[网络工具] WMIC的应用：一个远程开启TELNET服务的批处理

@ECHO OFF
IF "%1" EQU "/?" GOTO :HELP
IF "%1"# EQU ""# GOTO :HELP

SET "TEMP_HOST=%1"
SET "TEMP_PORT=%4"
SET "TEMP_NTLM=%5"
SET "TEMP_ITEM=Software\Microsoft\TelnetServer\1.0"

SET "WMIC_REGEDIT=WMIC /NODE:"%TEMP_HOST:~2%" /USER:"%2" /PASSWORD:"%~3" /NAMESPACE:\\ROOT\DEFAULT PATH STDREGPROV CALL"
SET "WMIC_SERVICE=WMIC /NODE:"%TEMP_HOST:~2%" /USER:"%2" /PASSWORD:"%~3" /NAMESPACE:\\ROOT\CIMV2 PATH WIN32_SERVICE WHERE NAME"

IF "%TEMP_PORT%" EQU "" SET "TEMP_PORT=23"
IF "%TEMP_NTLM%" EQU "" SET "TEMP_NTLM=01"

IF %TEMP_PORT% GTR 1024 ECHO.错误的连接端口,应该小于1024.&EXIT /B
IF %TEMP_NTLM% GTR 0002 ECHO.错误的 NTLM 验证方式[0,1,2].&EXIT /B

IF "%TEMP_NTLM%" EQU "0" SET "TEMP_NTLM=4"
IF "%TEMP_NTLM%" EQU "1" SET "TEMP_NTLM=6"
IF "%TEMP_NTLM%" EQU "2" SET "TEMP_NTLM=2"

FOR /F "USEBACKQ SKIP=3 TOKENS=2,* DELIMS==" %%A IN (`"(WMIC /NODE:"%TEMP_HOST:~2%" /USER:"%2" /PASSWORD:%3 OS GET NAME)2<&1"`) DO (ECHO.错误...%%A&EXIT /B)

SET "SEARCH____,#1=FOR /F "USEBACKQ SKIP=6 TOKENS=3 DELIMS= " %%A IN (`"%WMIC_REGEDIT% GETDWORDVALUE ^^^&H80000002^,"%TEMP_ITEM%"^,"#1""`) DO (SET DEFAULT_=%%A)"
SET "SEARCH____,#2=FOR /F "USEBACKQ SKIP=1 TOKENS=1,2 DELIMS= " %%A IN (`"%WMIC_SERVICE%='#2' GET STARTMODE,STATE 2^>NUL"`) DO (SET MODE_#2=%%A&SET STAT_#2=%%B)"

%SEARCH____,#1:#1=TelnetPort%
SET DEFAULT_PORT=%DEFAULT_:~0,-1%

%SEARCH____,#1:#1=SecurityMechanism%
SET DEFAULT_NTLM=%DEFAULT_:~0,-1%

%SEARCH____,#2:#2=TLNTSVR%
SET MODE_TLNTSVR=%MODE_TLNTSVR%
SET STAT_TLNTSVR=%STAT_TLNTSVR%

IF "%STAT_TLNTSVR%" EQU "" ECHO.TELNET 服务不存在.&EXIT /B

%SEARCH____,#2:#2=NTLMSSP%
SET MODE_NTLMSSP=%MODE_NTLMSSP%
SET STAT_NTLMSSP=%STAT_NTLMSSP%

SET "CHANGE_PORT=%WMIC_REGEDIT% SETDWORDVALUE ^&H80000002,"%TEMP_ITEM%","TelnetPort","%TEMP_PORT%""
SET "CHANGE_NTLM=%WMIC_REGEDIT% SETDWORDVALUE ^&H80000002,"%TEMP_ITEM%","SecurityMechanism","%TEMP_NTLM%""

FOR /F "USEBACKQ SKIP=5 TOKENS=3 DELIMS= " %%A IN (`"%CHANGE_PORT%"`) DO (SET RETURN=%%A)
IF NOT "%RETURN%" EQU "0;" ECHO.错误...%RETURN%更改连接端口失败.&EXIT /B

FOR /F "USEBACKQ SKIP=5 TOKENS=3 DELIMS= " %%A IN (`"%CHANGE_NTLM%"`) DO (SET RETURN=%%A)
IF NOT "%RETURN%" EQU "0;" ECHO.错误...%RETURN%更改 NTLM 验证方式失败.&EXIT /B

CLS
CALL :HELP
ECHO.-------------------------------------------------------------------------------
ECHO.正在连接到: %TEMP_HOST:~2%, 端口: %TEMP_PORT% ...

%WMIC_SERVICE%='ntlmssp' CALL CHANGESTARTMODE >NUL 2>NUL
%WMIC_SERVICE%='tlntsvr' CALL CHANGESTARTMODE >NUL 2>NUL

IF /I "%STAT_NTLMSSP%" EQU "Stopped" %WMIC_SERVICE%='ntlmssp' CALL STARTSERVICE>NUL 2>NUL
IF /I "%STAT_TLNTSVR%" EQU "Running" %WMIC_SERVICE%='tlntsvr' CALL STOPSERVICE >NUL 2>NUL

FOR /F "USEBACKQ SKIP=4 TOKENS=3 DELIMS= " %%A IN (`"%WMIC_SERVICE%='tlntsvr' CALL STARTSERVICE"`) DO (SET RETURN=%%A)
IF NOT "%RETURN%" EQU "0;" ECHO.错误...%RETURN%TELNET 服务无法启动.&EXIT /B

IF EXIST %WINDIR%\SYSTEM32\TELNET.EXE (TELNET %TEMP_HOST:~2% %TEMP_PORT%) ELSE (ECHO.'Telnet.exe' 文件丢失.)

IF "%6" EQU "/R" (
ECHO.
ECHO.正在恢复默认配置 ...
%WMIC_REGEDIT% SETDWORDVALUE ^&H80000002,"%TEMP_ITEM%","TelnetPort","%DEFAULT_PORT%" >NUL 2>NUL
%WMIC_REGEDIT% SETDWORDVALUE ^&H80000002,"%TEMP_ITEM%","SecurityMechanism","%DEFAULT_NTLM%" >NUL 2>NUL

%WMIC_SERVICE%='ntlmssp' CALL CHANGESTARTMODE %MODE_NTLMSSP% >NUL 2>NUL
%WMIC_SERVICE%='tlntsvr' CALL CHANGESTARTMODE %MODE_TLNTSVR% >NUL 2>NUL

%WMIC_SERVICE%='tlntsvr' CALL STOPSERVICE >NUL 2>NUL

IF /I "%STAT_TLNTSVR%" EQU "Running" %WMIC_SERVICE%='tlntsvr' CALL STARTSERVICE>NUL 2>NUL
IF /I "%STAT_NTLMSSP%" EQU "Stopped" %WMIC_SERVICE%='ntlmssp' CALL STOPSERVICE >NUL 2>NUL

)
EXIT /B
:HELP
CLS
ECHO.
ECHO. 作者:lxzzr E-mail:lxzzr@21cn.com 2010/02/07/21:00
ECHO.
ECHO. 这是一个以标准方式开启远程 TELNET 服务的脚本.
ECHO. 需要 RPC 服务支持及管理员权限,不依赖 IPC 服务,可以自定义 NTLM 验证方式及连接端口,默认连接端口:23.
ECHO.
ECHO. NTLM 验证方式:
ECHO. 0.不使用 NTLM 验证;
ECHO. 1.先使用 NTLM 验证,如果失败再使用用户名和密码 (默认);
ECHO. 2.只使用 NTLM 验证;
ECHO.
ECHO. 如果指定了 /R 参数,那么则在退出时恢复远程主机的默认配置.
ECHO.
ECHO. 格式: %~n0 \\远程IP ^<用户名^> ^<密码^> Telnet端口 NTLM验证方式 /R
GOTO :EOF
复制代码