 1 /f
  216. ::Prevent users from installing printer drivers
  217. reg ADD "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers" /v AddPrinterDrivers /t REG_DWORD /d 1 /f
  218. ::Add auditing to Lsass.exe
  219. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe" /v AuditLevel /t REG_DWORD /d 00000008 /f
  220. ::Enable LSA protection
  221. reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 00000001 /f
  222. ::Limit use of blank passwords
  223. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v LimitBlankPasswordUse /t REG_DWORD /d 1 /f
  224. ::Auditing access of Global System Objects
  225. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v auditbaseobjects /t REG_DWORD /d 1 /f
  226. ::Auditing Backup and Restore
  227. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v fullprivilegeauditing /t REG_DWORD /d 1 /f
  228. ::Restrict Anonymous Enumeration #1
  229. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t REG_DWORD /d 1 /f
  230. ::Restrict Anonymous Enumeration #2
  231. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymoussam /t REG_DWORD /d 1 /f
  232. ::Disable storage of domain passwords
  233. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v disabledomaincreds /t REG_DWORD /d 1 /f
  234. ::Take away Anonymous user Everyone permissions
  235. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v everyoneincludesanonymous /t REG_DWORD /d 0 /f
  236. ::Allow Machine ID for NTLM
  237. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v UseMachineId /t REG_DWORD /d 0 /f
  238. ::Do not display last user on logon
  239. reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v dontdisplaylastusername /t REG_DWORD /d 1 /f
  240. ::Enable UAC
  241. reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
  242. ::UAC setting (Prompt on Secure Desktop)
  243. reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t REG_DWORD /d 1 /f
  244. ::Enable Installer Detection
  245. reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableInstallerDetection /t REG_DWORD /d 1 /f
  246. ::Disable undocking without logon
  247. reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v undockwithoutlogon /t REG_DWORD /d 0 /f
  248. ::Enable CTRL+ALT+DEL
  249. reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCAD /t REG_DWORD /d 0 /f
  250. ::Max password age
  251. reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v MaximumPasswordAge /t REG_DWORD /d 15 /f
  252. ::Disable machine account password changes
  253. reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v DisablePasswordChange /t REG_DWORD /d 1 /f
  254. ::Require strong session key
  255. reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v RequireStrongKey /t REG_DWORD /d 1 /f
  256. ::Require Sign/Seal
  257. reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v RequireSignOrSeal /t REG_DWORD /d 1 /f
  258. ::Sign Channel
  259. reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v SignSecureChannel /t REG_DWORD /d 1 /f
  260. ::Seal Channel
  261. reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v SealSecureChannel /t REG_DWORD /d 1 /f
  262. ::Set idle time to 45 minutes
  263. reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v autodisconnect /t REG_DWORD /d 45 /f
  264. ::Require Security Signature - Disabled pursuant to checklist:::
  265. reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v enablesecuritysignature /t REG_DWORD /d 0 /f
  266. ::Enable Security Signature - Disabled pursuant to checklist:::
  267. reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v requiresecuritysignature /t REG_DWORD /d 0 /f
  268. ::Clear null session pipes
  269. reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v NullSessionPipes /t REG_MULTI_SZ /d "" /f
  270. ::Restict Anonymous user access to named pipes and shares
  271. reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v NullSessionShares /t REG_MULTI_SZ /d "" /f
  272. ::Encrypt SMB Passwords
  273. reg ADD HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters /v EnablePlainTextPassword /t REG_DWORD /d 0 /f
  274. ::Clear remote registry paths
  275. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedExactPaths /v Machine /t REG_MULTI_SZ /d "" /f
  276. ::Clear remote registry paths and sub-paths
  277. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths /v Machine /t REG_MULTI_SZ /d "" /f
  278. ::Enable smart screen for IE8
  279. reg ADD "HKCU\Software\Microsoft\Internet Explorer\PhishingFilter" /v EnabledV8 /t REG_DWORD /d 1 /f
  280. ::Enable smart screen for IE9 and up
  281. reg ADD "HKCU\Software\Microsoft\Internet Explorer\PhishingFilter" /v EnabledV9 /t REG_DWORD /d 1 /f
  282. ::Disable IE password caching
  283. reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v DisablePasswordCaching /t REG_DWORD /d 1 /f
  284. ::Warn users if website has a bad certificate
  285. reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v WarnonBadCertRecving /t REG_DWORD /d 1 /f
  286. ::Warn users if website redirects
  287. reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v WarnOnPostRedirect /t REG_DWORD /d 1 /f
  288. ::Enable Do Not Track
  289. reg ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v DoNotTrack /t REG_DWORD /d 1 /f
  290. reg ADD "HKCU\Software\Microsoft\Internet Explorer\Download" /v RunInvalidSignatures /t REG_DWORD /d 1 /f
  291. reg ADD "HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings" /v LOCALMACHINE_CD_UNLOCK /t REG_DWORD /d 1 /f
  292. reg ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v WarnonZoneCrossing /t REG_DWORD /d 1 /f
  293. ::Show hidden files
  294. reg ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 1 /f
  295. ::Disable sticky keys
  296. reg ADD "HKU\.DEFAULT\Control Panel\Accessibility\StickyKeys" /v Flags /t REG_SZ /d 506 /f
  297. ::Show super hidden files
  298. reg ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
  299. ::Disable dump file creation
  300. reg ADD HKLM\SYSTEM\CurrentControlSet\Control\CrashControl /v CrashDumpEnabled /t REG_DWORD /d 0 /f
  301. ::Disable autoruns
  302. reg ADD HKCU\SYSTEM\CurrentControlSet\Services\CDROM /v AutoRun /t REG_DWORD /d 1 /f
  303. echo Managed registry keys
  304. pause
  305. cls
  306. goto ManUsers
  307.  
  308. :ManUsers
  309. echo ======================================
  310. echo = Manage Users =
  311. echo ======================================
  312. net user > C:\Users\%username%\Desktop\Users.txt
  313. echo Please look through the list of users and remove any unauthorized users.
  314. start C:\Users\%username%\Desktop\Users.txt
  315. start lusrmgr.msc
  316. pause
  317. cls
  318. goto misc
  319.  
  320. :misc
  321. echo ======================================
  322. echo = Misc Settings =
  323. echo ======================================
  324. echo Setting power settings...
  325. powercfg -SETDCVALUEINDEX SCHEME_BALANCED SUB_NONE CONSOLELOCK 1
  326. powercfg -SETDCVALUEINDEX SCHEME_MIN SUB_NONE CONSOLELOCK 1
  327. powercfg -SETDCVALUEINDEX SCHEME_MAX SUB_NONE CONSOLELOCK 1
  328. echo Set power settings
  329. goto NetSh
  330.  
  331. :NetSh
  332. echo ======================================
  333. echo = Network Shares =
  334. echo ======================================
  335. Sending Network shares to C:\Users\%username%\Desktop\Netshare.txt
  336. net share > C:\Users\%username%\Desktop\Netshare.txt
  337. start C:\Users\%username%\Desktop\Netshare.txt
  338. pause
  339. cls
  340. goto flushingDNS
  341.  
  342. :flushingDNS
  343. echo ======================================
  344. echo = Flush the DNS =
  345. echo ======================================
  346. echo Flushing DNS
  347. ipconfig /flushdns >nul
  348. echo Flushed DNS
  349. echo Clearing contents of: C:\Windows\System32\drivers\etc\hosts
  350. attrib -r -s C:\WINDOWS\system32\drivers\etc\hosts
  351. echo > C:\Windows\System32\drivers\etc\hosts
  352. attrib +r +s C:\WINDOWS\system32\drivers\etc\hosts
  353. echo Cleared hosts file
  354. pause
  355. cls
  356. goto FlashingUsersAndPrograms
  357.  
  358. :FlashingUsersAndPrograms
  359. echo ===============================
  360. echo = Flashing users and Programs =
  361. echo ===============================
  362. echo Flashing Disk to .flashed Files to reference....
  363. dir /b /s "C:\Program Files\" > programfiles.flashed
  364. dir /b /s "C:\Program Files (x86)\" >> programfiles.flashed
  365. echo Program Files flashed
  366. dir /b /s "C:\Users\" > users.flashed
  367. dir /b /s "C:\Documents and Settings" >> users.flashed
  368. echo User profiles flashed
  369. dir /b /s "C:\" > c.flashed
  370. echo C:\ Flashed
  371. pause
  372. echo Finding media files in C:\Users and/or C:\Documents and Settings...
  373. findstr .mp3 users.flashed >NUL
  374. if %errorlevel%==0 where /r c:\Users\ *.mp3 > media_audio
  375. findstr .ac3 users.flashed >NUL
  376. if %errorlevel%==0 where /r c:\Users\ *.ac3 >> media_audio
  377. findstr .aac users.flashed >NUL
  378. if %errorlevel%==0 where /r c:\Users\ *.aac >> media_audio
  379. findstr .aiff users.flashed >NUL
  380. if %errorlevel%==0 where /r c:\Users\ *.aiff >> media_audio
  381. findstr .flac users.flashed >NUL
  382. if %errorlevel%==0 where /r c:\Users\ *.flac >> media_audio
  383. findstr .m4a users.flashed >NUL
  384. if %errorlevel%==0 where /r c:\Users\ *.m4a >> media_audio
  385. findstr .m4p users.flashed >NUL
  386. if %errorlevel%==0 where /r c:\Users\ *.m4p >> media_audio
  387. findstr .midi users.flashed >NUL
  388. if %errorlevel%==0 where /r c:\Users\ *.midi >> media_audio
  389. findstr .mp2 users.flashed >NUL
  390. if %errorlevel%==0 where /r c:\Users\ *.mp2 >> media_audio
  391. findstr .m3u users.flashed >NUL
  392. if %errorlevel%==0 where /r c:\Users\ *.m3u >> media_audio
  393. findstr .ogg users.flashed >NUL
  394. if %errorlevel%==0 where /r c:\Users\ *.ogg >> media_audio
  395. findstr .vqf users.flashed >NUL
  396. if %errorlevel%==0 where /r c:\Users\ *.vqf >> media_audio
  397. findstr .wav users.flashed >NUL
  398. if %errorlevel%==0 where /r c:\Users\ *.wav >> media_audio
  399. findstr .wma users.flashed >NUL
  400. if %errorlevel%==0 where /r c:\Users\ *.wma >> media_video
  401. findstr .mp4 users.flashed >NUL
  402. if %errorlevel%==0 where /r c:\Users\ *.mp4 >> media_video
  403. findstr .avi users.flashed >NUL
  404. if %errorlevel%==0 where /r c:\Users\ *.avi >> media_video
  405. findstr .mpeg4 users.flashed >NUL
  406. if %errorlevel%==0 where /r c:\Users\ .mpeg4 >> media_video
  407. REM BREAKLINE
  408. findstr .gif users.flashed >NUL
  409. if %errorlevel%==0 where /r c:\Users\ *.gif >> media_pics
  410. findstr .png users.flashed >NUL
  411. if %errorlevel%==0 where /r c:\Users\ *.png >> media_pics
  412. findstr .bmp users.flashed >NUL
  413. if %errorlevel%==0 where /r c:\Users\ *.bmp >> media_pics
  414. findstr .jpg users.flashed >NUL
  415. if %errorlevel%==0 where /r c:\Users\ .jpg >> media_pics
  416. findstr .jpeg users.flashed >NUL
  417. if %errorlevel%==0 where /r c:\Users\ .jpeg >> media_pics
  418. C:\WINDOWS\system32\notepad.exe media_video
  419. C:\WINDOWS\system32\notepad.exe media_audio
  420. C:\WINDOWS\system32\notepad.exe media_pics
  421. echo Finding Hacktools now...
  422. findstr "Cain" programfiles.flashed
  423. if %errorlevel%==0 (
  424. echo Cain detected. Please take note, then press any key.
  425. pause >NUL
  426. )
  427. cls
  428. findstr "nmap" programfiles.flashed
  429. if %errorlevel%==0 (
  430. echo Nmap detected. Please take note, then press any key.
  431. pause >NUL
  432. )
  433. cls
  434. findstr "keylogger" programfiles.flashed
  435. if %errorlevel%==0 (
  436. echo Potential keylogger detected. Please take note, then press any key.
  437. pause >NUL
  438. )
  439. cls
  440. findstr "Armitage" programfiles.flashed
  441. if %errorlevel%==0 (
  442. echo Potential Armitage detected. Please take note, then press any key.
  443. pause >NUL
  444. )
  445. cls
  446. findstr "Metasploit" programfiles.flashed
  447. if %errorlevel%==0 (
  448. echo Potential Metasploit framework detected. Please take note, then press any key.
  449. pause >NUL
  450. )
  451. cls
  452. findstr "Shellter" programfiles.flashed
  453. if %errorlevel%==0 (
  454. echo Potential Shellter detected. Please take note, then press any key.
  455. pause >NUL
  456. )
  457. goto rdp
  458.  
  459. :rdp
  460. echo ======================================
  461. echo = Remote Desktop =
  462. echo ======================================
  463. set /p rdpChk="Enable remote desktop (y/n)"
  464. if %rdpChk%==y (
  465. echo Enabling remote desktop...
  466. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowTSConnections /t REG_DWORD /d 1 /f
  467. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /f
  468. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 1 /f
  469. REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
  470. netsh advfirewall firewall set rule group="remote desktop" new enable=yes
  471. echo Please select "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)"
  472. start SystemPropertiesRemote.exe /wait
  473. pause
  474. echo Enabled remote desktop
  475. goto:QuitNormal
  476. )
  477. if %rdpChk%==n (
  478. echo Disabling remote desktop...
  479. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
  480. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowTSConnections /t REG_DWORD /d 0 /f
  481. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 0 /f
  482. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
  483. netsh advfirewall firewall set rule group="remote desktop" new enable=no
  484. echo Disabled remote desktop
  485. goto:QuitNormal
  486. )
  487. if %rdpChk%==Y (
  488. echo Enabling remote desktop...
  489. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowTSConnections /t REG_DWORD /d 1 /f
  490. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /f
  491. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 1 /f
  492. REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
  493. netsh advfirewall firewall set rule group="remote desktop" new enable=yes
  494. echo Please select "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)"
  495. start SystemPropertiesRemote.exe /wait
  496. pause
  497. echo Enabled remote desktop
  498. goto:QuitNormal
  499. )
  500. if %rdpChk%==N (
  501. echo Disabling remote desktop...
  502. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
  503. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowTSConnections /t REG_DWORD /d 0 /f
  504. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 0 /f
  505. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
  506. netsh advfirewall firewall set rule group="remote desktop" new enable=no
  507. echo Disabled remote desktop
  508. goto:QuitNormal
  509. )
  510. echo Invalid input %rdpChk%
  511. goto rdp
  512.  
  513. :QuitAdmin
  514. echo Please Run as Admin before continuing!
  515. pause
  516. exit
  517.  
  518. :QuitNormal
  519. cls
  520. echo ======================================
  521. echo = All done! =
  522. echo ======================================
  523. echo You are all done! Just look over your checklist and go through it!
  524. pause
  525. exit
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!