記錄每次進入3389遠程桌面IP的批處理bat
2020-06-09 13:50:10
供稿:網友
下面的代碼復制一下存成一個批處理文件后雙擊即可!
代碼如下:
MD C:/WINDOWS/PDPLOG
echo date /t ^>^>RDPlog.txt >>C:/WINDOWS/PDPLOG/PdPLOG.CMD
echo time /t ^>^>RDPlog.txt >>C:/WINDOWS/PDPLOG/PdPLOG.CMD
echo netstat -n -p tcp ^| find ":3389"^>^>RDPlog.txt >>C:/WINDOWS/PDPLOG/PdPLOG.CMD
echo start Explorer >>C:/WINDOWS/PDPLOG/PdPLOG.CMD
:: 添加用戶每次進入遠程桌面時自動記錄下來所用IP����,可用來發現黑客蹤跡�����!
REG ADD "HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Control/Terminal Server/WinStations/RDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f
REG ADD "HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Control/Terminal Server/WinStations/RDP-Tcp" /v WorkDirectory /t REG_SZ /d C:/WINDOWS/PDPLOG/ /f
REG ADD "HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Control/Terminal Server/WinStations/RDP-Tcp" /v InitialProgram /t REG_SZ /d "C:/WINDOWS/PDPLOG/PdPLOG.CMD" /f
REG ADD "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f
REG ADD "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp" /v WorkDirectory /t REG_SZ /d C:/WINDOWS/PDPLOG/ /f
REG ADD "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp" /v InitialProgram /t REG_SZ /d "C:/WINDOWS/PDPLOG/PdPLOG.CMD" /f
Echo 記錄遠程桌面IP策略添加完畢! 請按任意鍵退出!
PAUSE >nul
echo netstat -n -p tcp ^| find ":3389"^>^>RDPlog.txt >>C:/WINDOWS/PDPLOG/PdPLOG.CMD
上面一句中有個3389數字�����,這個是遠程桌面的默認端口�����。
如果更改遠程桌面的朋友�,需要將3389替換為你更改的端口�����。
查看記錄的地方在C:/WINDOWS/PDPLOG/RDPlog.txt
