Show Posts
1
RogueKiller / RKCMD.bat pour télécharger et scanner avec RogueKillerCMD en ligne de commande
« on: February 27, 2017, 01:32:47 AM »
@Curson
Un grand merci a vous pour ces informations qui peuvent m'avancer à mettre à jour ce script au fur et à mesure et voici le code source complet après avoir lu ce que vous m'avez posté comme documentation sur RogueKillerCMD
Vous pouvez aussi le retrouver dans pastebin.com : RKCMD.bat
Un grand merci a vous pour ces informations qui peuvent m'avancer à mettre à jour ce script au fur et à mesure et voici le code source complet après avoir lu ce que vous m'avez posté comme documentation sur RogueKillerCMD
Vous pouvez aussi le retrouver dans pastebin.com : RKCMD.bat
Code: [Select]
@echo off
Title Download the last version of RogueKillerCMD and perform a scan by Hackoo 2017
REM First release on 20/02/2017 @ 06:15
REM Update on 27/02/2017 @ 01:10 Check if PowerShell v2 is installed or not on Windows XP
REM Many thanks to Curson for providing me more informations about RogueKillerCMD to update this script
REM https://forum.adlice.com/index.php?topic=3299.msg7343#msg7343
Color 9E & Mode con cols=100 lines=3
:::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights
:::::::::::::::::::::::::::::::::::::::::
REM --> Check for permissions
Reg query "HKU\S-1-5-19\Environment" >nul 2>&1
REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
Echo.
ECHO **************************************
ECHO Running Admin shell... Please wait...
ECHO **************************************
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B
:gotAdmin
::::::::::::::::::::::::::::
::START
::::::::::::::::::::::::::::
REM If PowerShell 2 is not installed, this script will automatically download and install it.
REM Only works on XP SP3 with .NET 3.5. Only for dev boxes, not designed for servers.
REM Based on http://blog.codeassassin.com/2009/12/10/no-web-browser-need-powershell/
REM This portion of script is copied from this URL : https://gist.github.com/tathamoddie/509197
ver | find "XP" > nul
if %ERRORLEVEL% neq 0 goto not_xp
ver | find "5.1.2600" > nul
if %ERRORLEVEL% neq 0 goto not_xp_sp3
if not exist "%systemroot%\microsoft.net\framework\v3.5\csc.exe" goto not_netfx_35
if not exist "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" goto install
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -command "exit $PSVersionTable.PSVersion.Major"
set PSVer=%errorlevel%
if %PSVer% geq 2 goto already_installed
echo PowerShell %PSVer% is currently installed (but will be upgraded)
pause
:install
echo PowerShell 2 is required for this script but is not installed on your machine.
echo It will now be installed automatically.
pause
echo Downloading PowerShell 2
echo class Program { public static void Main() { >"%~dpn0.cs"
echo using (var wc = new System.Net.WebClient()) { >>"%~dpn0.cs"
echo wc.UseDefaultCredentials = true; >>"%~dpn0.cs"
echo wc.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials; >>"%~dpn0.cs"
echo wc.DownloadFile(@"http://download.microsoft.com/download/E/C/E/ECE99583-2003-455D-B681-68DB610B44A4/WindowsXP-KB968930-x86-ENG.exe", @"%~dpn0.installer.exe");}}} >>"%~dpn0.cs"
"%systemroot%\microsoft.net\framework\v3.5\csc.exe" /nologo /out:"%~dpn0.exe" "%~dpn0.cs"
Start /wait "%~dpn0.exe"
if %errorlevel% neq 0 goto :EOF
echo Installing PowerShell 2
"%~dpn0.installer.exe"
set InstallResult=%errorlevel%
if %InstallResult% neq 0 goto install_failed
del "%~dpn0.cs"
del "%~dpn0.exe"
del "%~dpn0.installer.exe"
goto :EOF
:install_failed
echo PowerShell 2 installation failed.
exit 1
goto :EOF
:not_xp
echo This script only expects to work on XP, which is not your OS.
echo Install PowerShell manually from http://microsoft.com/powershell
goto :MainScript
exit 1
:not_xp_sp3
echo This script requires XP SP3. Install now from:
echo http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E
exit 1
goto :EOF
:not_netfx_35
echo This script requires .NET Framework 3.5. Install now from:
echo http://www.microsoft.com/downloads/details.aspx?FamilyId=333325FD-AE52-4E35-B531-508D977D32A6
exit 1
goto :EOF
:already_installed
echo PowerShell 2 or higher is already installed at %SystemRoot%\system32\WindowsPowerShell\
goto :MainScript
::****************************************************************************************************
:MainScript
Title Download the last version of RogueKillerCMD and perform a scan by Hackoo 2017
REM Initialize our variables
Set "RKCMD="
Set "URL="
REM Determine if the OS is (32/64 bits) to set the correct URL for the download.
IF /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
Set "URL=http://download.adlice.com/RogueKillerCMD/RogueKillerCMD.exe"
) else (
Set "URL=http://download.adlice.com/RogueKillerCMD/RogueKillerCMDX64.exe"
)
REM To extract the name of the file to be download from the URL.
For %%F in (%URL%) Do (
Set "RKCMD=%%~nxF"
Set "RKCMD_Name=%%~nF"
)
REM If there is any previous version of RogueKillerCMD we delete it.
If Exist "%Temp%\%RKCMD%" Del "%Temp%\%RKCMD%"
REM We download the last version of RogueKillerCMD from its original web site.
If Not Exist "%Temp%\%RKCMD%" (
echo(
echo Please wait a while ... Downloading the last version of "%RKCMD_Name%" is in progress ...
Call:Download "%URL%" "%Temp%\%RKCMD%"
Call:ReportName
)
REM We Call "RogueKillerCMD" to perform a scan and get its report in html format.
Title %Date% @ %Time% Please wait... Scanning with "%RKCMD_Name%" is in progress ...
Color 0E & Mode con cols=100 lines=15
Call "%Temp%\%RKCMD%" -scan -dont_ask -params "-nokill -autodelete -nopop -nodriver -reportformat html -reportpath """%Report%""""
Start "" "%Report%"
Exit
::*********************************************************************************
:Download <url> <File>
Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('%1','%2')"
exit /b
::*********************************************************************************
:ReportName
for /f "delims=" %%a in ('wmic OS Get localdatetime ^| find "."') do set "dt=%%a"
set datestamp=%dt:~0,8%
set timestamp=%dt:~8,6%
set YYYY=%dt:~0,4%
set MM=%dt:~4,2%
set DD=%dt:~6,2%
set HH=%dt:~8,2%
set Min=%dt:~10,2%
set Sec=%dt:~12,2%
set "stamp=%DD%-%MM%-%YYYY%_%HH%_%Min%"
Set "Report=%~dp0RK_Report_%stamp%.html"
Exit /b
::*********************************************************************************
