This set of batchfiles is the product of an evening spent online with nothing to do. I was reading up on the Windows command line, stuff I haven't touched since class 8 or so, and the end result isn't particularly useful (except to show your friends why Autorun should always be disabled on Windows XP.)
To see what it does, copy these files onto a pen drive with the same names:
hendrix.m3u (This file must not be hidden)
The first batchfile, grue.bat is launched by autorun.inf when you double click on the pen drive. This batchfile opens itself recursively in minimised mode before quitting. It then copies Hendrix.m3u into C:\Documents and Settings\All Users\Start Menu\Programs\Startup, under the name syslock.bat, and then deletes C:\NTDETECT.COM before shutting down. As soon as the user logs in again syslock.bat is launched, which forces a shutdown. Congratulations, you're locked out of your computer!
One problem was that syslock.bat could not be a hidden file if it was to be copied into the startup folder. So I hid it in plain sight as a music playlist with the .M3U extension. There's probably a way to copy hidden files in DOS, but this works well enough for my purposes.
Fixing the damage done by the batchfile is straightforward - remove syslock.bat, then restore NTDETECT.COM (copy it from any other Windows installation.) You could connect the hard disk as a slave to do this but it's easier with BartPE (Preinstalled Environment), or a Linux live CD plus the drivers to write to an NTFS partition.
So there are essentially two things to learn from this:
(1) You can do a lot with batchfiles. Not as much as a shell script in Linux, but it's still neat!
(2) Antiviruses don't consider a batchfile a threat. How would they react to a more malicious script, I wonder.
No comments:
Post a Comment