Rcmd.vbs [Remote Cmd with wmi]远程脚本
程序员文章站
2022-07-04 20:27:49
复制代码 代码如下:on error resume next set outstreem=wscript.stdout if (lcase(right(wscript.fu...
复制代码 代码如下:
on error resume next
set outstreem=wscript.stdout
if (lcase(right(wscript.fullname,11))="wscript.exe") then
set objshell=wscript.createobject("wscript.shell")
objshell.run("cmd.exe /k cscript //nologo "&chr(34)&wscript.scriptfullname&chr(34))
wscript.quit
end if
if wscript.arguments.count<4 then
usage()
wscript.echo "not enough parameters."
wscript.quit
end if
ip=wscript.arguments(0)
username=wscript.arguments(1)
password=wscript.arguments(2)
cmdstr=wscript.arguments(3)
echostr=wscript.arguments(4)
foldername="c:\\windows\\temp\\"
wsh.echo "conneting "&ip&" ...."
set objlocator=createobject("wbemscripting.swbemlocator")
set objswbemservices=objlocator.connectserver(ip,"root/cimv2",username,password)
showerror(err.number)
set win_process=objswbemservices.get("win32_processstartup")
set hide_windows=win_process.spawninstance_
hide_windows.showwindow=12
set rcmd=objswbemservices.get("win32_process")
set colfiles = objswbemservices.execquery _
("select * from cim_datafile where name = '"&foldername&"read.vbs'")
if colfiles.count = 0 then
wsh.echo "not found read.vbs! create now!"
create_read()
end if
if echostr = "0" then
msg=rcmd.create("cmd /c "&cmdstr,null,hide_windows,intprocessid)
else
msg=rcmd.create("cmd /c cscript %windir%\temp\read.vbs """&cmdstr&"""",null,hide_windows,intprocessid)
end if
if msg = 0 then
wsh.echo "command success..."
else
showerror(err.number)
end if
wsh.echo "please wait 3 second ...."
wsh.sleep(3000)
set stdout = wscript.stdout
set oreg=objlocator.connectserver(ip,"root/default",username,password).get("stdregprov")
oreg.getmultistringvalue &h80000002,"software\clients","cmd" ,arrvalues
wsh.echo string(79,"*")
wsh.echo cmdstr&chr(13)&chr(10)
'wsh.echo arrvalues
for each strvalue in arrvalues
stdout.writeline strvalue
next
oreg.deletevalue &h80000002,"software\clients","cmd"
sub create_read()
runyn =rcmd.create("cmd /c echo set ws=wscript.createobject(^""wscript.shell^"")> %windir%\temp\read.vbs"_
&"&&echo str=ws.exec(^""cmd /c ^""^&wscript.arguments(0)).stdout.readall:set ws=nothing>> %windir%\temp\read.vbs"_
&"&&echo set oreg=getobject(^""winmgmts:{impersonationlevel=impersonate}!\\.\root\default:stdregprov^"")>> %windir%\temp\read.vbs"_
&"&&echo oreg.setmultistringvalue ^&h80000002,^""software\clients^"",^""cmd^"",array(str) >> %windir%\temp\read.vbs",null,hide_windows,intprocessid)
if runyn = 0 then
wsh.echo "read.vbs created!!!"
else
showerror(err.number)
end if
end sub
function showerroronly(errornumber)
if errornumber then
wsh.echo "error 0x"&cstr(hex(err.number))&" ."
if err.description <> "" then
wsh.echo "error description: "&err.description&"."
end if
wscript.quit
else
outstreem.write "."
end if
end function
sub usage()
wsh.echo string(79,"*")
wsh.echo "rcmd v1.01 by netpatch"
wsh.echo "usage:"
wsh.echo "cscript "&wscript.scriptfullname&" targetip username password command"
wsh.echo "cscript "&wscript.scriptfullname&" targetip username password command 0 //no echo"
wsh.echo string(79,"*")&vbcrlf
end sub